diff --git a/machines/nixos/web03/secrets/bupstash-put_key b/machines/nixos/web03/secrets/bupstash-put_key new file mode 100644 index 0000000..2588a3f Binary files /dev/null and b/machines/nixos/web03/secrets/bupstash-put_key differ diff --git a/machines/nixos/web03/secrets/secrets.nix b/machines/nixos/web03/secrets/secrets.nix index 76fa329..de57072 100644 --- a/machines/nixos/web03/secrets/secrets.nix +++ b/machines/nixos/web03/secrets/secrets.nix @@ -4,6 +4,7 @@ (import ../../../../keys).mkSecrets [ "web03" ] [ # List of secrets for web03 + "bupstash-put_key" "dj_annuaire-secret_key_file" "dj_bocal-secret_key_file" "dj_ernestophone-secret_key_file" diff --git a/modules/nixos/dgn-backups/default.nix b/modules/nixos/dgn-backups/default.nix index e79f076..c990a70 100644 --- a/modules/nixos/dgn-backups/default.nix +++ b/modules/nixos/dgn-backups/default.nix @@ -11,7 +11,12 @@ }: let - inherit (lib) mkEnableOption mkOption remove; + inherit (lib) + getExe' + mkEnableOption + mkOption + remove + ; inherit (lib.types) attrs @@ -34,6 +39,7 @@ let compute01 = "*-*-* *:38:00"; storage01 = "*-*-* *:21:00"; web01 = "*-*-* *:47:00"; + web03 = "*-*-* *:13:00"; }; mkJobs = builtins.mapAttrs ( @@ -93,7 +99,7 @@ in "${db}-db".settings = { user = "postgres"; command = [ - "${lib.getExe' config.services.postgresql.package "pg_dump"}" + (getExe' config.services.postgresql.package "pg_dump") db ]; }; @@ -113,6 +119,8 @@ in "storage01" "vault01" "web01" + "web02" + "web03" ]; allowed = [ "put" ]; } diff --git a/modules/nixos/dgn-backups/keys/secrets.nix b/modules/nixos/dgn-backups/keys/secrets.nix index 80d24d3..6227cb5 100644 --- a/modules/nixos/dgn-backups/keys/secrets.nix +++ b/modules/nixos/dgn-backups/keys/secrets.nix @@ -6,4 +6,5 @@ "compute01.key" "storage01.key" "web01.key" + "web03.key" ] diff --git a/modules/nixos/dgn-backups/keys/web03.key b/modules/nixos/dgn-backups/keys/web03.key new file mode 100644 index 0000000..4c4b88a --- /dev/null +++ b/modules/nixos/dgn-backups/keys/web03.key @@ -0,0 +1,28 @@ +age-encryption.org/v1 +-> ssh-ed25519 jIXfPA CuALmA0MhxnWOn91YhtxAyn1h3xkoiuRoo4Ew1Eu32Q +TRZxY9rF3NM9ulaA6s6SUetVcLT0He9yGaDZ38T9F6A +-> ssh-ed25519 QlRB9Q TNA65R5tFs+KXJklNgfPPF12W52Fk6w7epstVzk9Ojw +SD3IW1+ngBUkbBJz+53zDFVhne6b5rfVi2ym0UjTwLM +-> ssh-ed25519 r+nK/Q b67auhVkYiVwthLGP3z719Ql/kHZQbxuJJgL7NzZiVc +kl0ML0yd+QqBm9VZwMcMrZ8uuQkbJySaa9kI4RQFOak +-> ssh-rsa krWCLQ +NfHVOPshS0CR3ATrPcYAAiX/kAbgqw6mEVhxdTnvbWa8cPpblUpO/gm4UqW2vP0Q +XUfvOCgH6ur3joLf/NylqwZ0UkQhmNj2hu8cOtjC4KgTohkMkZZmHlFKM9e3PuSS +ZMx0GraugdTUD/ViCplwVxFPBUUblLcAuYx/BcV1hTb0ctbN9afi8DVzuSxoalDj +Jy1UakJU0OwguB+ctv9kZcyLyV7zjchiq+dAoIDvkw0Z9bTCz7xhQ6uXAE7ahp3H +rvycD/ZkK7h6yhg78x2lIBHP3sPaY3DFMFW9bDLtHYox22RVcm6/7oPbv0hTQ8ob +n4Q7MWPF4vL1Xz9zyksetQ +-> ssh-ed25519 /vwQcQ YvQmf/qYc6DVQT0gFPGuakvgDg/A76tor3f0+nTjbH4 +lMQoOb/kimcsSmNnUsUW7XmVdhLMee/s4NACiKi0Xls +-> ssh-ed25519 0R97PA LzA+wuKlE3cEOpvGEW29/rx3qCU1X32F8HwJNic2Glg +VOBmCcrtGrUk3ERWJL4QszdDtJrfoI/f1xA+X+a+PQk +-> ssh-ed25519 JGx7Ng MIxNmk0eTtCUMHiWzklS2zNWdf16EHeOtere8cRoNSk +X+gf1Ts9n2U+h6a0herR+WuiRXFS5BhicGKxpHQtQzM +-> ssh-ed25519 bUjjig uSweFovyFxnz7Pqc/MCEE5/ZKgEblqs8xb1Ni+qrhS0 +AUhBDt7YN4x6k34g7mERYbn7rPVPZMmVvmZD668blRs +-> m-grease \ %nhHA<} +KhUslr0J28p4r62y0bCKOg2jGOx6M7deQ9Y8gfQ9oi7WYiEygoMghWdUP0lnzh3i +a+rpJNPtRCIFScDWMazSvnmN6y5Y7W3dmOgLH8aN +--- +/Cw6vq7b3Kn4D3/ogaSPxfxHBF0YxLXTxiskuD0vHg +NUb!D~ҁAൟ1,e;y)N$ԖNO]9C_l{ ΄'-q<Ȱ:Mկ%q "۪AMh,i쐦S9yp&r /Âl!.o A{#t4eA-F9+"e7pNB˶OݟOI kDZ=PqQ GBOjhH+XLάP 4X$yxo Ɩ܈]â_ \M7m.BylCr-H Muu+X}ogg.̊G/$LXzBⅾsDK>e~2+W–qϢPSRID {"jDɟ9ȏ= S=HtHbs+T0O:}mp +zDċǧmS8ap2ޔ dSrz v#ΜsՉ 0MfA% ֳD뉆PdrXIWHG\I8_L8 1MMz)${M{S|b=k*O {z2:6}#>_-$ǪVp(" WU[>>0Qh-]ކr;d&Tv-i]$$aE94`Н=!p[qϛ?U/k w^ZIJGli葅4CbF+!t\t1c S~+wѷ[5j g6&o \ No newline at end of file diff --git a/modules/nixos/django-apps/default.nix b/modules/nixos/django-apps/default.nix index 60f6eda..eccd91f 100644 --- a/modules/nixos/django-apps/default.nix +++ b/modules/nixos/django-apps/default.nix @@ -732,5 +732,14 @@ in ) config.extraServices) ) cfg.sites); }; + + dgn-backups = { + jobs = mapAttrs' ( + name: _: nameValuePair "dj-${name}" { settings.paths = [ "/var/lib/django-apps/${name}" ]; } + ) cfg.sites; + postgresDatabases = builtins.map (name: "dj-${name}") ( + attrNames (filterAttrs (_: { dbType, ... }: dbType == "postgresql") cfg.sites) + ); + }; }; }