Move cryptpad backup job to backup-daily.hcl

author: Alex Auvolat <alex@adnab.me> 2022-09-26 13:02:38 +0200
committer: Alex Auvolat <alex@adnab.me> 2022-09-26 13:02:38 +0200
commit: 5b889197464a23fc45f88adcede320d04b321260 (patch)
tree: c18ee6fc26d821c302408e8b2f371e9d99a585b4 /cluster/prod/app/backup
parent: 535c90b38e943181594477803a1e6c7cfad302a8 (diff)
download: nixcfg-5b889197464a23fc45f88adcede320d04b321260.tar.gz
nixcfg-5b889197464a23fc45f88adcede320d04b321260.zip
5 files changed, 49 insertions, 0 deletions
diff --git a/cluster/prod/app/backup/deploy/backup-daily.hcl b/cluster/prod/app/backup/deploy/backup-daily.hcl
index df592ce..10020f2 100644
--- a/cluster/prod/app/backup/deploy/backup-daily.hcl
+++ b/cluster/prod/app/backup/deploy/backup-daily.hcl
@@ -193,4 +193,49 @@ EOH
       }
     }
   }
+
+  group "backup-cryptpad" {
+    constraint {
+      attribute = "${attr.unique.hostname}"
+      operator = "="
+      value = "courgette"
+    }
+
+    task "main" {
+      driver = "docker"
+
+      config {
+        image = "restic/restic:0.12.1"
+        entrypoint = [ "/bin/sh", "-c" ]
+        args = [ "restic backup /cryptpad && restic forget --keep-within 1m1d --keep-within-weekly 3m --keep-within-monthly 1y && restic prune --max-unused 50% --max-repack-size 2G && restic check" ]
+        volumes = [
+          "/mnt/storage/cryptpad:/cryptpad"
+        ]
+      }
+
+      template {
+        data = <<EOH
+AWS_ACCESS_KEY_ID={{ key "secrets/backup/cryptpad/backup_aws_access_key_id" }}
+AWS_SECRET_ACCESS_KEY={{ key "secrets/backup/cryptpad/backup_aws_secret_access_key" }}
+RESTIC_REPOSITORY={{ key "secrets/backup/cryptpad/backup_restic_repository" }}
+RESTIC_PASSWORD={{ key "secrets/backup/cryptpad/backup_restic_password" }}
+EOH
+
+         destination = "secrets/env_vars"
+         env = true
+      }
+
+      resources {
+        cpu = 500
+        memory = 200
+      }
+
+      restart {
+        attempts = 2
+        interval = "30m"
+        delay = "15s"
+        mode = "fail"
+      }
+    }
+  }
 }
diff --git a/cluster/prod/app/backup/secrets/backup/cryptpad/backup_aws_access_key_id b/cluster/prod/app/backup/secrets/backup/cryptpad/backup_aws_access_key_id
new file mode 100644
index 0000000..9235e53
--- /dev/null
+++ b/cluster/prod/app/backup/secrets/backup/cryptpad/backup_aws_access_key_id
@@ -0,0 +1 @@
+USER Backup AWS access key ID
diff --git a/cluster/prod/app/backup/secrets/backup/cryptpad/backup_aws_secret_access_key b/cluster/prod/app/backup/secrets/backup/cryptpad/backup_aws_secret_access_key
new file mode 100644
index 0000000..f34677e
--- /dev/null
+++ b/cluster/prod/app/backup/secrets/backup/cryptpad/backup_aws_secret_access_key
@@ -0,0 +1 @@
+USER Backup AWS secret access key
diff --git a/cluster/prod/app/backup/secrets/backup/cryptpad/backup_restic_password b/cluster/prod/app/backup/secrets/backup/cryptpad/backup_restic_password
new file mode 100644
index 0000000..fbaa5fa
--- /dev/null
+++ b/cluster/prod/app/backup/secrets/backup/cryptpad/backup_restic_password
@@ -0,0 +1 @@
+USER Restic password to encrypt backups
diff --git a/cluster/prod/app/backup/secrets/backup/cryptpad/backup_restic_repository b/cluster/prod/app/backup/secrets/backup/cryptpad/backup_restic_repository
new file mode 100644
index 0000000..3f6cb93
--- /dev/null
+++ b/cluster/prod/app/backup/secrets/backup/cryptpad/backup_restic_repository
@@ -0,0 +1 @@
+USER Restic repository, eg. s3:https://s3.garage.tld
author	Alex Auvolat <alex@adnab.me>	2022-09-26 13:02:38 +0200
committer	Alex Auvolat <alex@adnab.me>	2022-09-26 13:02:38 +0200
commit	5b889197464a23fc45f88adcede320d04b321260 (patch)
tree	c18ee6fc26d821c302408e8b2f371e9d99a585b4 /cluster/prod/app/backup
parent	535c90b38e943181594477803a1e6c7cfad302a8 (diff)
download	nixcfg-5b889197464a23fc45f88adcede320d04b321260.tar.gz nixcfg-5b889197464a23fc45f88adcede320d04b321260.zip