From 93addfef26a6a40dcb8978823610ba3e009dc309 Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Mon, 7 Jul 2025 16:50:41 -0700
Subject: store backups locally and remotely

It might be useful to have a local backup so that I don't need to pull
it from the remote bucket. It is useful to be able to quickly browse and
see what's in the backup, and having to go to GCS for that is a waste of
resources.

Export environment variables to make it easier to interact with the
local repository.
---
 docs/backups.org | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

(limited to 'docs/backups.org')

diff --git a/docs/backups.org b/docs/backups.org
index 605ba55..f9906f1 100644
--- a/docs/backups.org
+++ b/docs/backups.org
@@ -1,13 +1,15 @@
 * General
-Backups are managed with =restic= and are stored directly to a Google Cloud Storage Bucket.
+Backups are managed with =restic= and are stored locally and also on a Google Cloud Storage Bucket. These are two different backups, they are executed at different time, and there should be no assumptions that they are identical.
 
-Access to the bucket is managed via service account.
+There's a single password for all the repositories, it's managed with =agenix=, and the file is under secrets (=restic_password.age=).
+** Remote backup
+Access to the bucket is managed via service account. Each machine has its own repository.
 
-Each machine has its own repository.
+The service account key is stored in JSON and also encrypted with =agenix=.
 
-There's a single password for all the repositories, it's managed with =agenix=, and the file is under secrets (=restic_password.age=). The service account key is stored in JSON and also encrypted with =agenix=.
+| bucket          | [[https://console.cloud.google.com/storage/browser/fcuny-infra-backups;tab=objects?forceOnBucketsSortingFiltering=true&hl=en&inv=1&invt=Ab2J4Q&project=fcuny-infra&prefix=&forceOnObjectsSortingFiltering=false][fcuny-infra-backups]] |
+| project         | fcuny-infra         |
+| service account | [[https://console.cloud.google.com/iam-admin/serviceaccounts/details/118261378048653759345?inv=1&invt=Ab2J-w&project=fcuny-infra&supportedpurview=project][restic]]              |
 
-|-----------------+----------------------|
-| bucket          | [[https://console.cloud.google.com/storage/browser/fcuny-backup/vm-synology/data/c1?pageState=(%22StorageObjectListTable%22:(%22f%22:%22%255B%255D%22))&inv=1&invt=Ab1hkA&project=fcuny-backups-464518&supportedpurview=project][fcuny-backup]]         |
-| project         | fcuny-backups-464518 |
-| service account | [[https://console.cloud.google.com/iam-admin/serviceaccounts?inv=1&invt=Ab1hkA&project=fcuny-backups-464518&supportedpurview=project][restic]]               |
+* Managing backups
+The path to the repository and the password file are exported as environment variables, to make it easier to interact with the backups.
-- 
cgit v1.2.3