diff options
| -rw-r--r-- | docs/backups.org | 12 | ||||
| -rw-r--r-- | hosts/tahoe/secrets/rclone/config.ini.age | bin | 515 -> 0 bytes | |||
| -rw-r--r-- | hosts/tahoe/secrets/rclone/gcs_service_account.json.age | bin | 2786 -> 0 bytes | |||
| -rw-r--r-- | hosts/tahoe/secrets/secrets.nix | 3 | ||||
| -rw-r--r-- | modules/services/default.nix | 1 | ||||
| -rw-r--r-- | modules/services/rclone/default.nix | 40 |
6 files changed, 1 insertions, 55 deletions
diff --git a/docs/backups.org b/docs/backups.org index 0b0d25a..a1db502 100644 --- a/docs/backups.org +++ b/docs/backups.org @@ -1,10 +1,6 @@ #+TITLE: Backups -There's a number of backups that are managed by the NAS. - -In order for the backup to work, there's two files that need to be provisioned: -- =/etc/restic/password= this contains the password for restic. It's currently stored in 1password (named *backup on nas*). -- =/etc/restic/google.json= this contains the authn/authz information to store our data in various GCS. This is stored in 1password, with restic's password. +Each host can be configured to store a backup on the NAS using restic. The backups are synchronized once a day to rsync.net. * restic For backups I'm using [[https://restic.readthedocs.io/][restic]]. @@ -189,9 +185,3 @@ $ sudo ls -l /tmp/this-is-a-test/data/containers/traefik total 4 drwxrwxr-x 2 root root 4096 Nov 6 2020 config #+end_src -* rclone / GCP -Backups are exported off-site to some GCS buckets, using [[https://rclone.org/][rclone]]. - -=restic= snapshots are exported to this [[https://console.cloud.google.com/storage/browser/fcuny-restic;tab=objects?forceOnBucketsSortingFiltering=false&project=fcuny-backups][bucket]], while our music collection is stored in this [[https://console.cloud.google.com/storage/browser/fcuny-music;tab=objects?forceOnBucketsSortingFiltering=false&project=fcuny-backups&prefix=&forceOnObjectsSortingFiltering=false][one]]. - -The timer for the backup can be found in [[file:~/workspace/infrastructure/puppet/site-modules/backup/manifests/service.pp][service.pp]]. All the configuration bits for =rclone= are parts of the unit file for the backups. diff --git a/hosts/tahoe/secrets/rclone/config.ini.age b/hosts/tahoe/secrets/rclone/config.ini.age Binary files differdeleted file mode 100644 index 26857bc..0000000 --- a/hosts/tahoe/secrets/rclone/config.ini.age +++ /dev/null diff --git a/hosts/tahoe/secrets/rclone/gcs_service_account.json.age b/hosts/tahoe/secrets/rclone/gcs_service_account.json.age Binary files differdeleted file mode 100644 index 57926a6..0000000 --- a/hosts/tahoe/secrets/rclone/gcs_service_account.json.age +++ /dev/null diff --git a/hosts/tahoe/secrets/secrets.nix b/hosts/tahoe/secrets/secrets.nix index 4325195..34b955b 100644 --- a/hosts/tahoe/secrets/secrets.nix +++ b/hosts/tahoe/secrets/secrets.nix @@ -31,8 +31,5 @@ in "restic/repo-systems.age".publicKeys = all; "rsync.net/ssh-key.age".publicKeys = all; - "rclone/config.ini.age".publicKeys = all; - "rclone/gcs_service_account.json.age".publicKeys = all; - "sendsms/config.age".publicKeys = all; } diff --git a/modules/services/default.nix b/modules/services/default.nix index e4f6e37..4966ed7 100644 --- a/modules/services/default.nix +++ b/modules/services/default.nix @@ -12,7 +12,6 @@ ./navidrome ./nginx ./pcscd - ./rclone ./samba ./sendsms ./ssh-server diff --git a/modules/services/rclone/default.nix b/modules/services/rclone/default.nix deleted file mode 100644 index cbef0c3..0000000 --- a/modules/services/rclone/default.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ config, pkgs, lib, ... }: -let - cfg = config.my.services.rclone; - secrets = config.age.secrets; -in -{ - options.my.services.rclone = with lib; { - enable = mkEnableOption "rclone backup service"; - }; - - config = lib.mkIf cfg.enable { - systemd = { - packages = [ pkgs.rclone ]; - timers.rclone-sync = { - description = "synchronize restic repository to GCS"; - wantedBy = [ "timers.target" ]; - partOf = [ "rclone-sync.service" ]; - timerConfig = { OnCalendar = "02:00"; }; - }; - services.rclone-sync = { - description = "synchronize restic repository to GCS"; - serviceConfig = - let - rcloneOptions = "--config=${ - secrets."rclone/config.ini".path - } --gcs-service-account-file=${ - secrets."rclone/gcs_service_account.json".path - } --fast-list --verbose"; - in - { - Type = "oneshot"; - ExecStart = [ - "${pkgs.rclone}/bin/rclone ${rcloneOptions} sync /data/slow/backups/systems gbackup:fcuny-backups-systems" - "${pkgs.rclone}/bin/rclone ${rcloneOptions} sync /data/slow/backups/users gbackup:fcuny-backups-users" - ]; - }; - }; - }; - }; -} |