Add retention policy for restic.
This commit is contained in:
2
Makefile
2
Makefile
@@ -80,6 +80,7 @@ restic-env \
|
||||
restic-password \
|
||||
restic-restore.sh \
|
||||
restic-snapshot.sh \
|
||||
restic-scheduled-snapshot.sh \
|
||||
app/.env \
|
||||
$(config_dir)ssh-keys \
|
||||
app.tar.gz
|
||||
@@ -127,6 +128,7 @@ archive:
|
||||
echo ")" >> all-apps/root-napp.scm
|
||||
tar -cf nassella-latest.tar all-apps cl.yaml init-restic.sh main.tf make-caddyfile-env.sh make-top-level-docker-compose.sh Makefile \
|
||||
make-generated.sh make-restic-generated.sh make-restic-password.sh restic-snapshots.sh copy-apps.sh restic-restore.sh restic-snapshot.sh \
|
||||
restic-scheduled-snapshot.sh \
|
||||
.terraform.lock.hcl
|
||||
cp nassella-latest.tar src/
|
||||
|
||||
|
||||
6
cl.yaml
6
cl.yaml
@@ -65,7 +65,7 @@ systemd:
|
||||
[Service]
|
||||
Type=oneshot
|
||||
EnvironmentFile=/restic-env
|
||||
ExecStart=/usr/bin/bash -c "docker run --rm --volume /nassella:/nassella --volume /restic-password:/restic-password -e AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} -e AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} -i restic/restic:0.18.0 backup --verbose --repo s3:${BACKBLAZE_BUCKET_URL} --password-file /restic-password --tag daily_automatic /nassella"
|
||||
ExecStart=/restic-scheduled-snapshot.sh
|
||||
ExecStopPost=systemctl start app.service
|
||||
|
||||
- name: restic-backup.timer
|
||||
@@ -152,6 +152,10 @@ storage:
|
||||
mode: 0755
|
||||
contents:
|
||||
local: restic-snapshot.sh
|
||||
- path: /restic-scheduled-snapshot.sh
|
||||
mode: 0755
|
||||
contents:
|
||||
local: restic-scheduled-snapshot.sh
|
||||
- path: /etc/ssh/sshd_config.d/custom.conf
|
||||
overwrite: true
|
||||
mode: 0600
|
||||
|
||||
22
restic-scheduled-snapshot.sh
Executable file
22
restic-scheduled-snapshot.sh
Executable file
@@ -0,0 +1,22 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Copyright 2025-2026 Thomas Hintz
|
||||
|
||||
# This file is part of Nassella.
|
||||
|
||||
# Nassella is free software: you can redistribute it and/or modify it under the
|
||||
# terms of the GNU Affero General Public License as published by the Free
|
||||
# Software Foundation, either version 3 of the License, or (at your option) any
|
||||
# later version.
|
||||
|
||||
# Nassella is distributed in the hope that it will be useful, but WITHOUT ANY
|
||||
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
||||
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with Nassella. If not, see <https://www.gnu.org/licenses/>.
|
||||
|
||||
docker run --rm --volume /nassella:/nassella --volume /restic-password:/restic-password -e AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} -e AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} -i restic/restic:0.18.0 backup --verbose --repo s3:${BACKBLAZE_BUCKET_URL} --password-file /restic-password --tag daily_automatic /nassella
|
||||
|
||||
# only keep one snapshot per day for the last week and one snapshot per month for the last 3 months
|
||||
docker run --rm --volume /nassella:/nassella --volume /restic-password:/restic-password -e AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} -e AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} -i restic/restic:0.18.0 forget --tag daily_automatic --keep-daily 7 --keep-monthly 3 --verbose --repo s3:${BACKBLAZE_BUCKET_URL} --password-file /restic-password /nassella
|
||||
Reference in New Issue
Block a user