Backup authentik
This commit is contained in:
parent
7359e37793
commit
017483b17d
2 changed files with 27 additions and 15 deletions
|
@ -23,6 +23,11 @@
|
|||
deploymentName = "database";
|
||||
deploymentNamespace = "nextcloud";
|
||||
};
|
||||
|
||||
authentik = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/authentik-db" "/mnt/longhorn/persistent/volumes/authentik-redis"];
|
||||
scaleDeployments = false;
|
||||
};
|
||||
};
|
||||
|
||||
deployment = {
|
||||
|
|
|
@ -9,6 +9,10 @@
|
|||
paths = lib.mkOption {
|
||||
type = with lib.types; listOf str;
|
||||
};
|
||||
scaleDeployments = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = true;
|
||||
};
|
||||
deploymentName = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
};
|
||||
|
@ -32,21 +36,7 @@ in {
|
|||
# TODO: should have some timeout and alerting?
|
||||
config = {
|
||||
services.borgbackup.jobs =
|
||||
lib.mapAttrs (name: c: {
|
||||
inherit (c) paths;
|
||||
repo = "ssh://w553a7cb@w553a7cb.repo.borgbase.com/./repo";
|
||||
startAt = "*-*-* 00:00:00";
|
||||
# TODO: low benefit, but we could set borgbase's host keys here as they are published online.
|
||||
environment.BORG_RSH = "ssh -i ${config.sops.secrets."borg/borgbasePrivateKey".path} -o StrictHostKeychecking=no";
|
||||
postHook = "${pkgs.k3s}/bin/kubectl scale deployment -n ${c.deploymentNamespace} ${c.deploymentName} --replicas=${toString c.replicaCount}";
|
||||
archiveBaseName = name;
|
||||
|
||||
prune.keep = {
|
||||
within = "7d";
|
||||
weekly = 4;
|
||||
monthly = 6;
|
||||
};
|
||||
|
||||
lib.mapAttrs (name: c: let
|
||||
preHook = ''
|
||||
${pkgs.k3s}/bin/kubectl scale deployment -n ${c.deploymentNamespace} ${c.deploymentName} --replicas=0
|
||||
|
||||
|
@ -55,6 +45,23 @@ in {
|
|||
sleep 2
|
||||
done
|
||||
'';
|
||||
postHook = "${pkgs.k3s}/bin/kubectl scale deployment -n ${c.deploymentNamespace} ${c.deploymentName} --replicas=${toString c.replicaCount}";
|
||||
in {
|
||||
inherit (c) paths;
|
||||
repo = "ssh://w553a7cb@w553a7cb.repo.borgbase.com/./repo";
|
||||
startAt = "*-*-* 00:00:00";
|
||||
# TODO: low benefit, but we could set borgbase's host keys here as they are published online.
|
||||
environment.BORG_RSH = "ssh -i ${config.sops.secrets."borg/borgbasePrivateKey".path} -o StrictHostKeychecking=no";
|
||||
postHook = lib.mkIf c.scaleDeployments postHook;
|
||||
archiveBaseName = name;
|
||||
|
||||
prune.keep = {
|
||||
within = "7d";
|
||||
weekly = 4;
|
||||
monthly = 6;
|
||||
};
|
||||
|
||||
preHook = lib.mkIf c.scaleDeployments preHook;
|
||||
|
||||
encryption = {
|
||||
passCommand = "cat ${config.sops.secrets."borg/borgPassphrase".path}";
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue