diff options
author | Vincent Ambo <mail@tazj.in> | 2020-08-01T16·56+0100 |
---|---|---|
committer | tazjin <mail@tazj.in> | 2020-08-01T21·50+0000 |
commit | 09b3d200318c581375bea411b3753cf3d15dcf0a (patch) | |
tree | 7deeb306b43b54089187208fb5407c1b5fa030a7 | |
parent | f7a85c5060301bcbd2fb71881de8b65226cacd81 (diff) |
feat(whitby): Include PostgreSQL dumps in Restic backups r/1531
Changes the restic backup service to run as root, rather than git, and include the PostgreSQL dumps in its scope. The on-machine credentials have already been placed in the right location in /var/backup/restic Fixes: 27 Change-Id: Iae76357442f07596a2297ce7b6d51aae392d2074 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1541 Reviewed-by: kanepyork <rikingcoding@gmail.com> Reviewed-by: glittershark <grfn@gws.fyi> Tested-by: BuildkiteCI
-rw-r--r-- | ops/nixos/whitby/default.nix | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/ops/nixos/whitby/default.nix b/ops/nixos/whitby/default.nix index 7eb85e5e800c..899dee0971e1 100644 --- a/ops/nixos/whitby/default.nix +++ b/ops/nixos/whitby/default.nix @@ -286,17 +286,16 @@ in lib.fix(self: { }; }; - # Regularly back up Gerrit to Google Cloud Storage. - systemd.services.restic-gerrit = { - description = "Gerrit backups to Google Cloud Storage"; - script = "${nixpkgs.restic}/bin/restic backup /var/lib/gerrit"; - serviceConfig.User = "git"; + # Regularly back up whitby to Google Cloud Storage. + systemd.services.restic = { + description = "Backups to Google Cloud Storage"; + script = "${nixpkgs.restic}/bin/restic backup /var/lib/gerrit /var/backup/postgresql"; environment = { GOOGLE_PROJECT_ID = "tazjins-infrastructure"; - GOOGLE_APPLICATION_CREDENTIALS = "/var/lib/git/restic/gcp-key.json"; + GOOGLE_APPLICATION_CREDENTIALS = "/var/backup/restic/gcp-key.json"; RESTIC_REPOSITORY = "gs:tvl-fyi-backups:/whitby"; - RESTIC_PASSWORD_FILE = "/var/lib/git/restic/secret"; + RESTIC_PASSWORD_FILE = "/var/backup/restic/secret"; RESTIC_EXCLUDE_FILE = builtins.toFile "exclude-files" '' /var/lib/gerrit/tmp ''; |