about summary refs log tree commit diff
diff options
context:
space:
mode:
authorFranck Cuny <franck@fcuny.net>2023-04-30 11:34:02 -0700
committerFranck Cuny <franck@fcuny.net>2023-04-30 14:40:30 -0700
commit5a5b98210b56a297e0e227f0895a9778f2e22147 (patch)
tree54da638518953b47b5ca9827b6f0eacf1c94dd82
parentmodules/security: move ssh configuration to a dedicated module (diff)
downloadworld-5a5b98210b56a297e0e227f0895a9778f2e22147.tar.gz
modules/rclone: delete the module and cleanup
I'm not using rclone anymore and I'm not storing the backups to GCS
buckets either.
-rw-r--r--docs/backups.org12
-rw-r--r--hosts/tahoe/secrets/rclone/config.ini.agebin515 -> 0 bytes
-rw-r--r--hosts/tahoe/secrets/rclone/gcs_service_account.json.agebin2786 -> 0 bytes
-rw-r--r--hosts/tahoe/secrets/secrets.nix3
-rw-r--r--modules/services/default.nix1
-rw-r--r--modules/services/rclone/default.nix40
6 files changed, 1 insertions, 55 deletions
diff --git a/docs/backups.org b/docs/backups.org
index 0b0d25a..a1db502 100644
--- a/docs/backups.org
+++ b/docs/backups.org
@@ -1,10 +1,6 @@
 #+TITLE: Backups
 
-There's a number of backups that are managed by the NAS.
-
-In order for the backup to work, there's two files that need to be provisioned:
-- =/etc/restic/password= this contains the password for restic. It's currently stored in 1password (named *backup on nas*).
-- =/etc/restic/google.json= this contains the authn/authz information to store our data in various GCS. This is stored in 1password, with restic's password.
+Each host can be configured to store a backup on the NAS using restic. The backups are synchronized once a day to rsync.net.
 
 * restic
 For backups I'm using [[https://restic.readthedocs.io/][restic]].
@@ -189,9 +185,3 @@ $ sudo ls -l /tmp/this-is-a-test/data/containers/traefik
 total 4
 drwxrwxr-x 2 root root 4096 Nov  6  2020 config
 #+end_src
-* rclone / GCP
-Backups are exported off-site to some GCS buckets, using [[https://rclone.org/][rclone]].
-
-=restic= snapshots are exported to this [[https://console.cloud.google.com/storage/browser/fcuny-restic;tab=objects?forceOnBucketsSortingFiltering=false&project=fcuny-backups][bucket]], while our music collection is stored in this [[https://console.cloud.google.com/storage/browser/fcuny-music;tab=objects?forceOnBucketsSortingFiltering=false&project=fcuny-backups&prefix=&forceOnObjectsSortingFiltering=false][one]].
-
-The timer for the backup can be found in [[file:~/workspace/infrastructure/puppet/site-modules/backup/manifests/service.pp][service.pp]]. All the configuration bits for =rclone= are parts of the unit file for the backups.
diff --git a/hosts/tahoe/secrets/rclone/config.ini.age b/hosts/tahoe/secrets/rclone/config.ini.age
deleted file mode 100644
index 26857bc..0000000
--- a/hosts/tahoe/secrets/rclone/config.ini.age
+++ /dev/null
Binary files differdiff --git a/hosts/tahoe/secrets/rclone/gcs_service_account.json.age b/hosts/tahoe/secrets/rclone/gcs_service_account.json.age
deleted file mode 100644
index 57926a6..0000000
--- a/hosts/tahoe/secrets/rclone/gcs_service_account.json.age
+++ /dev/null
Binary files differdiff --git a/hosts/tahoe/secrets/secrets.nix b/hosts/tahoe/secrets/secrets.nix
index 4325195..34b955b 100644
--- a/hosts/tahoe/secrets/secrets.nix
+++ b/hosts/tahoe/secrets/secrets.nix
@@ -31,8 +31,5 @@ in
   "restic/repo-systems.age".publicKeys = all;
   "rsync.net/ssh-key.age".publicKeys = all;
 
-  "rclone/config.ini.age".publicKeys = all;
-  "rclone/gcs_service_account.json.age".publicKeys = all;
-
   "sendsms/config.age".publicKeys = all;
 }
diff --git a/modules/services/default.nix b/modules/services/default.nix
index e4f6e37..4966ed7 100644
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -12,7 +12,6 @@
     ./navidrome
     ./nginx
     ./pcscd
-    ./rclone
     ./samba
     ./sendsms
     ./ssh-server
diff --git a/modules/services/rclone/default.nix b/modules/services/rclone/default.nix
deleted file mode 100644
index cbef0c3..0000000
--- a/modules/services/rclone/default.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-{ config, pkgs, lib, ... }:
-let
-  cfg = config.my.services.rclone;
-  secrets = config.age.secrets;
-in
-{
-  options.my.services.rclone = with lib; {
-    enable = mkEnableOption "rclone backup service";
-  };
-
-  config = lib.mkIf cfg.enable {
-    systemd = {
-      packages = [ pkgs.rclone ];
-      timers.rclone-sync = {
-        description = "synchronize restic repository to GCS";
-        wantedBy = [ "timers.target" ];
-        partOf = [ "rclone-sync.service" ];
-        timerConfig = { OnCalendar = "02:00"; };
-      };
-      services.rclone-sync = {
-        description = "synchronize restic repository to GCS";
-        serviceConfig =
-          let
-            rcloneOptions = "--config=${
-              secrets."rclone/config.ini".path
-            } --gcs-service-account-file=${
-              secrets."rclone/gcs_service_account.json".path
-            } --fast-list --verbose";
-          in
-          {
-            Type = "oneshot";
-            ExecStart = [
-              "${pkgs.rclone}/bin/rclone ${rcloneOptions} sync /data/slow/backups/systems gbackup:fcuny-backups-systems"
-              "${pkgs.rclone}/bin/rclone ${rcloneOptions} sync /data/slow/backups/users gbackup:fcuny-backups-users"
-            ];
-          };
-      };
-    };
-  };
-}