Adding automatic backups via restic and backblaze.

2025-09-15 10:49:10 -07:00
parent 5452c76ecb
commit 134e12d272
4 changed files with 36 additions and 1 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -17,6 +17,9 @@ app

 apps.config

+restic-env
+restic-password
+
 # generated files
 all-apps/lb/Caddyfile
 all-apps/nextcloud/nextcloud.env
--- a/3
+++ b/3
@@ -40,7 +40,7 @@ all-apps/nextcloud/postgres_user \
 all-apps/nextcloud/postgres_password \
 all-apps/nextcloud/redis_password \
 all-apps/nextcloud/nextcloud.env
-	cat cl.yaml | sudo docker run --rm --volume /home/tjhintz/.ssh/id_rsa.pub:/pwd/ssh-keys --volume ${PWD}:/pwd --workdir /pwd -i quay.io/coreos/butane:latest -d /pwd > ignition.json
+	cat cl.yaml | docker run --rm --volume /home/tjhintz/.ssh/id_rsa.pub:/pwd/ssh-keys --volume ${PWD}:/pwd --workdir /pwd -i quay.io/coreos/butane:latest -d /pwd > ignition.json

 generated.tfvars: apps.config make-generated.sh
 	./make-generated.sh > generated.tfvars
@@ -63,3 +63,4 @@ flatcarbuild: ignition.json

 flatcarrun:
 	./flatcar/flatcar_production_qemu.sh -i ignition.json
+
--- a/cl.yaml
+++ b/cl.yaml
@@ -22,6 +22,29 @@ systemd:
    - name: app.service
      enabled: true
      contents_local: app/app.service
+    - name: restic-backup.service
+      contents: |
+        [Unit]
+        Description=Backs up application data
+        Conflicts=app.service
+
+        [Service]
+        Type=oneshot
+        EnvironmentFile=/restic-env
+        ExecStart=/usr/bin/bash -c "docker run --rm --volume /nassella:/nassella --volume /restic-password:/restic-password -e AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} -e AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} -i restic/restic:0.18.0 backup --verbose --repo s3:s3.us-west-004.backblazeb2.com/nassella-test-bucket --password-file /restic-password /nassella"
+        ExecStopPost=systemctl start app.service
+
+    - name: restic-backup.timer
+      contents: |
+        [Unit]
+        Description=Run restic-backup.service at 3am PT
+
+        [Timer]
+        OnCalendar=*-*-* 10:00:00
+
+        [Install]
+        WantedBy=multi-user.target
+
    ### docker-compose sysext
    ### https://flatcar.github.io/sysext-bakery/docker_compose/
    - name: systemd-sysupdate.timer
@@ -63,6 +86,12 @@ storage:
    - path: /app
      local: app
  files:
+    - path: /restic-password
+      contents:
+        local: restic-password
+    - path: /restic-env
+      contents:
+        local: restic-env
    ### docker-compose sysext
    ### https://flatcar.github.io/sysext-bakery/docker_compose/
    - path: /opt/extensions/docker-compose/docker-compose-2.34.0-x86-64.raw
--- a/restic-env.tmpl
+++ b/restic-env.tmpl
@@ -0,0 +1,2 @@
+AWS_ACCESS_KEY_ID=""
+AWS_SECRET_ACCESS_KEY=""