blob: f9906f1e4f1d2200823ac21e509d905f9c8bde93 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
* General
Backups are managed with =restic= and are stored locally and also on a Google Cloud Storage Bucket. These are two different backups, they are executed at different time, and there should be no assumptions that they are identical.
There's a single password for all the repositories, it's managed with =agenix=, and the file is under secrets (=restic_password.age=).
** Remote backup
Access to the bucket is managed via service account. Each machine has its own repository.
The service account key is stored in JSON and also encrypted with =agenix=.
| bucket | [[https://console.cloud.google.com/storage/browser/fcuny-infra-backups;tab=objects?forceOnBucketsSortingFiltering=true&hl=en&inv=1&invt=Ab2J4Q&project=fcuny-infra&prefix=&forceOnObjectsSortingFiltering=false][fcuny-infra-backups]] |
| project | fcuny-infra |
| service account | [[https://console.cloud.google.com/iam-admin/serviceaccounts/details/118261378048653759345?inv=1&invt=Ab2J-w&project=fcuny-infra&supportedpurview=project][restic]] |
* Managing backups
The path to the repository and the password file are exported as environment variables, to make it easier to interact with the backups.
|
