diff options
| author | Franck Cuny <franck@fcuny.net> | 2025-07-07 16:50:41 -0700 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2025-07-07 16:50:41 -0700 |
| commit | 93addfef26a6a40dcb8978823610ba3e009dc309 (patch) | |
| tree | fd9ade15410463c5c069f94a1dece5eab7a9f98b /docs/backups.org | |
| parent | add scripts related to terraform (diff) | |
| download | infra-93addfef26a6a40dcb8978823610ba3e009dc309.tar.gz | |
store backups locally and remotely
It might be useful to have a local backup so that I don't need to pull
it from the remote bucket. It is useful to be able to quickly browse and
see what's in the backup, and having to go to GCS for that is a waste of
resources.
Export environment variables to make it easier to interact with the
local repository.
Diffstat (limited to '')
| -rw-r--r-- | docs/backups.org | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/docs/backups.org b/docs/backups.org index 605ba55..f9906f1 100644 --- a/docs/backups.org +++ b/docs/backups.org @@ -1,13 +1,15 @@ * General -Backups are managed with =restic= and are stored directly to a Google Cloud Storage Bucket. +Backups are managed with =restic= and are stored locally and also on a Google Cloud Storage Bucket. These are two different backups, they are executed at different time, and there should be no assumptions that they are identical. -Access to the bucket is managed via service account. +There's a single password for all the repositories, it's managed with =agenix=, and the file is under secrets (=restic_password.age=). +** Remote backup +Access to the bucket is managed via service account. Each machine has its own repository. -Each machine has its own repository. +The service account key is stored in JSON and also encrypted with =agenix=. -There's a single password for all the repositories, it's managed with =agenix=, and the file is under secrets (=restic_password.age=). The service account key is stored in JSON and also encrypted with =agenix=. +| bucket | [[https://console.cloud.google.com/storage/browser/fcuny-infra-backups;tab=objects?forceOnBucketsSortingFiltering=true&hl=en&inv=1&invt=Ab2J4Q&project=fcuny-infra&prefix=&forceOnObjectsSortingFiltering=false][fcuny-infra-backups]] | +| project | fcuny-infra | +| service account | [[https://console.cloud.google.com/iam-admin/serviceaccounts/details/118261378048653759345?inv=1&invt=Ab2J-w&project=fcuny-infra&supportedpurview=project][restic]] | -|-----------------+----------------------| -| bucket | [[https://console.cloud.google.com/storage/browser/fcuny-backup/vm-synology/data/c1?pageState=(%22StorageObjectListTable%22:(%22f%22:%22%255B%255D%22))&inv=1&invt=Ab1hkA&project=fcuny-backups-464518&supportedpurview=project][fcuny-backup]] | -| project | fcuny-backups-464518 | -| service account | [[https://console.cloud.google.com/iam-admin/serviceaccounts?inv=1&invt=Ab1hkA&project=fcuny-backups-464518&supportedpurview=project][restic]] | +* Managing backups +The path to the repository and the password file are exported as environment variables, to make it easier to interact with the backups. |