Work-in-progress: split S3 & SSH storage
This commit is contained in:
parent
f5e87f396a
commit
ed76e6164b
|
@ -0,0 +1,13 @@
|
||||||
|
TYPE=backup-bot-two
|
||||||
|
|
||||||
|
SECRET_RESTIC_PASSWORD_VERSION=v1
|
||||||
|
|
||||||
|
COMPOSE_FILE=compose.yml
|
||||||
|
|
||||||
|
# SSH storage
|
||||||
|
#SECRET_SSH_KEY_VERSION=v1
|
||||||
|
#COMPOSE_FILE="$COMPOSE_FILE:compose.ssh.yml"
|
||||||
|
|
||||||
|
# S3 storage
|
||||||
|
#SECRET_AWS_SECRET_ACCESS_KEY_VERSION=v1
|
||||||
|
#COMPOSE_FILE="$COMPOSE_FILE:compose.s3.yml"
|
|
@ -3,12 +3,13 @@ FROM docker:19.03.13-dind
|
||||||
RUN apk add --upgrade --no-cache \
|
RUN apk add --upgrade --no-cache \
|
||||||
bash \
|
bash \
|
||||||
curl \
|
curl \
|
||||||
|
jq \
|
||||||
restic
|
restic
|
||||||
|
|
||||||
RUN curl -L https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 --output /usr/bin/jq
|
|
||||||
RUN chmod +x /usr/bin/jq
|
|
||||||
|
|
||||||
COPY backup.sh /usr/bin/backup.sh
|
COPY backup.sh /usr/bin/backup.sh
|
||||||
RUN chmod +x /usr/bin/backup.sh
|
RUN chmod +x /usr/bin/backup.sh
|
||||||
|
|
||||||
ENTRYPOINT ["/usr/bin/backup.sh"]
|
RUN echo "* * * * * /usr/bin/backup.sh" | crontab -
|
||||||
|
RUN crontab -l
|
||||||
|
|
||||||
|
ENTRYPOINT ["crond", "-f", "-L", "/dev/stdout"]
|
||||||
|
|
|
@ -11,6 +11,9 @@ restic_repo="sftp:$restic_sftp_host:/$server_name"
|
||||||
backup_path="${BACKUP_DEST:?BACKUP_DEST not set}"
|
backup_path="${BACKUP_DEST:?BACKUP_DEST not set}"
|
||||||
|
|
||||||
if [ -n "$SERVICES_OVERRIDE" ]; then
|
if [ -n "$SERVICES_OVERRIDE" ]; then
|
||||||
|
# this is fine because docker service names should never include spaces or
|
||||||
|
# glob characters
|
||||||
|
# shellcheck disable=SC2206
|
||||||
services=($SERVICES_OVERRIDE)
|
services=($SERVICES_OVERRIDE)
|
||||||
else
|
else
|
||||||
mapfile -t services < <(docker service ls --format '{{ .Name }}')
|
mapfile -t services < <(docker service ls --format '{{ .Name }}')
|
||||||
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
---
|
||||||
|
version: "3.8"
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
environment:
|
||||||
|
- AWS_ACCESS_KEY_ID
|
||||||
|
- AWS_SECRET_ACCESS_KEY_FILE=/run/secrets/aws_secret_access_key
|
||||||
|
secrets:
|
||||||
|
- aws_secret_access_key
|
||||||
|
|
||||||
|
secrets:
|
||||||
|
aws_secret_access_key:
|
||||||
|
external: true
|
||||||
|
name: ${STACK_NAME}_aws_secret_access_key_${SECRET_AWS_SECRET_ACCESS_KEY_VERSION}
|
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
version: "3.8"
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
environment:
|
||||||
|
- SSH_KEY_FILE=/run/secrets/ssh_key
|
||||||
|
secrets:
|
||||||
|
- ssh_key
|
||||||
|
|
||||||
|
secrets:
|
||||||
|
ssh_key:
|
||||||
|
external: true
|
||||||
|
name: ${STACK_NAME}_ssh_key_${SECRET_SSH_KEY_VERSION}
|
12
compose.yml
12
compose.yml
|
@ -3,6 +3,7 @@ version: "3.8"
|
||||||
services:
|
services:
|
||||||
app:
|
app:
|
||||||
image: thecoopcloud/backup-bot-two:latest
|
image: thecoopcloud/backup-bot-two:latest
|
||||||
|
build: .
|
||||||
volumes:
|
volumes:
|
||||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||||
- "backups:/backups"
|
- "backups:/backups"
|
||||||
|
@ -19,12 +20,17 @@ services:
|
||||||
replicas: 0
|
replicas: 0
|
||||||
labels:
|
labels:
|
||||||
- "swarm.cronjob.enable=true"
|
- "swarm.cronjob.enable=true"
|
||||||
# Note(3wc): every minute, testing
|
# Note(3wc): every 5m, testing
|
||||||
- "swarm.cronjob.schedule=*/5 * * * *"
|
- "swarm.cronjob.schedule=*/5 * * * *"
|
||||||
# - "swarm.cronjob.schedule=0 9 * * 1-5" # office hours
|
# Note(3wc): blank label to be picked up by `abra recipe sync`
|
||||||
- coop-cloud.${STACK_NAME}.app.version=24.98.9-slim-d3db1c25
|
- coop-cloud.${STACK_NAME}.app.version=
|
||||||
restart_policy:
|
restart_policy:
|
||||||
condition: none
|
condition: none
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
backups:
|
backups:
|
||||||
|
|
||||||
|
secrets:
|
||||||
|
restic_password:
|
||||||
|
external: true
|
||||||
|
name: ${STACK_NAME}_restic_password_${SECRET_RESTIC_PASSWORD_VERSION}
|
||||||
|
|
Loading…
Reference in New Issue