diff options
author | Quentin Dufour <quentin@deuxfleurs.fr> | 2022-04-15 14:24:41 +0200 |
---|---|---|
committer | Quentin Dufour <quentin@deuxfleurs.fr> | 2022-04-15 14:24:41 +0200 |
commit | 83745f737ab5143f7204c2b84425c727266a0d84 (patch) | |
tree | 0161ed04562e5c347c5dbe400dbd6d53115254b3 /app | |
parent | 8cf1b0c3e44f481abd7e07d0e793bd444a81fe52 (diff) | |
download | infrastructure-83745f737ab5143f7204c2b84425c727266a0d84.tar.gz infrastructure-83745f737ab5143f7204c2b84425c727266a0d84.zip |
Deployment on Nomad
Diffstat (limited to 'app')
-rw-r--r-- | app/backup/build/backup-psql/default.nix | 9 | ||||
-rw-r--r-- | app/backup/deploy/backup-weekly.hcl | 55 | ||||
-rw-r--r-- | app/backup/secrets/backup/psql/aws_access_key_id | 1 | ||||
-rw-r--r-- | app/backup/secrets/backup/psql/aws_secret_access_key | 1 | ||||
-rw-r--r-- | app/backup/secrets/backup/psql/crypt_private_key | 1 | ||||
-rw-r--r-- | app/backup/secrets/backup/psql/crypt_public_key | 1 |
6 files changed, 64 insertions, 4 deletions
diff --git a/app/backup/build/backup-psql/default.nix b/app/backup/build/backup-psql/default.nix index 1ded395..5d2dec7 100644 --- a/app/backup/build/backup-psql/default.nix +++ b/app/backup/build/backup-psql/default.nix @@ -17,17 +17,18 @@ in buildPhase = '' cat > backup-psql <<EOF - #!${pkgs.bash}/bin/bash - export PYTHONPATH=${python-with-my-packages}/${python-with-my-packages.sitePackages} - python3 $out/lib/backup-psql.py + #!${pkgs.bash}/bin/bash + export PYTHONPATH=${python-with-my-packages}/${python-with-my-packages.sitePackages} + ${python-with-my-packages}/bin/python3 $out/lib/backup-psql.py EOF + chmod +x backup-psql ''; installPhase = '' mkdir -p $out/{bin,lib} cp *.py $out/lib/backup-psql.py - cp backup-psql $out/bin/backup-sql + cp backup-psql $out/bin/backup-psql ''; } diff --git a/app/backup/deploy/backup-weekly.hcl b/app/backup/deploy/backup-weekly.hcl new file mode 100644 index 0000000..9c1a0b0 --- /dev/null +++ b/app/backup/deploy/backup-weekly.hcl @@ -0,0 +1,55 @@ +job "backup_weekly" { + datacenters = ["dc1"] + type = "batch" + + priority = "60" + + periodic { + cron = "@weekly" + // Do not allow overlapping runs. + prohibit_overlap = true + } + + group "backup-psql" { + task "main" { + driver = "docker" + + config { + image = "superboum/backup-psql-docker:kldrj9xlbda1s4v963jhpgardg6qczgl" + volumes = [ + // Mount a cache on the hard disk to avoid filling the SSD + "/mnt/storage/tmp_bckp_psql:/mnt/cache" + ] + } + + template { + data = <<EOH +CACHE_DIR=/mnt/cache +AWS_BUCKET=backups-pgbasebackup +AWS_ENDPOINT=s3.deuxfleurs.shirokumo.net +AWS_ACCESS_KEY_ID={{ key "secrets/backup/psql/aws_access_key_id" }} +AWS_SECRET_ACCESS_KEY={{ key "secrets/backup/psql/aws_secret_access_key" }} +CRYPT_PUBLIC_KEY={{ key "secrets/backup/psql/crypt_public_key" }} +PSQL_HOST=psql-proxy.service.2.cluster.deuxfleurs.fr +PSQL_USER={{ key "secrets/postgres/keeper/pg_repl_username" }} +PGPASSWORD={{ key "secrets/postgres/keeper/pg_repl_pwd" }} +EOH + + destination = "secrets/env_vars" + env = true + } + + resources { + cpu = 200 + memory = 200 + } + + restart { + attempts = 2 + interval = "30m" + delay = "15s" + mode = "fail" + } + } + } +} diff --git a/app/backup/secrets/backup/psql/aws_access_key_id b/app/backup/secrets/backup/psql/aws_access_key_id new file mode 100644 index 0000000..82375d7 --- /dev/null +++ b/app/backup/secrets/backup/psql/aws_access_key_id @@ -0,0 +1 @@ +USER Minio access key diff --git a/app/backup/secrets/backup/psql/aws_secret_access_key b/app/backup/secrets/backup/psql/aws_secret_access_key new file mode 100644 index 0000000..de5090c --- /dev/null +++ b/app/backup/secrets/backup/psql/aws_secret_access_key @@ -0,0 +1 @@ +USER Minio secret key diff --git a/app/backup/secrets/backup/psql/crypt_private_key b/app/backup/secrets/backup/psql/crypt_private_key new file mode 100644 index 0000000..4abece9 --- /dev/null +++ b/app/backup/secrets/backup/psql/crypt_private_key @@ -0,0 +1 @@ +USER a private key to decript backups from age diff --git a/app/backup/secrets/backup/psql/crypt_public_key b/app/backup/secrets/backup/psql/crypt_public_key new file mode 100644 index 0000000..156ad47 --- /dev/null +++ b/app/backup/secrets/backup/psql/crypt_public_key @@ -0,0 +1 @@ +USER A public key to encypt backups with age |