diff options
author | Alex Auvolat <alex@adnab.me> | 2022-09-26 13:02:38 +0200 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2022-09-26 13:02:38 +0200 |
commit | 5b889197464a23fc45f88adcede320d04b321260 (patch) | |
tree | c18ee6fc26d821c302408e8b2f371e9d99a585b4 | |
parent | 535c90b38e943181594477803a1e6c7cfad302a8 (diff) | |
download | nixcfg-5b889197464a23fc45f88adcede320d04b321260.tar.gz nixcfg-5b889197464a23fc45f88adcede320d04b321260.zip |
Move cryptpad backup job to backup-daily.hcl
-rw-r--r-- | cluster/prod/app/backup/deploy/backup-daily.hcl | 45 | ||||
-rw-r--r-- | cluster/prod/app/backup/secrets/backup/cryptpad/backup_aws_access_key_id (renamed from cluster/prod/app/cryptpad/secrets/cryptpad_backup/backup_aws_access_key_id) | 0 | ||||
-rw-r--r-- | cluster/prod/app/backup/secrets/backup/cryptpad/backup_aws_secret_access_key (renamed from cluster/prod/app/cryptpad/secrets/cryptpad_backup/backup_aws_secret_access_key) | 0 | ||||
-rw-r--r-- | cluster/prod/app/backup/secrets/backup/cryptpad/backup_restic_password (renamed from cluster/prod/app/cryptpad/secrets/cryptpad_backup/backup_restic_password) | 0 | ||||
-rw-r--r-- | cluster/prod/app/backup/secrets/backup/cryptpad/backup_restic_repository (renamed from cluster/prod/app/cryptpad/secrets/cryptpad_backup/backup_restic_repository) | 0 | ||||
-rw-r--r-- | cluster/prod/app/cryptpad/deploy/backup.hcl | 57 | ||||
-rwxr-xr-x | restic-summary | 2 |
7 files changed, 46 insertions, 58 deletions
diff --git a/cluster/prod/app/backup/deploy/backup-daily.hcl b/cluster/prod/app/backup/deploy/backup-daily.hcl index df592ce..10020f2 100644 --- a/cluster/prod/app/backup/deploy/backup-daily.hcl +++ b/cluster/prod/app/backup/deploy/backup-daily.hcl @@ -193,4 +193,49 @@ EOH } } } + + group "backup-cryptpad" { + constraint { + attribute = "${attr.unique.hostname}" + operator = "=" + value = "courgette" + } + + task "main" { + driver = "docker" + + config { + image = "restic/restic:0.12.1" + entrypoint = [ "/bin/sh", "-c" ] + args = [ "restic backup /cryptpad && restic forget --keep-within 1m1d --keep-within-weekly 3m --keep-within-monthly 1y && restic prune --max-unused 50% --max-repack-size 2G && restic check" ] + volumes = [ + "/mnt/storage/cryptpad:/cryptpad" + ] + } + + template { + data = <<EOH +AWS_ACCESS_KEY_ID={{ key "secrets/backup/cryptpad/backup_aws_access_key_id" }} +AWS_SECRET_ACCESS_KEY={{ key "secrets/backup/cryptpad/backup_aws_secret_access_key" }} +RESTIC_REPOSITORY={{ key "secrets/backup/cryptpad/backup_restic_repository" }} +RESTIC_PASSWORD={{ key "secrets/backup/cryptpad/backup_restic_password" }} +EOH + + destination = "secrets/env_vars" + env = true + } + + resources { + cpu = 500 + memory = 200 + } + + restart { + attempts = 2 + interval = "30m" + delay = "15s" + mode = "fail" + } + } + } } diff --git a/cluster/prod/app/cryptpad/secrets/cryptpad_backup/backup_aws_access_key_id b/cluster/prod/app/backup/secrets/backup/cryptpad/backup_aws_access_key_id index 9235e53..9235e53 100644 --- a/cluster/prod/app/cryptpad/secrets/cryptpad_backup/backup_aws_access_key_id +++ b/cluster/prod/app/backup/secrets/backup/cryptpad/backup_aws_access_key_id diff --git a/cluster/prod/app/cryptpad/secrets/cryptpad_backup/backup_aws_secret_access_key b/cluster/prod/app/backup/secrets/backup/cryptpad/backup_aws_secret_access_key index f34677e..f34677e 100644 --- a/cluster/prod/app/cryptpad/secrets/cryptpad_backup/backup_aws_secret_access_key +++ b/cluster/prod/app/backup/secrets/backup/cryptpad/backup_aws_secret_access_key diff --git a/cluster/prod/app/cryptpad/secrets/cryptpad_backup/backup_restic_password b/cluster/prod/app/backup/secrets/backup/cryptpad/backup_restic_password index fbaa5fa..fbaa5fa 100644 --- a/cluster/prod/app/cryptpad/secrets/cryptpad_backup/backup_restic_password +++ b/cluster/prod/app/backup/secrets/backup/cryptpad/backup_restic_password diff --git a/cluster/prod/app/cryptpad/secrets/cryptpad_backup/backup_restic_repository b/cluster/prod/app/backup/secrets/backup/cryptpad/backup_restic_repository index 3f6cb93..3f6cb93 100644 --- a/cluster/prod/app/cryptpad/secrets/cryptpad_backup/backup_restic_repository +++ b/cluster/prod/app/backup/secrets/backup/cryptpad/backup_restic_repository diff --git a/cluster/prod/app/cryptpad/deploy/backup.hcl b/cluster/prod/app/cryptpad/deploy/backup.hcl deleted file mode 100644 index 99dee2f..0000000 --- a/cluster/prod/app/cryptpad/deploy/backup.hcl +++ /dev/null @@ -1,57 +0,0 @@ -job "cryptpad_backup" { - datacenters = ["neptune"] - type = "batch" - - priority = "60" - - periodic { - cron = "@daily" - // Do not allow overlapping runs. - prohibit_overlap = true - } - - group "backup-cryptpad" { - constraint { - attribute = "${attr.unique.hostname}" - operator = "=" - value = "courgette" - } - - task "main" { - driver = "docker" - - config { - image = "restic/restic:0.12.1" - entrypoint = [ "/bin/sh", "-c" ] - args = [ "restic backup /cryptpad && restic forget --keep-within 1m1d --keep-within-weekly 3m --keep-within-monthly 1y && restic prune --max-unused 50% --max-repack-size 2G && restic check" ] - volumes = [ - "/mnt/storage/cryptpad:/cryptpad" - ] - } - - template { - data = <<EOH -AWS_ACCESS_KEY_ID={{ key "secrets/cryptpad_backup/backup_aws_access_key_id" }} -AWS_SECRET_ACCESS_KEY={{ key "secrets/cryptpad_backup/backup_aws_secret_access_key" }} -RESTIC_REPOSITORY={{ key "secrets/cryptpad_backup/backup_restic_repository" }} -RESTIC_PASSWORD={{ key "secrets/cryptpad_backup/backup_restic_password" }} -EOH - - destination = "secrets/env_vars" - env = true - } - - resources { - cpu = 500 - memory = 200 - } - - restart { - attempts = 2 - interval = "30m" - delay = "15s" - mode = "fail" - } - } - } -} diff --git a/restic-summary b/restic-summary index f9295ba..38e9433 100755 --- a/restic-summary +++ b/restic-summary @@ -1,5 +1,5 @@ #!/usr/bin/env bash -for svc in dovecot consul plume; do +for svc in dovecot consul plume cryptpad; do export RESTIC_REPOSITORY=`pass deuxfleurs/backups/$svc/restic_repository` export RESTIC_PASSWORD=`pass deuxfleurs/backups/$svc/restic_password` export AWS_ACCESS_KEY_ID=`pass deuxfleurs/backups/$svc/aws_s3_access_key` |