diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/backups.org | 13 | ||||
| -rw-r--r-- | docs/dns.org | 7 | ||||
| -rw-r--r-- | docs/tofu.org | 15 |
3 files changed, 1 insertions, 34 deletions
diff --git a/docs/backups.org b/docs/backups.org index f9906f1..d636006 100644 --- a/docs/backups.org +++ b/docs/backups.org @@ -1,15 +1,4 @@ * General -Backups are managed with =restic= and are stored locally and also on a Google Cloud Storage Bucket. These are two different backups, they are executed at different time, and there should be no assumptions that they are identical. +Backups are managed with =restic= and are stored on the NAS. There's a single password for all the repositories, it's managed with =agenix=, and the file is under secrets (=restic_password.age=). -** Remote backup -Access to the bucket is managed via service account. Each machine has its own repository. - -The service account key is stored in JSON and also encrypted with =agenix=. - -| bucket | [[https://console.cloud.google.com/storage/browser/fcuny-infra-backups;tab=objects?forceOnBucketsSortingFiltering=true&hl=en&inv=1&invt=Ab2J4Q&project=fcuny-infra&prefix=&forceOnObjectsSortingFiltering=false][fcuny-infra-backups]] | -| project | fcuny-infra | -| service account | [[https://console.cloud.google.com/iam-admin/serviceaccounts/details/118261378048653759345?inv=1&invt=Ab2J-w&project=fcuny-infra&supportedpurview=project][restic]] | - -* Managing backups -The path to the repository and the password file are exported as environment variables, to make it easier to interact with the backups. diff --git a/docs/dns.org b/docs/dns.org index 1972f5f..f04ec0d 100644 --- a/docs/dns.org +++ b/docs/dns.org @@ -1,10 +1,3 @@ * Cloudflare ** fcuny.net To access the console: https://dash.cloudflare.com/2c659eeaf2ae9a0206c589c706b3748e/fcuny.net - -The records are managed with =tofu=, and I use =nix= to manage the records. To apply the changes, first run =nix run .#tf -- plan= to see the changes, then =nix run .#tf -- apply= if they look correct. - -To renew API token: https://dash.cloudflare.com/profile/api-tokens -The token should: -- be able to edit zone DNS -- limited to the domain =fcuny.net= diff --git a/docs/tofu.org b/docs/tofu.org deleted file mode 100644 index 5747f9e..0000000 --- a/docs/tofu.org +++ /dev/null @@ -1,15 +0,0 @@ -* Tofu/terranix - -I use terranix to manage some configurations with terraform/tofu. - -I usually start by cleaning the working directory: -#+begin_src shell -rm -rf .terraform* -#+end_src - -Then we can =init=, =plan=, and =build=: -#+begin_src shell -nix run .#tf -- init -nix run .#tf -- plan -nix run .#tf -- build -#+end_src |