tixie/nixcfg
1
0
Fork 0
forked from Deuxfleurs/nixcfg
Code Pull requests Activity

Move cryptpad backup job to backup-daily.hcl

Browse source
This commit is contained in:
Alex 2022-09-26 13:02:38 +02:00
parent 535c90b38e
commit 5b88919746
Signed by untrusted user: lx
GPG key ID: 0E496D15096376BE
7 changed files with 46 additions and 58 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

45
cluster/prod/app/backup/deploy/backup-daily.hcl
View file

@ -193,4 +193,49 @@ EOH
} }
} }
} }
group "backup-cryptpad" {
constraint {
attribute = "${attr.unique.hostname}"
operator = "="
value = "courgette"
}
task "main" {
driver = "docker"
config {
image = "restic/restic:0.12.1"
entrypoint = [ "/bin/sh", "-c" ]
args = [ "restic backup /cryptpad && restic forget --keep-within 1m1d --keep-within-weekly 3m --keep-within-monthly 1y && restic prune --max-unused 50% --max-repack-size 2G && restic check" ]
volumes = [
"/mnt/storage/cryptpad:/cryptpad"
]
}
template {
data = <<EOH
AWS_ACCESS_KEY_ID={{ key "secrets/backup/cryptpad/backup_aws_access_key_id" }}
AWS_SECRET_ACCESS_KEY={{ key "secrets/backup/cryptpad/backup_aws_secret_access_key" }}
RESTIC_REPOSITORY={{ key "secrets/backup/cryptpad/backup_restic_repository" }}
RESTIC_PASSWORD={{ key "secrets/backup/cryptpad/backup_restic_password" }}
EOH
destination = "secrets/env_vars"
env = true
}
resources {
cpu = 500
memory = 200
}
restart {
attempts = 2
interval = "30m"
delay = "15s"
mode = "fail"
}
}
}
} }

0
cluster/prod/app/cryptpad/secrets/cryptpad_backup/backup_aws_access_key_id → cluster/prod/app/backup/secrets/backup/cryptpad/backup_aws_access_key_id
View file

0
cluster/prod/app/cryptpad/secrets/cryptpad_backup/backup_aws_secret_access_key → cluster/prod/app/backup/secrets/backup/cryptpad/backup_aws_secret_access_key
View file

0
cluster/prod/app/cryptpad/secrets/cryptpad_backup/backup_restic_password → cluster/prod/app/backup/secrets/backup/cryptpad/backup_restic_password
View file

0
cluster/prod/app/cryptpad/secrets/cryptpad_backup/backup_restic_repository → cluster/prod/app/backup/secrets/backup/cryptpad/backup_restic_repository
View file

57
cluster/prod/app/cryptpad/deploy/backup.hcl
View file

@ -1,57 +0,0 @@
job "cryptpad_backup" {
datacenters = ["neptune"]
type = "batch"
priority = "60"
periodic {
cron = "@daily"
// Do not allow overlapping runs.
prohibit_overlap = true
}
group "backup-cryptpad" {
constraint {
attribute = "${attr.unique.hostname}"
operator = "="
value = "courgette"
}
task "main" {
driver = "docker"
config {
image = "restic/restic:0.12.1"
entrypoint = [ "/bin/sh", "-c" ]
args = [ "restic backup /cryptpad && restic forget --keep-within 1m1d --keep-within-weekly 3m --keep-within-monthly 1y && restic prune --max-unused 50% --max-repack-size 2G && restic check" ]
volumes = [
"/mnt/storage/cryptpad:/cryptpad"
]
}
template {
data = <<EOH
AWS_ACCESS_KEY_ID={{ key "secrets/cryptpad_backup/backup_aws_access_key_id" }}
AWS_SECRET_ACCESS_KEY={{ key "secrets/cryptpad_backup/backup_aws_secret_access_key" }}
RESTIC_REPOSITORY={{ key "secrets/cryptpad_backup/backup_restic_repository" }}
RESTIC_PASSWORD={{ key "secrets/cryptpad_backup/backup_restic_password" }}
EOH
destination = "secrets/env_vars"
env = true
}
resources {
cpu = 500
memory = 200
}
restart {
attempts = 2
interval = "30m"
delay = "15s"
mode = "fail"
}
}
}
}

2
restic-summary
View file

@ -1,5 +1,5 @@
#!/usr/bin/env bash #!/usr/bin/env bash
for svc in dovecot consul plume; do for svc in dovecot consul plume cryptpad; do
export RESTIC_REPOSITORY=`pass deuxfleurs/backups/$svc/restic_repository` export RESTIC_REPOSITORY=`pass deuxfleurs/backups/$svc/restic_repository`
export RESTIC_PASSWORD=`pass deuxfleurs/backups/$svc/restic_password` export RESTIC_PASSWORD=`pass deuxfleurs/backups/$svc/restic_password`
export AWS_ACCESS_KEY_ID=`pass deuxfleurs/backups/$svc/aws_s3_access_key` export AWS_ACCESS_KEY_ID=`pass deuxfleurs/backups/$svc/aws_s3_access_key`