aboutsummaryrefslogtreecommitdiff
path: root/cluster/prod/app/cryptpad/deploy/backup.hcl
blob: 99dee2f5dcc1d3a7b1c00c1cd35fb22672568e0e (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
job "cryptpad_backup" {
  datacenters = ["neptune"]
  type = "batch"

  priority = "60"

  periodic {
    cron = "@daily"
    // Do not allow overlapping runs.
    prohibit_overlap = true
  }

  group "backup-cryptpad" {
    constraint {
      attribute = "${attr.unique.hostname}"
      operator = "="
      value = "courgette"
    }

    task "main" {
      driver = "docker"

      config {
        image = "restic/restic:0.12.1"
        entrypoint = [ "/bin/sh", "-c" ]
        args = [ "restic backup /cryptpad && restic forget --keep-within 1m1d --keep-within-weekly 3m --keep-within-monthly 1y && restic prune --max-unused 50% --max-repack-size 2G && restic check" ]
        volumes = [
          "/mnt/storage/cryptpad:/cryptpad"
        ]
      }

      template {
        data = <<EOH
AWS_ACCESS_KEY_ID={{ key "secrets/cryptpad_backup/backup_aws_access_key_id" }}
AWS_SECRET_ACCESS_KEY={{ key "secrets/cryptpad_backup/backup_aws_secret_access_key" }}
RESTIC_REPOSITORY={{ key "secrets/cryptpad_backup/backup_restic_repository" }}
RESTIC_PASSWORD={{ key "secrets/cryptpad_backup/backup_restic_password" }}
EOH

         destination = "secrets/env_vars"
         env = true
      }

      resources {
        cpu = 500
        memory = 200
      }

      restart {
        attempts = 2
        interval = "30m"
        delay = "15s"
        mode = "fail"
      }
    }
  }
}