diff options
author | Alex Auvolat <alex@adnab.me> | 2020-11-15 19:43:33 +0100 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2020-11-15 19:43:33 +0100 |
commit | f931dd939cd5109906399bd470497c9831e5d2f7 (patch) | |
tree | e5524c199311595aa04581c58db09158f013822f /app | |
parent | e2a0c40e6bf3919e6cef6ed1789251b30367dc11 (diff) | |
download | infrastructure-f931dd939cd5109906399bd470497c9831e5d2f7.tar.gz infrastructure-f931dd939cd5109906399bd470497c9831e5d2f7.zip |
Add cryptography to consul backup
Diffstat (limited to 'app')
-rw-r--r-- | app/build/backup-consul/Dockerfile | 7 | ||||
-rwxr-xr-x | app/build/backup-consul/do_backup.sh | 7 | ||||
-rw-r--r-- | app/deployment/backup.hcl | 2 |
3 files changed, 12 insertions, 4 deletions
diff --git a/app/build/backup-consul/Dockerfile b/app/build/backup-consul/Dockerfile index ff052bf..0a5c38f 100644 --- a/app/build/backup-consul/Dockerfile +++ b/app/build/backup-consul/Dockerfile @@ -1,5 +1,12 @@ +FROM golang:buster as builder + +WORKDIR /root +RUN git clone https://filippo.io/age && cd age/cmd/age && go build -o age . + FROM amd64/debian:buster +COPY --from=builder /root/age/cmd/age/age /usr/local/bin/age + RUN apt-get update && \ apt-get -qq -y full-upgrade && \ apt-get install -y rsync wget openssh-client unzip && \ diff --git a/app/build/backup-consul/do_backup.sh b/app/build/backup-consul/do_backup.sh index 049c998..4dbae2a 100755 --- a/app/build/backup-consul/do_backup.sh +++ b/app/build/backup-consul/do_backup.sh @@ -13,7 +13,8 @@ Host backuphost User $TARGET_SSH_USER EOF -consul kv export > consul_kv_dump.json -gzip consul_kv_dump.json +consul kv export | \ + gzip | \ + age -r "$(cat /root/.ssh/id_ed25519.pub)" | \ + ssh backuphost "cat > $TARGET_SSH_DIR/consul/consul_kv_export.gz.age" -rsync -vvvz --progress consul_kv_dump.json.gz "backuphost:$TARGET_SSH_DIR/consul/" diff --git a/app/deployment/backup.hcl b/app/deployment/backup.hcl index 8b5162c..d0c3fc8 100644 --- a/app/deployment/backup.hcl +++ b/app/deployment/backup.hcl @@ -15,7 +15,7 @@ job "backup_periodic" { driver = "docker" config { - image = "lxpz/backup_consul:9" + image = "lxpz/backup_consul:11" volumes = [ "secrets/id_ed25519:/root/.ssh/id_ed25519", "secrets/id_ed25519.pub:/root/.ssh/id_ed25519.pub", |