From e19100f856459d2e66499470236d649e5d7777db Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Fri, 20 Dec 2024 23:26:28 +0100 Subject: [PATCH] feat(django-apps): Add automatic backup --- machines/nixos/web03/secrets/bupstash-put_key | Bin 0 -> 2370 bytes machines/nixos/web03/secrets/secrets.nix | 1 + modules/nixos/dgn-backups/default.nix | 12 ++++++-- modules/nixos/dgn-backups/keys/secrets.nix | 1 + modules/nixos/dgn-backups/keys/web03.key | 28 ++++++++++++++++++ modules/nixos/django-apps/default.nix | 9 ++++++ 6 files changed, 49 insertions(+), 2 deletions(-) create mode 100644 machines/nixos/web03/secrets/bupstash-put_key create mode 100644 modules/nixos/dgn-backups/keys/web03.key diff --git a/machines/nixos/web03/secrets/bupstash-put_key b/machines/nixos/web03/secrets/bupstash-put_key new file mode 100644 index 0000000000000000000000000000000000000000..2588a3f688d89002c02905795861f1bf273a0416 GIT binary patch literal 2370 zcmZY9`@7SG9R_eNPOuymadPuQ1t){-m|oJP;c}p9(==_8Hoc}*#3pUiCcP$Un|5#z zl$(r+It7ut;3Eu}hane{qcFCk6ZMFkae4HC=_zU|BKF{}k-uIgn z)2->Epft)_u2g)aq=;b6Y-nvWs%o}1owC?$X4EK=TqfW!s;Dd%bPNL+!0Szg#bUA& zq4=T@0CYhVEu=?4DDi7!YF6UgAKQ-;|n z;Ztwc*nAK}StGB?1s|WXv8Ia1)8vv~Y z%>?s#EN&P0WUL;?%K5583MDLcgJOsCT+mEI{!9px!~Sq8=@RjHp_H_AsBD55$1rV;*2o@qB8B~ab!K}%+Xty`Kd`$_)V$6-!RH|^m~Lvgq{P$jyOP@UZD-%@jnD8!I7V4i0Qad9uk-37@K0_(EPR1+&GF>~S&) zKvWdcrR9>4C>pei1p@&hMEFHE=gN>Hhx^_w*>p(BiF z4Ck{JQ!NN1MF;^rq%%or;ie@NCq+#RB>+K}8jUQSc9n{dAxBWwR4ilR>kJda;Bd~G zqf0acB4wP@;CLpcnF5Gdp;_$zR>DUlDJL4u%^Qf0)B|S8q1(LzCOG{%0#tD)pMxyA zHxsf^8Oc+QhG~PBv!T8khz51upCTG|MnGxYO^}szQck2GDFZum1qyKHedNuzMcGi2 zsT*agz&6OTQ;|}H#+2-3CU2urN~P7Nxqv5m+ySF_+Mzq64g&>oIojiGHtAw1=~C-% zwFXqvsuhak0m{l&Z3*1YWi&gF|1U`)SF^N=N;;{gjh^xJ_>gg&T#L9ZS(|aXC21@s zoSNG*rEaj3S-|2I@^;B3kaV!-hmvXn3nK{*!?F+%DALu4>UCMkimW%iHCTBhUk6mB+NDKS6d+&gIo*v>GP#wAA<=IJg(28GtaOL$Od$zFK z*tR(bacam19dmou{yuqm)`|0jZ`rx+H{ma?ZKs}GG~lPVbDdL<_U6Or*KBSJBNSGF zqn}$Fe{=b{?q!F%HVwZfY&(2;Qp<+jgNBtiw4aKNKC%gJTldX`_qz{W9c*pu?tZv! zz|iaCTONM$Yv9@0W9GTOOkI9`>eP!91HFH2xwP?AVD5plUv+%_UdO;)ULQAo!u9E& zPn4#-0v|Z`)DqvQ1)XiZ51a+2JpOdgoLLiFPyBezR{ZYF)F-;9{9z(8yMO0{(7y7e zrH|jc=J^Z0U9R1y?|i=9zbBp_v>V&^?wFCszx?df?~3;y`Ek$F(Yf94GbWbbXb%@?{>I^b-nso3VT{JynK{C*n7gp6_ES^-`OVr@&wTsSb2EmW7ALJ|E^Qss z-LWH*>N9rZo=x2kcuI5j{j_?KuXYH$x-|djncQ#xIvm}yaXsB~x@!Y7Z0VR!4o}!2 z_5GLedVI;bXIeYffRq1oZq%YFD|H`oVEn9;`{!RCxOglz>%`(f*Uqg6UfMtGpkw`| zGJN;4#_b1@z27-{MlD+EnY4Sy!X+u`F5-^$<905YHuF>Knb)?z@Mi=+K6K K#S=EKd-cED=$RY< literal 0 HcmV?d00001 diff --git a/machines/nixos/web03/secrets/secrets.nix b/machines/nixos/web03/secrets/secrets.nix index 76fa329..de57072 100644 --- a/machines/nixos/web03/secrets/secrets.nix +++ b/machines/nixos/web03/secrets/secrets.nix @@ -4,6 +4,7 @@ (import ../../../../keys).mkSecrets [ "web03" ] [ # List of secrets for web03 + "bupstash-put_key" "dj_annuaire-secret_key_file" "dj_bocal-secret_key_file" "dj_ernestophone-secret_key_file" diff --git a/modules/nixos/dgn-backups/default.nix b/modules/nixos/dgn-backups/default.nix index e79f076..c990a70 100644 --- a/modules/nixos/dgn-backups/default.nix +++ b/modules/nixos/dgn-backups/default.nix @@ -11,7 +11,12 @@ }: let - inherit (lib) mkEnableOption mkOption remove; + inherit (lib) + getExe' + mkEnableOption + mkOption + remove + ; inherit (lib.types) attrs @@ -34,6 +39,7 @@ let compute01 = "*-*-* *:38:00"; storage01 = "*-*-* *:21:00"; web01 = "*-*-* *:47:00"; + web03 = "*-*-* *:13:00"; }; mkJobs = builtins.mapAttrs ( @@ -93,7 +99,7 @@ in "${db}-db".settings = { user = "postgres"; command = [ - "${lib.getExe' config.services.postgresql.package "pg_dump"}" + (getExe' config.services.postgresql.package "pg_dump") db ]; }; @@ -113,6 +119,8 @@ in "storage01" "vault01" "web01" + "web02" + "web03" ]; allowed = [ "put" ]; } diff --git a/modules/nixos/dgn-backups/keys/secrets.nix b/modules/nixos/dgn-backups/keys/secrets.nix index 80d24d3..6227cb5 100644 --- a/modules/nixos/dgn-backups/keys/secrets.nix +++ b/modules/nixos/dgn-backups/keys/secrets.nix @@ -6,4 +6,5 @@ "compute01.key" "storage01.key" "web01.key" + "web03.key" ] diff --git a/modules/nixos/dgn-backups/keys/web03.key b/modules/nixos/dgn-backups/keys/web03.key new file mode 100644 index 0000000..4c4b88a --- /dev/null +++ b/modules/nixos/dgn-backups/keys/web03.key @@ -0,0 +1,28 @@ +age-encryption.org/v1 +-> ssh-ed25519 jIXfPA CuALmA0MhxnWOn91YhtxAyn1h3xkoiuRoo4Ew1Eu32Q +TRZxY9rF3NM9ulaA6s6SUetVcLT0He9yGaDZ38T9F6A +-> ssh-ed25519 QlRB9Q TNA65R5tFs+KXJklNgfPPF12W52Fk6w7epstVzk9Ojw +SD3IW1+ngBUkbBJz+53zDFVhne6b5rfVi2ym0UjTwLM +-> ssh-ed25519 r+nK/Q b67auhVkYiVwthLGP3z719Ql/kHZQbxuJJgL7NzZiVc +kl0ML0yd+QqBm9VZwMcMrZ8uuQkbJySaa9kI4RQFOak +-> ssh-rsa krWCLQ +NfHVOPshS0CR3ATrPcYAAiX/kAbgqw6mEVhxdTnvbWa8cPpblUpO/gm4UqW2vP0Q +XUfvOCgH6ur3joLf/NylqwZ0UkQhmNj2hu8cOtjC4KgTohkMkZZmHlFKM9e3PuSS +ZMx0GraugdTUD/ViCplwVxFPBUUblLcAuYx/BcV1hTb0ctbN9afi8DVzuSxoalDj +Jy1UakJU0OwguB+ctv9kZcyLyV7zjchiq+dAoIDvkw0Z9bTCz7xhQ6uXAE7ahp3H +rvycD/ZkK7h6yhg78x2lIBHP3sPaY3DFMFW9bDLtHYox22RVcm6/7oPbv0hTQ8ob +n4Q7MWPF4vL1Xz9zyksetQ +-> ssh-ed25519 /vwQcQ YvQmf/qYc6DVQT0gFPGuakvgDg/A76tor3f0+nTjbH4 +lMQoOb/kimcsSmNnUsUW7XmVdhLMee/s4NACiKi0Xls +-> ssh-ed25519 0R97PA LzA+wuKlE3cEOpvGEW29/rx3qCU1X32F8HwJNic2Glg +VOBmCcrtGrUk3ERWJL4QszdDtJrfoI/f1xA+X+a+PQk +-> ssh-ed25519 JGx7Ng MIxNmk0eTtCUMHiWzklS2zNWdf16EHeOtere8cRoNSk +X+gf1Ts9n2U+h6a0herR+WuiRXFS5BhicGKxpHQtQzM +-> ssh-ed25519 bUjjig uSweFovyFxnz7Pqc/MCEE5/ZKgEblqs8xb1Ni+qrhS0 +AUhBDt7YN4x6k34g7mERYbn7rPVPZMmVvmZD668blRs +-> m-grease \ %nhHA<} +KhUslr0J28p4r62y0bCKOg2jGOx6M7deQ9Y8gfQ9oi7WYiEygoMghWdUP0lnzh3i +a+rpJNPtRCIFScDWMazSvnmN6y5Y7W3dmOgLH8aN +--- +/Cw6vq7b3Kn4D3/ogaSPxfxHBF0YxLXTxiskuD0vHg +NUb!D~ҁAൟ1,e;y)N$ԖNO]9C_l{ ΄'-q<Ȱ:Mկ%q "۪AMh,i쐦S9yp&r /Âl!.o A{#t4eA-F9+"e7pNB˶OݟOI kDZ=PqQ GBOjhH+XLάP 4X$yxo Ɩ܈]â_ \M7m.BylCr-H Muu+X}ogg.̊G/$LXzBⅾsDK>e~2+W–qϢPSRID {"jDɟ9ȏ= S=HtHbs+T0O:}mp +zDċǧmS8ap2ޔ dSrz v#ΜsՉ 0MfA% ֳD뉆PdrXIWHG\I8_L8 1MMz)${M{S|b=k*O {z2:6}#>_-$ǪVp(" WU[>>0Qh-]ކr;d&Tv-i]$$aE94`Н=!p[qϛ?U/k w^ZIJGli葅4CbF+!t\t1c S~+wѷ[5j g6&o \ No newline at end of file diff --git a/modules/nixos/django-apps/default.nix b/modules/nixos/django-apps/default.nix index 60f6eda..eccd91f 100644 --- a/modules/nixos/django-apps/default.nix +++ b/modules/nixos/django-apps/default.nix @@ -732,5 +732,14 @@ in ) config.extraServices) ) cfg.sites); }; + + dgn-backups = { + jobs = mapAttrs' ( + name: _: nameValuePair "dj-${name}" { settings.paths = [ "/var/lib/django-apps/${name}" ]; } + ) cfg.sites; + postgresDatabases = builtins.map (name: "dj-${name}") ( + attrNames (filterAttrs (_: { dbType, ... }: dbType == "postgresql") cfg.sites) + ); + }; }; }