about summary refs log tree commit diff
path: root/ops/nixos/whitby
diff options
context:
space:
mode:
authorVincent Ambo <mail@tazj.in>2020-07-12T13·46+0100
committertazjin <mail@tazj.in>2020-07-12T14·11+0000
commit356dde149f9a15a4f801a582c5f029f3a9812937 (patch)
treea802bd4945a3f5a3a9e749de35f38c4c6b4cbfcd /ops/nixos/whitby
parente035c46c6ea0e0f8542fc119dd71ef8bd1887f76 (diff)
feat(whitby): Configure Gerrit backups on whitby r/1268
Change-Id: I84245fb809725853a301f217cdb11eacc1984cae
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1103
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
Diffstat (limited to 'ops/nixos/whitby')
-rw-r--r--ops/nixos/whitby/default.nix22
1 files changed, 22 insertions, 0 deletions
diff --git a/ops/nixos/whitby/default.nix b/ops/nixos/whitby/default.nix
index 4441c7d8dacd..9015efac1ce2 100644
--- a/ops/nixos/whitby/default.nix
+++ b/ops/nixos/whitby/default.nix
@@ -220,6 +220,28 @@ in {
     };
   };
 
+  # Regularly back up Gerrit to Google Cloud Storage.
+  systemd.services.restic-gerrit = {
+    description = "Gerrit backups to Google Cloud Storage";
+    script = "${nixpkgs.restic}/bin/restic backup /var/lib/gerrit";
+    serviceConfig.User = "git";
+
+    environment = {
+      GOOGLE_PROJECT_ID = "tazjins-infrastructure";
+      GOOGLE_APPLICATION_CREDENTIALS = "/var/lib/git/restic/gcp-key.json";
+      RESTIC_REPOSITORY = "gs:tvl-fyi-backups:/whitby";
+      RESTIC_PASSWORD_FILE = "/var/lib/git/restic/secret";
+      RESTIC_EXCLUDE_FILE = builtins.toFile "exclude-files" ''
+        /var/lib/gerrit/tmp
+      '';
+    };
+  };
+
+  systemd.timers.restic-gerrit = {
+    wantedBy = [ "multi-user.target" ];
+    timerConfig.OnCalendar = "hourly";
+  };
+
   security.sudo.extraRules = [
     {
       groups = ["wheel"];