Backup Cryptpad

2022-05-10 15:58:09 +02:00 · 2022-05-10 15:58:09 +02:00 · 52f14f9da2
commit 52f14f9da2
parent 8cd2f72926
6 changed files with 76 additions and 0 deletions
--- a/app/cryptpad/deploy/backup.hcl
+++ b/app/cryptpad/deploy/backup.hcl
@ -0,0 +1,57 @@
+job "cryptpad_backup" {
+  datacenters = ["neptune"]
+  type = "batch"
+
+  priority = "60"
+
+  periodic {
+    cron = "@daily"
+    // Do not allow overlapping runs.
+    prohibit_overlap = true
+  }
+
+  group "backup-cryptpad" {
+    constraint {
+      attribute = "${attr.unique.hostname}"
+      operator = "="
+      value = "courgette"
+    }
+
+    task "main" {
+      driver = "docker"
+
+      config {
+        image = "restic/restic:0.12.1"
+        entrypoint = [ "/bin/sh", "-c" ]
+        args = [ "restic backup /cryptpad && restic forget --keep-within 1m1d --keep-within-weekly 3m --keep-within-monthly 1y && restic prune --max-unused 50% --max-repack-size 2G && restic check" ]
+        volumes = [
+          "/mnt/storage/cryptpad:/cryptpad"
+        ]
+      }
+
+      template {
+        data = <<EOH
+AWS_ACCESS_KEY_ID={{ key "secrets/cryptpad_backup/backup_aws_access_key_id" }}
+AWS_SECRET_ACCESS_KEY={{ key "secrets/cryptpad_backup/backup_aws_secret_access_key" }}
+RESTIC_REPOSITORY={{ key "secrets/cryptpad_backup/backup_restic_repository" }}
+RESTIC_PASSWORD={{ key "secrets/cryptpad_backup/backup_restic_password" }}
+EOH
+
+         destination = "secrets/env_vars"
+         env = true
+      }
+
+      resources {
+        cpu = 500
+        memory = 200
+      }
+
+      restart {
+        attempts = 2
+        interval = "30m"
+        delay = "15s"
+        mode = "fail"
+      }
+    }
+  }
+}
--- a/app/cryptpad/secrets/cryptpad_backup/backup_aws_access_key_id
+++ b/app/cryptpad/secrets/cryptpad_backup/backup_aws_access_key_id
@ -0,0 +1 @@
+USER Backup AWS access key ID
--- a/app/cryptpad/secrets/cryptpad_backup/backup_aws_secret_access_key
+++ b/app/cryptpad/secrets/cryptpad_backup/backup_aws_secret_access_key
@ -0,0 +1 @@
+USER Backup AWS secret access key
--- a/app/cryptpad/secrets/cryptpad_backup/backup_restic_password
+++ b/app/cryptpad/secrets/cryptpad_backup/backup_restic_password
@ -0,0 +1 @@
+USER Restic password to encrypt backups
--- a/app/cryptpad/secrets/cryptpad_backup/backup_restic_repository
+++ b/app/cryptpad/secrets/cryptpad_backup/backup_restic_repository
@ -0,0 +1 @@
+USER Restic repository, eg. s3:https://s3.garage.tld
--- a/app/shell.nix
+++ b/app/shell.nix
@ -0,0 +1,15 @@
+{
+  pkgs ? import <nixpkgs> {}
+}:
+
+with pkgs; mkShell {
+  nativeBuildInputs = [
+    nomad 
+    docker-compose
+    python39Packages.pip 
+    python39Packages.ldap 
+    python39Packages.consul 
+    python39Packages.passlib
+  ];
+}
+
				`@ -0,0 +1 @@`
				`USER Restic repository, eg. s3:https://s3.garage.tld`