aboutsummaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
authorQuentin Dufour <quentin@deuxfleurs.fr>2022-04-15 14:24:41 +0200
committerQuentin Dufour <quentin@deuxfleurs.fr>2022-04-15 14:24:41 +0200
commit83745f737ab5143f7204c2b84425c727266a0d84 (patch)
tree0161ed04562e5c347c5dbe400dbd6d53115254b3 /app
parent8cf1b0c3e44f481abd7e07d0e793bd444a81fe52 (diff)
downloadinfrastructure-83745f737ab5143f7204c2b84425c727266a0d84.tar.gz
infrastructure-83745f737ab5143f7204c2b84425c727266a0d84.zip
Deployment on Nomad
Diffstat (limited to 'app')
-rw-r--r--app/backup/build/backup-psql/default.nix9
-rw-r--r--app/backup/deploy/backup-weekly.hcl55
-rw-r--r--app/backup/secrets/backup/psql/aws_access_key_id1
-rw-r--r--app/backup/secrets/backup/psql/aws_secret_access_key1
-rw-r--r--app/backup/secrets/backup/psql/crypt_private_key1
-rw-r--r--app/backup/secrets/backup/psql/crypt_public_key1
6 files changed, 64 insertions, 4 deletions
diff --git a/app/backup/build/backup-psql/default.nix b/app/backup/build/backup-psql/default.nix
index 1ded395..5d2dec7 100644
--- a/app/backup/build/backup-psql/default.nix
+++ b/app/backup/build/backup-psql/default.nix
@@ -17,17 +17,18 @@ in
buildPhase = ''
cat > backup-psql <<EOF
- #!${pkgs.bash}/bin/bash
- export PYTHONPATH=${python-with-my-packages}/${python-with-my-packages.sitePackages}
- python3 $out/lib/backup-psql.py
+ #!${pkgs.bash}/bin/bash
+ export PYTHONPATH=${python-with-my-packages}/${python-with-my-packages.sitePackages}
+ ${python-with-my-packages}/bin/python3 $out/lib/backup-psql.py
EOF
+
chmod +x backup-psql
'';
installPhase = ''
mkdir -p $out/{bin,lib}
cp *.py $out/lib/backup-psql.py
- cp backup-psql $out/bin/backup-sql
+ cp backup-psql $out/bin/backup-psql
'';
}
diff --git a/app/backup/deploy/backup-weekly.hcl b/app/backup/deploy/backup-weekly.hcl
new file mode 100644
index 0000000..9c1a0b0
--- /dev/null
+++ b/app/backup/deploy/backup-weekly.hcl
@@ -0,0 +1,55 @@
+job "backup_weekly" {
+ datacenters = ["dc1"]
+ type = "batch"
+
+ priority = "60"
+
+ periodic {
+ cron = "@weekly"
+ // Do not allow overlapping runs.
+ prohibit_overlap = true
+ }
+
+ group "backup-psql" {
+ task "main" {
+ driver = "docker"
+
+ config {
+ image = "superboum/backup-psql-docker:kldrj9xlbda1s4v963jhpgardg6qczgl"
+ volumes = [
+ // Mount a cache on the hard disk to avoid filling the SSD
+ "/mnt/storage/tmp_bckp_psql:/mnt/cache"
+ ]
+ }
+
+ template {
+ data = <<EOH
+CACHE_DIR=/mnt/cache
+AWS_BUCKET=backups-pgbasebackup
+AWS_ENDPOINT=s3.deuxfleurs.shirokumo.net
+AWS_ACCESS_KEY_ID={{ key "secrets/backup/psql/aws_access_key_id" }}
+AWS_SECRET_ACCESS_KEY={{ key "secrets/backup/psql/aws_secret_access_key" }}
+CRYPT_PUBLIC_KEY={{ key "secrets/backup/psql/crypt_public_key" }}
+PSQL_HOST=psql-proxy.service.2.cluster.deuxfleurs.fr
+PSQL_USER={{ key "secrets/postgres/keeper/pg_repl_username" }}
+PGPASSWORD={{ key "secrets/postgres/keeper/pg_repl_pwd" }}
+EOH
+
+ destination = "secrets/env_vars"
+ env = true
+ }
+
+ resources {
+ cpu = 200
+ memory = 200
+ }
+
+ restart {
+ attempts = 2
+ interval = "30m"
+ delay = "15s"
+ mode = "fail"
+ }
+ }
+ }
+}
diff --git a/app/backup/secrets/backup/psql/aws_access_key_id b/app/backup/secrets/backup/psql/aws_access_key_id
new file mode 100644
index 0000000..82375d7
--- /dev/null
+++ b/app/backup/secrets/backup/psql/aws_access_key_id
@@ -0,0 +1 @@
+USER Minio access key
diff --git a/app/backup/secrets/backup/psql/aws_secret_access_key b/app/backup/secrets/backup/psql/aws_secret_access_key
new file mode 100644
index 0000000..de5090c
--- /dev/null
+++ b/app/backup/secrets/backup/psql/aws_secret_access_key
@@ -0,0 +1 @@
+USER Minio secret key
diff --git a/app/backup/secrets/backup/psql/crypt_private_key b/app/backup/secrets/backup/psql/crypt_private_key
new file mode 100644
index 0000000..4abece9
--- /dev/null
+++ b/app/backup/secrets/backup/psql/crypt_private_key
@@ -0,0 +1 @@
+USER a private key to decript backups from age
diff --git a/app/backup/secrets/backup/psql/crypt_public_key b/app/backup/secrets/backup/psql/crypt_public_key
new file mode 100644
index 0000000..156ad47
--- /dev/null
+++ b/app/backup/secrets/backup/psql/crypt_public_key
@@ -0,0 +1 @@
+USER A public key to encypt backups with age