mwojcik
/
it-infra
forked from M-Labs/it-infra
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

nixbld: improve backup 

include Mattermost attachments
stop using expensive and insecure dropbox
This commit is contained in:
Sebastien Bourdeauducq 2021-11-16 14:21:56 +08:00
parent f8a30b55a8
commit c75cf3456b
3 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
nixbld-etc-nixos/backup-module.nix
View File

@ -15,14 +15,15 @@ let
${config.services.mysql.package}/bin/mysqldump --single-transaction flarum > flarum.sql ${config.services.mysql.package}/bin/mysqldump --single-transaction flarum > flarum.sql
${pkgs.sudo}/bin/sudo -u mattermost ${config.services.postgresql.package}/bin/pg_dump mattermost > mattermost.sql ${pkgs.sudo}/bin/sudo -u mattermost ${config.services.postgresql.package}/bin/pg_dump mattermost > mattermost.sql
${pkgs.gnutar}/bin/tar cf - --exclude "/var/lib/gitea/repositories/*/*.git/archives" /etc/nixos /var/lib/gitea flarum.sql mattermost.sql | \ ${pkgs.gnutar}/bin/tar cf - --exclude "/var/lib/gitea/repositories/*/*.git/archives" /etc/nixos /var/lib/gitea /var/lib/mattermost/data flarum.sql mattermost.sql | \
${pkgs.bzip2}/bin/bzip2 | \ ${pkgs.bzip2}/bin/bzip2 | \
${pkgs.gnupg}/bin/gpg --symmetric --batch --passphrase-file /etc/nixos/secret/backup-passphrase | \ ${pkgs.gnupg}/bin/gpg --symmetric --batch --passphrase-file /etc/nixos/secret/backup-passphrase > /home/backupdl/$FILENAME
${pkgs.rclone}/bin/rclone rcat --config /etc/nixos/secret/rclone.conf dropbox:$FILENAME
popd popd
rm -rf $DBDUMPDIR rm -rf $DBDUMPDIR
chown backupdl.users /home/backupdl/$FILENAME
echo Backup done echo Backup done
''; '';
cfg = config.services.mlabs-backup; cfg = config.services.mlabs-backup;

7
nixbld-etc-nixos/configuration.nix
View File

@ -267,6 +267,13 @@ in
isNormalUser = true; isNormalUser = true;
extraGroups = ["wheel"]; extraGroups = ["wheel"];
}; };
users.extraUsers.backupdl = {
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyPk5WyFoWSvF4ozehxcVBoZ+UHgrI7VW/OoQfFFwIQe0qvetUZBMZwR2FwkLPAMZV8zz1v4EfncudEkVghy4P+/YVLlDjqDq9zwZnh8Nd/ifu84wmcNWHT2UcqnhjniCdshL8a44memzABnxfLLv+sXhP2x32cJAamo5y6fukr2qLp2jbXzR+3sv3klE0ruUXis/BR1lLqNJEYP8jB6fLn2sLKinnZPfn6DwVOk10mGeQsdME/eGl3phpjhODH9JW5V2V5nJBbC0rBnq+78dyArKVqjPSmIcSy72DEIpTctnMEN1W34BGrnsDd5Xd/DKxKxHKTMCHtZRwLC2X0NWN"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCMALVC8RDTHec+PC8y1s3tcpUAODgq6DEzQdHDf/cyvDMfmCaPiMxfIdmkns5lMa03hymIfSmLUF0jFFDc7biRp7uf9AAXNsrTmplHii0l0McuOOZGlSdZM4eL817P7UwJqFMxJyFXDjkubhQiX6kp25Kfuj/zLnupRCaiDvE7ho/xay6Jrv0XLz935TPDwkc7W1asLIvsZLheB+sRz9SMOb9gtrvk5WXZl5JTOFOLu+JaRwQLHL/xdcHJTOod7tqHYfpoC5JHrEwKzbhTOwxZBQBfTQjQktKENQtBxXHTe71rUEWfEZQGg60/BC4BrRmh4qJjlJu3v4VIhC7SSHn1"
];
};
users.extraUsers.harry = { users.extraUsers.harry = {
isNormalUser = true; isNormalUser = true;
extraGroups = ["hkadmin" "lp" "scanner"]; extraGroups = ["hkadmin" "lp" "scanner"];

1
nixbld-etc-nixos/secret_permissions.txt
View File

@ -8,6 +8,5 @@
-rw------- 1 nginx nginx muninpasswd -rw------- 1 nginx nginx muninpasswd
-rw-rw---- 1 hydra hydra nixbld.m-labs.hk-1 -rw-rw---- 1 hydra hydra nixbld.m-labs.hk-1
-rw-rw---- 1 hydra hydra nix_id_rsa -rw-rw---- 1 hydra hydra nix_id_rsa
-rw------- 1 root root rclone.conf
-rw------- 1 root root wifi_password.nix -rw------- 1 root root wifi_password.nix
-rw------- 1 sb users wifi_ext_password.nix -rw------- 1 sb users wifi_ext_password.nix