diff options
| -rw-r--r-- | ops/nixos/whitby/default.nix | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/ops/nixos/whitby/default.nix b/ops/nixos/whitby/default.nix index 4441c7d8dacd..9015efac1ce2 100644 --- a/ops/nixos/whitby/default.nix +++ b/ops/nixos/whitby/default.nix @@ -220,6 +220,28 @@ in { }; }; + # Regularly back up Gerrit to Google Cloud Storage. + systemd.services.restic-gerrit = { + description = "Gerrit backups to Google Cloud Storage"; + script = "${nixpkgs.restic}/bin/restic backup /var/lib/gerrit"; + serviceConfig.User = "git"; + + environment = { + GOOGLE_PROJECT_ID = "tazjins-infrastructure"; + GOOGLE_APPLICATION_CREDENTIALS = "/var/lib/git/restic/gcp-key.json"; + RESTIC_REPOSITORY = "gs:tvl-fyi-backups:/whitby"; + RESTIC_PASSWORD_FILE = "/var/lib/git/restic/secret"; + RESTIC_EXCLUDE_FILE = builtins.toFile "exclude-files" '' + /var/lib/gerrit/tmp + ''; + }; + }; + + systemd.timers.restic-gerrit = { + wantedBy = [ "multi-user.target" ]; + timerConfig.OnCalendar = "hourly"; + }; + security.sudo.extraRules = [ { groups = ["wheel"]; |