feat(whitby): Configure Gerrit backups on whitby
Change-Id: I84245fb809725853a301f217cdb11eacc1984cae Reviewed-on: https://cl.tvl.fyi/c/depot/+/1103 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
This commit is contained in:
parent
e035c46c6e
commit
356dde149f
1 changed files with 22 additions and 0 deletions
|
@ -220,6 +220,28 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
# Regularly back up Gerrit to Google Cloud Storage.
|
||||
systemd.services.restic-gerrit = {
|
||||
description = "Gerrit backups to Google Cloud Storage";
|
||||
script = "${nixpkgs.restic}/bin/restic backup /var/lib/gerrit";
|
||||
serviceConfig.User = "git";
|
||||
|
||||
environment = {
|
||||
GOOGLE_PROJECT_ID = "tazjins-infrastructure";
|
||||
GOOGLE_APPLICATION_CREDENTIALS = "/var/lib/git/restic/gcp-key.json";
|
||||
RESTIC_REPOSITORY = "gs:tvl-fyi-backups:/whitby";
|
||||
RESTIC_PASSWORD_FILE = "/var/lib/git/restic/secret";
|
||||
RESTIC_EXCLUDE_FILE = builtins.toFile "exclude-files" ''
|
||||
/var/lib/gerrit/tmp
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
systemd.timers.restic-gerrit = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
timerConfig.OnCalendar = "hourly";
|
||||
};
|
||||
|
||||
security.sudo.extraRules = [
|
||||
{
|
||||
groups = ["wheel"];
|
||||
|
|
Loading…
Reference in a new issue