feat(tazjin/camden): Regularly back up Gerrit to GCS
This configures a timer that will push hourly, incremental backups of Gerrit's state (including repositories) to GCS. The GCS bucket tvl-fyi-backups is an Archive-class bucket in the tazjins-infrastructure project. Change-Id: I3bb5b084d8dd929bc4c3e51ddfb524b78d9445cb Reviewed-on: https://cl.tvl.fyi/c/depot/+/397 Reviewed-by: glittershark <grfn@gws.fyi>
This commit is contained in:
parent
ef390b26ee
commit
929bb840a6
1 changed files with 27 additions and 1 deletions
|
@ -129,12 +129,14 @@ in lib.fix(self: {
|
|||
curl
|
||||
direnv
|
||||
emacs26-nox
|
||||
gnupg
|
||||
git
|
||||
gnupg
|
||||
google-cloud-sdk
|
||||
htop
|
||||
jq
|
||||
pass
|
||||
pciutils
|
||||
restic
|
||||
ripgrep
|
||||
]);
|
||||
|
||||
|
@ -460,5 +462,29 @@ in lib.fix(self: {
|
|||
};
|
||||
};
|
||||
|
||||
# Regularly back up Gerrit to Google Cloud Storage.
|
||||
systemd.user.services.restic-gerrit = {
|
||||
description = "Gerrit backups to Google Cloud Storage";
|
||||
script = "${nixpkgs.restic}/bin/restic backup /var/lib/gerrit";
|
||||
environment = {
|
||||
RESTIC_REPOSITORY = "gs:tvl-fyi-backups:/camden";
|
||||
RESTIC_PASSWORD_FILE = "%h/.config/restic/secret";
|
||||
RESTIC_EXCLUDE_FILE = builtins.toFile "exclude-files" ''
|
||||
/var/lib/gerrit/etc/secure.config
|
||||
/var/lib/gerrit/etc/ssh_host_*_key
|
||||
/var/lib/gerrit/etc/ssh_host_*_key
|
||||
/var/lib/gerrit/etc/ssh_host_*_key
|
||||
/var/lib/gerrit/etc/ssh_host_*_key
|
||||
/var/lib/gerrit/etc/ssh_host_*_key
|
||||
/var/lib/gerrit/tmp
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
systemd.user.timers.restic-gerrit = {
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig.OnCalendar = "hourly";
|
||||
};
|
||||
|
||||
system.stateVersion = "19.09";
|
||||
})
|
||||
|
|
Loading…
Reference in a new issue