From 7bc52e9020a7accf6f8f61782c346acbeba47140 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 25 Aug 2017 18:46:59 -0400 Subject: borg backup for pell --- src/Propellor/Property/SiteSpecific/Branchable.hs | 29 ++++++++++++++--------- 1 file changed, 18 insertions(+), 11 deletions(-) (limited to 'src/Propellor/Property/SiteSpecific/Branchable.hs') diff --git a/src/Propellor/Property/SiteSpecific/Branchable.hs b/src/Propellor/Property/SiteSpecific/Branchable.hs index 239bcbeb..f588edb9 100644 --- a/src/Propellor/Property/SiteSpecific/Branchable.hs +++ b/src/Propellor/Property/SiteSpecific/Branchable.hs @@ -8,6 +8,7 @@ import qualified Propellor.Property.Ssh as Ssh import qualified Propellor.Property.Postfix as Postfix import qualified Propellor.Property.Gpg as Gpg import qualified Propellor.Property.Sudo as Sudo +import qualified Propellor.Property.Borg as Borg server :: [Host] -> Property (HasInfo + DebianLike) server hosts = propertyList "branchable server" $ props @@ -37,18 +38,24 @@ server hosts = propertyList "branchable server" $ props & Postfix.installed & Postfix.mainCf ("mailbox_command", "procmail -a \"$EXTENSION\"") - -- Obnam is run by a cron job in ikiwiki-hosting. - & "/etc/obnam.conf" `File.hasContent` - [ "[config]" - , "repository = sftp://joey@eubackup.kitenet.net/home/joey/lib/backup/pell.obnam" - , "log = /var/log/obnam.log" - , "encrypt-with = " ++ obnamkey - , "log-level = info" - , "log-max = 1048576" - , "keep = 7d,5w,12m" - , "upload-queue-size = 128" - , "lru-size = 128" + & Borg.backup "/" "joey@eubackup.kitenet.net:/home/joey/lib/backup/branchable/pell.borg::{now}" Cron.Daily + [ "--exclude=/proc/*" + , "--exclude=/sys/*" + , "--exclude=/run/*" + , "--exclude=/tmp/*" + , "--exclude=/var/tmp/*" + , "--exclude=/var/backups/ikiwiki-hosting-web/*" + , "--exclude=/var/cache/*" + , "--exclude=/home/*/source/*" + , "--exclude=/home/*/public_html/*" + , "--exclude=/home/*/.git/*" ] + [ Borg.KeepDays 7 + , Borg.KeepWeeks 5 + , Borg.KeepMonths 12 + , Borg.KeepYears 1 + ] + -- gpg key that can be used to decrypt the borg backup key & Gpg.keyImported (Gpg.GpgKeyId obnamkey) (User "root") & Ssh.userKeys (User "root") (Context "branchable.com") [ (SshRsa, "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2PqTSupwncqeffNwZQXacdEWp7L+TxllIxH7WjfRMb3U74mQxWI0lwqLVW6Fox430DvhSqF1y5rJBvTHh4i49Tc9lZ7mwAxA6jNOP6bmdfteaKKYmUw5qwtJW0vISBFu28qBO11Nq3uJ1D3Oj6N+b3mM/0D3Y3NoGgF8+2dLdi81u9+l6AQ5Jsnozi2Ni/Osx2oVGZa+IQDO6gX8VEP4OrcJFNJe8qdnvItcGwoivhjbIfzaqNNvswKgGzhYLOAS5KT8HsjvIpYHWkyQ5QUX7W/lqGSbjP+6B8C3tkvm8VLXbmaD+aSkyCaYbuoXC2BoJdS7Jh8phKMwPJmdYVepn") -- cgit v1.3-2-g0d8e From e535a28a6fec47d76ad15d51c100d22a7e2e7534 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 25 Aug 2017 18:48:19 -0400 Subject: propellor spin --- src/Propellor/Property/SiteSpecific/Branchable.hs | 1 + 1 file changed, 1 insertion(+) (limited to 'src/Propellor/Property/SiteSpecific/Branchable.hs') diff --git a/src/Propellor/Property/SiteSpecific/Branchable.hs b/src/Propellor/Property/SiteSpecific/Branchable.hs index f588edb9..a818f750 100644 --- a/src/Propellor/Property/SiteSpecific/Branchable.hs +++ b/src/Propellor/Property/SiteSpecific/Branchable.hs @@ -9,6 +9,7 @@ import qualified Propellor.Property.Postfix as Postfix import qualified Propellor.Property.Gpg as Gpg import qualified Propellor.Property.Sudo as Sudo import qualified Propellor.Property.Borg as Borg +import qualified Propellor.Property.Cron as Cron server :: [Host] -> Property (HasInfo + DebianLike) server hosts = propertyList "branchable server" $ props -- cgit v1.3-2-g0d8e From 87f4281250d09d53c5cf399e7286520bfdcc387d Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 25 Aug 2017 18:52:34 -0400 Subject: clarify comment And, the borg property adds a :: , so don't need that in the use on branchable. --- src/Propellor/Property/Borg.hs | 4 ++-- src/Propellor/Property/SiteSpecific/Branchable.hs | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'src/Propellor/Property/SiteSpecific/Branchable.hs') diff --git a/src/Propellor/Property/Borg.hs b/src/Propellor/Property/Borg.hs index 7ed39794..c02c5fb5 100644 --- a/src/Propellor/Property/Borg.hs +++ b/src/Propellor/Property/Borg.hs @@ -92,8 +92,8 @@ restored dir backupdir = go `requires` installed -- > ["--exclude=/srv/git/tobeignored"] -- > [Borg.KeepDays 7, Borg.KeepWeeks 4, Borg.KeepMonths 6, Borg.KeepYears 1] -- --- Note that this property does not make borg encrypt the backup --- repository. +-- Note that this property does not initialize the backup repository, +-- so that will need to be done once, before-hand. -- -- Since borg uses a fair amount of system resources, only one borg -- backup job will be run at a time. Other jobs will wait their turns to diff --git a/src/Propellor/Property/SiteSpecific/Branchable.hs b/src/Propellor/Property/SiteSpecific/Branchable.hs index a818f750..ce679083 100644 --- a/src/Propellor/Property/SiteSpecific/Branchable.hs +++ b/src/Propellor/Property/SiteSpecific/Branchable.hs @@ -39,7 +39,7 @@ server hosts = propertyList "branchable server" $ props & Postfix.installed & Postfix.mainCf ("mailbox_command", "procmail -a \"$EXTENSION\"") - & Borg.backup "/" "joey@eubackup.kitenet.net:/home/joey/lib/backup/branchable/pell.borg::{now}" Cron.Daily + & Borg.backup "/" "joey@eubackup.kitenet.net:/home/joey/lib/backup/branchable/pell.borg" Cron.Daily [ "--exclude=/proc/*" , "--exclude=/sys/*" , "--exclude=/run/*" -- cgit v1.3-2-g0d8e