diff options
author | Franck Cuny <franck@fcuny.net> | 2022-03-11 19:31:26 -0800 |
---|---|---|
committer | Franck Cuny <franck@fcuny.net> | 2022-03-11 19:31:26 -0800 |
commit | 71288332e85f993628439cecfbaa6ee207d01f46 (patch) | |
tree | abcf96411b8ecff3a12a4a4a39b708d9212dd9df | |
parent | wm: ensure element is assigned to space #4 (diff) | |
download | world-71288332e85f993628439cecfbaa6ee207d01f46.tar.gz |
rclone: synchronize restic repo to GCS
Add a couple of secrets to store the configuration and the service account, and add a timer to synchronize the restic repository to a GCS bucket once a day.
-rw-r--r-- | hosts/common/server/rclone.nix | 29 | ||||
-rw-r--r-- | secrets.nix | 3 | ||||
-rw-r--r-- | secrets/rclone/config.ini.age | bin | 0 -> 616 bytes | |||
-rw-r--r-- | secrets/rclone/gcs_service_account.json.age | bin | 0 -> 2864 bytes |
4 files changed, 32 insertions, 0 deletions
diff --git a/hosts/common/server/rclone.nix b/hosts/common/server/rclone.nix new file mode 100644 index 0000000..5e1a4d6 --- /dev/null +++ b/hosts/common/server/rclone.nix @@ -0,0 +1,29 @@ +{ config, pkgs, lib, ... }: + +{ + environment.systemPackages = with pkgs; [ rclone ]; + + age.secrets.rclone-gcs-sa.file = + ../../../secrets/rclone/gcs_service_account.json.age; + + age.secrets.rclone-config.file = ../../../secrets/rclone/config.ini.age; + + systemd = { + timers.rclone-sync = { + wantedBy = [ "timers.target" ]; + partOf = [ "rclone-sync.service" ]; + timerConfig = { OnCalendar = "02:00"; }; + }; + services.rclone-sync = let rcloneOptions = "--fast-list --verbose"; + in { + serviceConfig.Type = "oneshot"; + serviceConfig.Environment = { + RCLONE_GCS_SERVICE_ACCOUNT_CREDENTIALS = + config.age.secrets.rclone-gcs-sa.path; + }; + script = '' + ${pkgs.rclone}/bin/rclone --config=${age.secrets.rclone-config.path} sync ${rcloneOptions} /data/slow/backups gbackup:fcuny-backups + ''; + }; + }; +} diff --git a/secrets.nix b/secrets.nix index 7a45923..ae0efaf 100644 --- a/secrets.nix +++ b/secrets.nix @@ -22,4 +22,7 @@ in { "secrets/unifi/unifi-poller.age".publicKeys = [ fcuny_aptos aptos tahoe ]; "secrets/restic/repo-systems.age".publicKeys = [ fcuny_aptos aptos tahoe ]; + "secrets/rclone/config.ini.age".publicKeys = [ fcuny_aptos aptos tahoe ]; + "secrets/rclone/gcs_service_account.json.age".publicKeys = + [ fcuny_aptos aptos tahoe ]; } diff --git a/secrets/rclone/config.ini.age b/secrets/rclone/config.ini.age new file mode 100644 index 0000000..a017b29 --- /dev/null +++ b/secrets/rclone/config.ini.age Binary files differdiff --git a/secrets/rclone/gcs_service_account.json.age b/secrets/rclone/gcs_service_account.json.age new file mode 100644 index 0000000..982dd30 --- /dev/null +++ b/secrets/rclone/gcs_service_account.json.age Binary files differ |