feat(tazjin/camden): Regularly back up Gerrit to GCS

This configures a timer that will push hourly, incremental backups of
Gerrit's state (including repositories) to GCS.

The GCS bucket tvl-fyi-backups is an Archive-class bucket in the
tazjins-infrastructure project.

Change-Id: I3bb5b084d8dd929bc4c3e51ddfb524b78d9445cb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/397
Reviewed-by: glittershark <grfn@gws.fyi>
This commit is contained in:
Vincent Ambo 2020-06-16 02:09:22 +01:00 committed by tazjin
parent ef390b26ee
commit 929bb840a6

View file

@ -129,12 +129,14 @@ in lib.fix(self: {
curl
direnv
emacs26-nox
gnupg
git
gnupg
google-cloud-sdk
htop
jq
pass
pciutils
restic
ripgrep
]);
@ -460,5 +462,29 @@ in lib.fix(self: {
};
};
# Regularly back up Gerrit to Google Cloud Storage.
systemd.user.services.restic-gerrit = {
description = "Gerrit backups to Google Cloud Storage";
script = "${nixpkgs.restic}/bin/restic backup /var/lib/gerrit";
environment = {
RESTIC_REPOSITORY = "gs:tvl-fyi-backups:/camden";
RESTIC_PASSWORD_FILE = "%h/.config/restic/secret";
RESTIC_EXCLUDE_FILE = builtins.toFile "exclude-files" ''
/var/lib/gerrit/etc/secure.config
/var/lib/gerrit/etc/ssh_host_*_key
/var/lib/gerrit/etc/ssh_host_*_key
/var/lib/gerrit/etc/ssh_host_*_key
/var/lib/gerrit/etc/ssh_host_*_key
/var/lib/gerrit/etc/ssh_host_*_key
/var/lib/gerrit/tmp
'';
};
};
systemd.user.timers.restic-gerrit = {
wantedBy = [ "timers.target" ];
timerConfig.OnCalendar = "hourly";
};
system.stateVersion = "19.09";
})