aboutsummaryrefslogtreecommitdiff
path: root/cluster/prod/app/backup/deploy
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2023-04-20 12:10:07 +0200
committerAlex Auvolat <alex@adnab.me>2023-04-20 12:10:07 +0200
commitaf82308e8463e34c8f75e469f4d1a5df18f50710 (patch)
treed53b42350b1ef3d0d9b4db02e2b271314ff3c786 /cluster/prod/app/backup/deploy
parent57aa2ce1d22dfe7963afdfc1908ae2ba60184dcb (diff)
downloadnixcfg-af82308e8463e34c8f75e469f4d1a5df18f50710.tar.gz
nixcfg-af82308e8463e34c8f75e469f4d1a5df18f50710.zip
Garage backup to SFTP target hosted by Max
Diffstat (limited to 'cluster/prod/app/backup/deploy')
-rw-r--r--cluster/prod/app/backup/deploy/backup-daily.hcl44
-rw-r--r--cluster/prod/app/backup/deploy/backup-garage.hcl72
2 files changed, 72 insertions, 44 deletions
diff --git a/cluster/prod/app/backup/deploy/backup-daily.hcl b/cluster/prod/app/backup/deploy/backup-daily.hcl
index 96e97bc..a7a3dcf 100644
--- a/cluster/prod/app/backup/deploy/backup-daily.hcl
+++ b/cluster/prod/app/backup/deploy/backup-daily.hcl
@@ -239,48 +239,4 @@ EOH
}
}
}
-
- group "backup-garage" {
- constraint {
- attribute = "${attr.unique.hostname}"
- operator = "="
- value = "abricot"
- }
-
- task "main" {
- driver = "docker"
-
- config {
- image = "lxpz/backup_garage:4"
- network_mode = "host"
- volumes = [
- "/mnt/storage/backup/garage.deuxfleurs.fr:/backup"
- ]
- }
-
- template {
- data = <<EOH
-BACKUP_BASEDIR=/backup
-GARAGE_ADMIN_TOKEN={{ key "secrets/garage/admin_token" }}
-GARAGE_ACCESS_KEY={{ key "secrets/backup/garage/s3_access_key_id" }}
-GARAGE_SECRET_KEY={{ key "secrets/backup/garage/s3_secret_access_key" }}
-EOH
- destination = "secrets/env_vars"
- env = true
- }
-
- resources {
- cpu = 500
- memory = 200
- memory_max = 4000
- }
-
- restart {
- attempts = 2
- interval = "30m"
- delay = "15s"
- mode = "fail"
- }
- }
- }
}
diff --git a/cluster/prod/app/backup/deploy/backup-garage.hcl b/cluster/prod/app/backup/deploy/backup-garage.hcl
new file mode 100644
index 0000000..f9d64d1
--- /dev/null
+++ b/cluster/prod/app/backup/deploy/backup-garage.hcl
@@ -0,0 +1,72 @@
+job "backup-garage" {
+ datacenters = ["neptune", "bespin"]
+ type = "batch"
+
+ priority = "60"
+
+ periodic {
+ cron = "@daily"
+ // Do not allow overlapping runs.
+ prohibit_overlap = true
+ }
+
+ group "backup-garage" {
+ task "main" {
+ driver = "docker"
+
+ config {
+ image = "lxpz/backup_garage:9"
+ network_mode = "host"
+ volumes = [
+ "secrets/rclone.conf:/etc/secrets/rclone.conf"
+ ]
+ }
+
+ template {
+ data = <<EOH
+GARAGE_ADMIN_TOKEN={{ key "secrets/garage/admin_token" }}
+GARAGE_ADMIN_API_URL=http://localhost:3903
+GARAGE_ACCESS_KEY={{ key "secrets/backup/garage/s3_access_key_id" }}
+TARGET_BACKUP_DIR={{ key "secrets/backup/garage/target_sftp_directory" }}
+EOH
+ destination = "secrets/env_vars"
+ env = true
+ }
+
+ template {
+ data = <<EOH
+[garage]
+type = s3
+provider = Other
+env_auth = false
+access_key_id = {{ key "secrets/backup/garage/s3_access_key_id" }}
+secret_access_key = {{ key "secrets/backup/garage/s3_secret_access_key" }}
+endpoint = http://localhost:3900
+region = garage
+
+[backup]
+type = sftp
+host = {{ key "secrets/backup/garage/target_sftp_host" }}
+user = {{ key "secrets/backup/garage/target_sftp_user" }}
+port = {{ key "secrets/backup/garage/target_sftp_port" }}
+key_pem = {{ key "secrets/backup/garage/target_sftp_key_pem" | replaceAll "\n" "\\n" }}
+shell_type = unix
+EOH
+ destination = "secrets/rclone.conf"
+ }
+
+ resources {
+ cpu = 500
+ memory = 200
+ memory_max = 4000
+ }
+
+ restart {
+ attempts = 2
+ interval = "30m"
+ delay = "15s"
+ mode = "fail"
+ }
+ }
+ }
+}