Deployment on Nomad

6 files changed, 64 insertions, 4 deletions

diff --git a/app/backup/build/backup-psql/default.nix b/app/backup/build/backup-psql/default.nix
index 1ded395..5d2dec7 100644
--- a/app/backup/build/backup-psql/default.nix
+++ b/app/backup/build/backup-psql/default.nix
@@ -17,17 +17,18 @@ in
 
     buildPhase = ''
       cat > backup-psql <<EOF
-        #!${pkgs.bash}/bin/bash
-        export PYTHONPATH=${python-with-my-packages}/${python-with-my-packages.sitePackages}
-        python3 $out/lib/backup-psql.py
+      #!${pkgs.bash}/bin/bash
+      export PYTHONPATH=${python-with-my-packages}/${python-with-my-packages.sitePackages}
+      ${python-with-my-packages}/bin/python3 $out/lib/backup-psql.py
       EOF
+
       chmod +x backup-psql
     '';
 
     installPhase = ''
       mkdir -p $out/{bin,lib}
       cp *.py $out/lib/backup-psql.py
-      cp backup-psql $out/bin/backup-sql
+      cp backup-psql $out/bin/backup-psql
     '';
   }
 
diff --git a/app/backup/deploy/backup-weekly.hcl b/app/backup/deploy/backup-weekly.hcl
new file mode 100644
index 0000000..9c1a0b0
--- /dev/null
+++ b/app/backup/deploy/backup-weekly.hcl
@@ -0,0 +1,55 @@
+job "backup_weekly" {
+  datacenters = ["dc1"]
+  type = "batch"
+
+  priority = "60"
+
+  periodic {
+    cron = "@weekly"
+    // Do not allow overlapping runs.
+    prohibit_overlap = true
+  }
+
+  group "backup-psql" {
+    task "main" {
+      driver = "docker"
+
+      config {
+        image = "superboum/backup-psql-docker:kldrj9xlbda1s4v963jhpgardg6qczgl"
+        volumes = [
+          // Mount a cache on the hard disk to avoid filling the SSD
+          "/mnt/storage/tmp_bckp_psql:/mnt/cache"
+        ]
+      }
+
+      template {
+        data = <<EOH
+CACHE_DIR=/mnt/cache
+AWS_BUCKET=backups-pgbasebackup
+AWS_ENDPOINT=s3.deuxfleurs.shirokumo.net
+AWS_ACCESS_KEY_ID={{ key "secrets/backup/psql/aws_access_key_id" }}
+AWS_SECRET_ACCESS_KEY={{ key "secrets/backup/psql/aws_secret_access_key" }}
+CRYPT_PUBLIC_KEY={{ key "secrets/backup/psql/crypt_public_key" }}
+PSQL_HOST=psql-proxy.service.2.cluster.deuxfleurs.fr
+PSQL_USER={{ key "secrets/postgres/keeper/pg_repl_username" }}
+PGPASSWORD={{ key "secrets/postgres/keeper/pg_repl_pwd" }}
+EOH
+
+         destination = "secrets/env_vars"
+         env = true
+      }
+
+      resources {
+        cpu = 200
+        memory = 200
+      }
+
+      restart {
+        attempts = 2
+        interval = "30m"
+        delay = "15s"
+        mode = "fail"
+      }
+    }
+  }
+}
diff --git a/app/backup/secrets/backup/psql/aws_access_key_id b/app/backup/secrets/backup/psql/aws_access_key_id
new file mode 100644
index 0000000..82375d7
--- /dev/null
+++ b/app/backup/secrets/backup/psql/aws_access_key_id
@@ -0,0 +1 @@
+USER Minio access key
diff --git a/app/backup/secrets/backup/psql/aws_secret_access_key b/app/backup/secrets/backup/psql/aws_secret_access_key
new file mode 100644
index 0000000..de5090c
--- /dev/null
+++ b/app/backup/secrets/backup/psql/aws_secret_access_key
@@ -0,0 +1 @@
+USER Minio secret key
diff --git a/app/backup/secrets/backup/psql/crypt_private_key b/app/backup/secrets/backup/psql/crypt_private_key
new file mode 100644
index 0000000..4abece9
--- /dev/null
+++ b/app/backup/secrets/backup/psql/crypt_private_key
@@ -0,0 +1 @@
+USER a private key to decript backups from age
diff --git a/app/backup/secrets/backup/psql/crypt_public_key b/app/backup/secrets/backup/psql/crypt_public_key
new file mode 100644
index 0000000..156ad47
--- /dev/null
+++ b/app/backup/secrets/backup/psql/crypt_public_key
@@ -0,0 +1 @@
+USER A public key to encypt backups with age