aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2020-11-15 19:43:33 +0100
committerAlex Auvolat <alex@adnab.me>2020-11-15 19:43:33 +0100
commitf931dd939cd5109906399bd470497c9831e5d2f7 (patch)
treee5524c199311595aa04581c58db09158f013822f
parente2a0c40e6bf3919e6cef6ed1789251b30367dc11 (diff)
downloadinfrastructure-f931dd939cd5109906399bd470497c9831e5d2f7.tar.gz
infrastructure-f931dd939cd5109906399bd470497c9831e5d2f7.zip
Add cryptography to consul backup
-rw-r--r--app/build/backup-consul/Dockerfile7
-rwxr-xr-xapp/build/backup-consul/do_backup.sh7
-rw-r--r--app/deployment/backup.hcl2
3 files changed, 12 insertions, 4 deletions
diff --git a/app/build/backup-consul/Dockerfile b/app/build/backup-consul/Dockerfile
index ff052bf..0a5c38f 100644
--- a/app/build/backup-consul/Dockerfile
+++ b/app/build/backup-consul/Dockerfile
@@ -1,5 +1,12 @@
+FROM golang:buster as builder
+
+WORKDIR /root
+RUN git clone https://filippo.io/age && cd age/cmd/age && go build -o age .
+
FROM amd64/debian:buster
+COPY --from=builder /root/age/cmd/age/age /usr/local/bin/age
+
RUN apt-get update && \
apt-get -qq -y full-upgrade && \
apt-get install -y rsync wget openssh-client unzip && \
diff --git a/app/build/backup-consul/do_backup.sh b/app/build/backup-consul/do_backup.sh
index 049c998..4dbae2a 100755
--- a/app/build/backup-consul/do_backup.sh
+++ b/app/build/backup-consul/do_backup.sh
@@ -13,7 +13,8 @@ Host backuphost
User $TARGET_SSH_USER
EOF
-consul kv export > consul_kv_dump.json
-gzip consul_kv_dump.json
+consul kv export | \
+ gzip | \
+ age -r "$(cat /root/.ssh/id_ed25519.pub)" | \
+ ssh backuphost "cat > $TARGET_SSH_DIR/consul/consul_kv_export.gz.age"
-rsync -vvvz --progress consul_kv_dump.json.gz "backuphost:$TARGET_SSH_DIR/consul/"
diff --git a/app/deployment/backup.hcl b/app/deployment/backup.hcl
index 8b5162c..d0c3fc8 100644
--- a/app/deployment/backup.hcl
+++ b/app/deployment/backup.hcl
@@ -15,7 +15,7 @@ job "backup_periodic" {
driver = "docker"
config {
- image = "lxpz/backup_consul:9"
+ image = "lxpz/backup_consul:11"
volumes = [
"secrets/id_ed25519:/root/.ssh/id_ed25519",
"secrets/id_ed25519.pub:/root/.ssh/id_ed25519.pub",