diff options
author | Alex Auvolat <alex@adnab.me> | 2023-04-20 12:10:07 +0200 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2023-04-20 12:10:07 +0200 |
commit | af82308e8463e34c8f75e469f4d1a5df18f50710 (patch) | |
tree | d53b42350b1ef3d0d9b4db02e2b271314ff3c786 /cluster/prod/app/backup/deploy | |
parent | 57aa2ce1d22dfe7963afdfc1908ae2ba60184dcb (diff) | |
download | nixcfg-af82308e8463e34c8f75e469f4d1a5df18f50710.tar.gz nixcfg-af82308e8463e34c8f75e469f4d1a5df18f50710.zip |
Garage backup to SFTP target hosted by Max
Diffstat (limited to 'cluster/prod/app/backup/deploy')
-rw-r--r-- | cluster/prod/app/backup/deploy/backup-daily.hcl | 44 | ||||
-rw-r--r-- | cluster/prod/app/backup/deploy/backup-garage.hcl | 72 |
2 files changed, 72 insertions, 44 deletions
diff --git a/cluster/prod/app/backup/deploy/backup-daily.hcl b/cluster/prod/app/backup/deploy/backup-daily.hcl index 96e97bc..a7a3dcf 100644 --- a/cluster/prod/app/backup/deploy/backup-daily.hcl +++ b/cluster/prod/app/backup/deploy/backup-daily.hcl @@ -239,48 +239,4 @@ EOH } } } - - group "backup-garage" { - constraint { - attribute = "${attr.unique.hostname}" - operator = "=" - value = "abricot" - } - - task "main" { - driver = "docker" - - config { - image = "lxpz/backup_garage:4" - network_mode = "host" - volumes = [ - "/mnt/storage/backup/garage.deuxfleurs.fr:/backup" - ] - } - - template { - data = <<EOH -BACKUP_BASEDIR=/backup -GARAGE_ADMIN_TOKEN={{ key "secrets/garage/admin_token" }} -GARAGE_ACCESS_KEY={{ key "secrets/backup/garage/s3_access_key_id" }} -GARAGE_SECRET_KEY={{ key "secrets/backup/garage/s3_secret_access_key" }} -EOH - destination = "secrets/env_vars" - env = true - } - - resources { - cpu = 500 - memory = 200 - memory_max = 4000 - } - - restart { - attempts = 2 - interval = "30m" - delay = "15s" - mode = "fail" - } - } - } } diff --git a/cluster/prod/app/backup/deploy/backup-garage.hcl b/cluster/prod/app/backup/deploy/backup-garage.hcl new file mode 100644 index 0000000..f9d64d1 --- /dev/null +++ b/cluster/prod/app/backup/deploy/backup-garage.hcl @@ -0,0 +1,72 @@ +job "backup-garage" { + datacenters = ["neptune", "bespin"] + type = "batch" + + priority = "60" + + periodic { + cron = "@daily" + // Do not allow overlapping runs. + prohibit_overlap = true + } + + group "backup-garage" { + task "main" { + driver = "docker" + + config { + image = "lxpz/backup_garage:9" + network_mode = "host" + volumes = [ + "secrets/rclone.conf:/etc/secrets/rclone.conf" + ] + } + + template { + data = <<EOH +GARAGE_ADMIN_TOKEN={{ key "secrets/garage/admin_token" }} +GARAGE_ADMIN_API_URL=http://localhost:3903 +GARAGE_ACCESS_KEY={{ key "secrets/backup/garage/s3_access_key_id" }} +TARGET_BACKUP_DIR={{ key "secrets/backup/garage/target_sftp_directory" }} +EOH + destination = "secrets/env_vars" + env = true + } + + template { + data = <<EOH +[garage] +type = s3 +provider = Other +env_auth = false +access_key_id = {{ key "secrets/backup/garage/s3_access_key_id" }} +secret_access_key = {{ key "secrets/backup/garage/s3_secret_access_key" }} +endpoint = http://localhost:3900 +region = garage + +[backup] +type = sftp +host = {{ key "secrets/backup/garage/target_sftp_host" }} +user = {{ key "secrets/backup/garage/target_sftp_user" }} +port = {{ key "secrets/backup/garage/target_sftp_port" }} +key_pem = {{ key "secrets/backup/garage/target_sftp_key_pem" | replaceAll "\n" "\\n" }} +shell_type = unix +EOH + destination = "secrets/rclone.conf" + } + + resources { + cpu = 500 + memory = 200 + memory_max = 4000 + } + + restart { + attempts = 2 + interval = "30m" + delay = "15s" + mode = "fail" + } + } + } +} |