diff options
-rw-r--r-- | app/cryptpad/deploy/backup.hcl | 57 | ||||
-rw-r--r-- | app/cryptpad/secrets/cryptpad_backup/backup_aws_access_key_id | 1 | ||||
-rw-r--r-- | app/cryptpad/secrets/cryptpad_backup/backup_aws_secret_access_key | 1 | ||||
-rw-r--r-- | app/cryptpad/secrets/cryptpad_backup/backup_restic_password | 1 | ||||
-rw-r--r-- | app/cryptpad/secrets/cryptpad_backup/backup_restic_repository | 1 | ||||
-rw-r--r-- | app/shell.nix | 15 |
6 files changed, 76 insertions, 0 deletions
diff --git a/app/cryptpad/deploy/backup.hcl b/app/cryptpad/deploy/backup.hcl new file mode 100644 index 0000000..99dee2f --- /dev/null +++ b/app/cryptpad/deploy/backup.hcl @@ -0,0 +1,57 @@ +job "cryptpad_backup" { + datacenters = ["neptune"] + type = "batch" + + priority = "60" + + periodic { + cron = "@daily" + // Do not allow overlapping runs. + prohibit_overlap = true + } + + group "backup-cryptpad" { + constraint { + attribute = "${attr.unique.hostname}" + operator = "=" + value = "courgette" + } + + task "main" { + driver = "docker" + + config { + image = "restic/restic:0.12.1" + entrypoint = [ "/bin/sh", "-c" ] + args = [ "restic backup /cryptpad && restic forget --keep-within 1m1d --keep-within-weekly 3m --keep-within-monthly 1y && restic prune --max-unused 50% --max-repack-size 2G && restic check" ] + volumes = [ + "/mnt/storage/cryptpad:/cryptpad" + ] + } + + template { + data = <<EOH +AWS_ACCESS_KEY_ID={{ key "secrets/cryptpad_backup/backup_aws_access_key_id" }} +AWS_SECRET_ACCESS_KEY={{ key "secrets/cryptpad_backup/backup_aws_secret_access_key" }} +RESTIC_REPOSITORY={{ key "secrets/cryptpad_backup/backup_restic_repository" }} +RESTIC_PASSWORD={{ key "secrets/cryptpad_backup/backup_restic_password" }} +EOH + + destination = "secrets/env_vars" + env = true + } + + resources { + cpu = 500 + memory = 200 + } + + restart { + attempts = 2 + interval = "30m" + delay = "15s" + mode = "fail" + } + } + } +} diff --git a/app/cryptpad/secrets/cryptpad_backup/backup_aws_access_key_id b/app/cryptpad/secrets/cryptpad_backup/backup_aws_access_key_id new file mode 100644 index 0000000..9235e53 --- /dev/null +++ b/app/cryptpad/secrets/cryptpad_backup/backup_aws_access_key_id @@ -0,0 +1 @@ +USER Backup AWS access key ID diff --git a/app/cryptpad/secrets/cryptpad_backup/backup_aws_secret_access_key b/app/cryptpad/secrets/cryptpad_backup/backup_aws_secret_access_key new file mode 100644 index 0000000..f34677e --- /dev/null +++ b/app/cryptpad/secrets/cryptpad_backup/backup_aws_secret_access_key @@ -0,0 +1 @@ +USER Backup AWS secret access key diff --git a/app/cryptpad/secrets/cryptpad_backup/backup_restic_password b/app/cryptpad/secrets/cryptpad_backup/backup_restic_password new file mode 100644 index 0000000..fbaa5fa --- /dev/null +++ b/app/cryptpad/secrets/cryptpad_backup/backup_restic_password @@ -0,0 +1 @@ +USER Restic password to encrypt backups diff --git a/app/cryptpad/secrets/cryptpad_backup/backup_restic_repository b/app/cryptpad/secrets/cryptpad_backup/backup_restic_repository new file mode 100644 index 0000000..3f6cb93 --- /dev/null +++ b/app/cryptpad/secrets/cryptpad_backup/backup_restic_repository @@ -0,0 +1 @@ +USER Restic repository, eg. s3:https://s3.garage.tld diff --git a/app/shell.nix b/app/shell.nix new file mode 100644 index 0000000..c9b8053 --- /dev/null +++ b/app/shell.nix @@ -0,0 +1,15 @@ +{ + pkgs ? import <nixpkgs> {} +}: + +with pkgs; mkShell { + nativeBuildInputs = [ + nomad + docker-compose + python39Packages.pip + python39Packages.ldap + python39Packages.consul + python39Packages.passlib + ]; +} + |