Browse Source

chore: restic job configure

pull/2/head
Karan Sharma 8 months ago
parent
commit
3c9da753bf
  1. 6
      terraform/env.sample
  2. 6
      terraform/main.tf
  3. 17
      terraform/modules/restic/conf/backup.sh
  4. 46
      terraform/modules/restic/conf/restic.nomad
  5. 7
      terraform/modules/restic/job.tf
  6. 15
      terraform/modules/restic/variables.tf
  7. 18
      terraform/variables.tf

6
terraform/env.sample

@ -7,4 +7,8 @@ TF_VAR_joplin_postgresql_password=
TF_VAR_gitea_secret_key=
TF_VAR_gitea_internal_token=
TF_VAR_gitea_lfs_jwt_secret=
TF_VAR_gitea_oauth2_jwt_secret=
TF_VAR_gitea_oauth2_jwt_secret=
TF_VAR_restic_b2_account_id=
TF_VAR_restic_b2_account_key=
TF_VAR_restic_repository=
TF_VAR_restic_password=

6
terraform/main.tf

@ -46,7 +46,11 @@ module "joplin" {
}
module "restic" {
source = "./modules/restic"
source = "./modules/restic"
restic_b2_account_id = var.restic_b2_account_id
restic_b2_account_key = var.restic_b2_account_key
restic_repository = var.restic_repository
restic_password = var.restic_password
providers = {
nomad = nomad
}

17
terraform/modules/restic/conf/backup.sh

@ -1,17 +0,0 @@
#!/usr/bin/env bash
set -Eeuo pipefail
set -o allexport; source restic.env; set +o allexport
echo "Starting backup!"
restic backup --verbose --one-file-system --tag nomad /data
echo "Pruning old backups according to retention policy."
restic forget --verbose --tag nomad --group-by "paths,tags" --keep-daily 7 --keep-weekly 4 --keep-monthly 12 --keep-yearly 3
echo "Pruning old backups from local storage."
restic prune

46
terraform/modules/restic/conf/restic.nomad

@ -3,7 +3,7 @@ job "restic" {
type = "batch"
periodic {
cron = "0 * * * *"
cron = "0 3 * * *"
time_zone = "Asia/Kolkata"
prohibit_overlap = true
}
@ -20,16 +20,52 @@ job "restic" {
task "backup" {
driver = "exec"
user = "karan"
config {
# Since `/data` is owned by `root`, restic needs to be spawned as `root`.
command = "sudo"
args = ["./home/karan/restic-backup/backup.sh"]
args = ["local/restic_backup.sh"]
// command = "sleep"
// args = ["infinity"]
}
env {
B2_ACCOUNT_ID = "${restic_b2_account_id}"
B2_ACCOUNT_KEY = "${restic_b2_account_key}"
RESTIC_REPOSITORY = "${restic_repository}"
RESTIC_PASSWORD = "${restic_password}"
}
artifact {
source = "https://internal.file.server/name-of-my-binary"
destination = "local/some-directory"
template {
data = <<EOF
#!/usr/bin/env bash
set -Eeuo pipefail
export B2_ACCOUNT_ID="${restic_b2_account_id}"
export B2_ACCOUNT_KEY="${restic_b2_account_key}"
export RESTIC_PASSWORD="${restic_repository}"
export RESTIC_REPOSITORY="${restic_password}"
echo "`date`: Starting backup! $RESTIC_REPOSITORY"
restic backup --verbose --one-file-system --tag nomad /data
echo "`date`: Pruning old backups according to retention policy."
restic forget --verbose --tag nomad --group-by "paths,tags" --keep-daily 7 --keep-weekly 4 --keep-monthly 12 --keep-yearly 3
echo "`date`: Pruning old backups from local storage."
restic prune
EOF
destination = "local/restic_backup.sh" # Rendered template.
change_mode = "restart"
perms = "755"
}
resources {

7
terraform/modules/restic/job.tf

@ -1,5 +1,10 @@
resource "nomad_job" "app" {
jobspec = "${path.module}/conf/restic.nomad"
jobspec = templatefile("${path.module}/conf/restic.nomad", {
restic_b2_account_id = var.restic_b2_account_id,
restic_b2_account_key = var.restic_b2_account_key
restic_repository = var.restic_repository
restic_password = var.restic_password
})
hcl2 {
enabled = true

15
terraform/modules/restic/variables.tf

@ -0,0 +1,15 @@
variable "restic_b2_account_id" {
type = string
}
variable "restic_b2_account_key" {
type = string
}
variable "restic_repository" {
type = string
}
variable "restic_password" {
type = string
}

18
terraform/variables.tf

@ -46,4 +46,20 @@ variable "gitea_oauth2_jwt_secret" {
type = string
description = "OAuth2 authentication secret for access and refresh tokens"
}
}
variable "restic_b2_account_id" {
type = string
}
variable "restic_b2_account_key" {
type = string
}
variable "restic_repository" {
type = string
}
variable "restic_password" {
type = string
}

Loading…
Cancel
Save