Add a backup script for emails

6 files changed, 57 insertions, 1 deletions

diff --git a/app/backup/deploy/backup-daily.hcl b/app/backup/deploy/backup-daily.hcl
new file mode 100644
index 0000000..a1c2f89
--- /dev/null
+++ b/app/backup/deploy/backup-daily.hcl
@@ -0,0 +1,52 @@
+job "backup_daily" {
+  datacenters = ["dc1"]
+  type = "batch"
+  periodic {
+    cron = "@daily"
+    // Do not allow overlapping runs.
+    prohibit_overlap = true
+  }
+
+  task "backup-dovecot" {
+    constraint {
+      attribute = "${attr.unique.hostname}"
+      operator = "="
+      value = "digitale"
+    }
+
+    driver = "docker"
+
+    config {
+      image = "restic/restic:0.12.1"
+      entrypoint = [ "/bin/sh", "-c" ]
+      args = [ "restic backup /mail && restic forget --keep-within 1m1d --keep-within-weekly 3m --keep-within-monthly 1y ; restic prune --max-unused 50% --max-repack-size 2G ; restic check" ]
+      volumes = [
+        "/mnt/ssd/mail:/mail"
+      ]
+    }
+
+
+    template {
+      data = <<EOH
+AWS_ACCESS_KEY_ID={{ key "secrets/email/dovecot/backup_aws_access_key_id" }}
+AWS_SECRET_ACCESS_KEY={{ key "secrets/email/dovecot/backup_aws_secret_access_key" }}
+RESTIC_REPOSITORY={{ key "secrets/email/dovecot/backup_restic_repository" }}
+RESTIC_PASSWORD={{ key "secrets/email/dovecot/backup_restic_password" }}
+EOH
+
+       destination = "secrets/env_vars"
+       env = true
+    }
+
+    resources {
+      memory = 200
+    }
+
+    restart {
+      attempts = 2
+      interval = "30m"
+      delay = "15s"
+      mode = "fail"
+    }
+  }
+}
diff --git a/app/backup/secrets/email/dovecot/backup_aws_access_key_id b/app/backup/secrets/email/dovecot/backup_aws_access_key_id
new file mode 100644
index 0000000..9ae6adf
--- /dev/null
+++ b/app/backup/secrets/email/dovecot/backup_aws_access_key_id
@@ -0,0 +1 @@
+USER AWS Acces Key ID
diff --git a/app/backup/secrets/email/dovecot/backup_aws_secret_access_key b/app/backup/secrets/email/dovecot/backup_aws_secret_access_key
new file mode 100644
index 0000000..ac95906
--- /dev/null
+++ b/app/backup/secrets/email/dovecot/backup_aws_secret_access_key
@@ -0,0 +1 @@
+USER AWS Secret Access key
diff --git a/app/backup/secrets/email/dovecot/backup_restic_password b/app/backup/secrets/email/dovecot/backup_restic_password
new file mode 100644
index 0000000..c19a4a3
--- /dev/null
+++ b/app/backup/secrets/email/dovecot/backup_restic_password
@@ -0,0 +1 @@
+USER Restic backup password to encrypt data
diff --git a/app/backup/secrets/email/dovecot/backup_restic_repository b/app/backup/secrets/email/dovecot/backup_restic_repository
new file mode 100644
index 0000000..0434a15
--- /dev/null
+++ b/app/backup/secrets/email/dovecot/backup_restic_repository
@@ -0,0 +1 @@
+USER Restic Repository URL, check op_guide/backup-minio to see the format
diff --git a/op_guide/backup_minio/README.md b/op_guide/backup_minio/README.md
index 7084498..31194e5 100644
--- a/op_guide/backup_minio/README.md
+++ b/op_guide/backup_minio/README.md
@@ -108,7 +108,7 @@ The idea is that the backuping service is a component of the global running serv
 You must add:
   - `backup_aws_access_key_id`
   - `backup_aws_secret_access_key`
-  - `backup_aws_endpoint`
+  - `backup_restic_repository`
   - `backup_restic_password`