diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2020-07-16 01:10:17 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2020-07-16 01:10:17 +0200 |
commit | 5a61f6ad5164a735be26e016c59e72252ffb49b7 (patch) | |
tree | 6acc3c8199d7f25c039c6c6686005436d1fb49d7 /modules/private/monitoring/default.nix | |
parent | ca367c14902ab1bf869976dc5dca52d07e308c15 (diff) | |
download | Nix-5a61f6ad5164a735be26e016c59e72252ffb49b7.tar.gz Nix-5a61f6ad5164a735be26e016c59e72252ffb49b7.tar.zst Nix-5a61f6ad5164a735be26e016c59e72252ffb49b7.zip |
Add alternate cloud storage for daily backups
Diffstat (limited to 'modules/private/monitoring/default.nix')
-rw-r--r-- | modules/private/monitoring/default.nix | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/modules/private/monitoring/default.nix b/modules/private/monitoring/default.nix index d5bf7fb..c573af2 100644 --- a/modules/private/monitoring/default.nix +++ b/modules/private/monitoring/default.nix | |||
@@ -58,9 +58,12 @@ let | |||
58 | wrapProgram $out/check_eriomem --prefix PATH : ${lib.makeBinPath [ | 58 | wrapProgram $out/check_eriomem --prefix PATH : ${lib.makeBinPath [ |
59 | pkgs.s3cmd pkgs.python3 | 59 | pkgs.s3cmd pkgs.python3 |
60 | ]} | 60 | ]} |
61 | wrapProgram $out/check_eriomem_age --prefix PATH : ${lib.makeBinPath [ | 61 | makeWrapper $out/check_backup_age $out/check_backup_eriomem_age --prefix PATH : ${lib.makeBinPath [ |
62 | pkgs.duplicity | 62 | pkgs.duplicity |
63 | ]} --set SECRETS_PATH ${lib.optionalString cfg.master config.secrets.fullPaths."eriomem_access_key"} | 63 | ]} --set SECRETS_PATH ${lib.optionalString cfg.master config.secrets.fullPaths."eriomem_access_key"} |
64 | makeWrapper $out/check_backup_age $out/check_backup_ovh_age --prefix PATH : ${lib.makeBinPath [ | ||
65 | pkgs.duplicity | ||
66 | ]} --set SECRETS_PATH ${lib.optionalString cfg.master config.secrets.fullPaths."ovh_access_key"} | ||
64 | wrapProgram $out/notify_by_email --prefix PATH : ${lib.makeBinPath [ | 67 | wrapProgram $out/notify_by_email --prefix PATH : ${lib.makeBinPath [ |
65 | pkgs.mailutils | 68 | pkgs.mailutils |
66 | ]} | 69 | ]} |
@@ -256,18 +259,19 @@ in | |||
256 | permissions = "0400"; | 259 | permissions = "0400"; |
257 | text = config.myEnv.monitoring.ssh_secret_key; | 260 | text = config.myEnv.monitoring.ssh_secret_key; |
258 | } | 261 | } |
259 | ] ++ lib.optional cfg.master ( | 262 | ] ++ lib.optionals cfg.master ( |
263 | lib.mapAttrsToList (k: v: | ||
260 | { | 264 | { |
261 | dest = "eriomem_access_key"; | 265 | dest = "${k}_access_key"; |
262 | user = "naemon"; | 266 | user = "naemon"; |
263 | group = "naemon"; | 267 | group = "naemon"; |
264 | permissions = "0400"; | 268 | permissions = "0400"; |
265 | text = '' | 269 | text = '' |
266 | export AWS_ACCESS_KEY_ID="${config.myEnv.backup.accessKeyId}" | 270 | export AWS_ACCESS_KEY_ID="${v.accessKeyId}" |
267 | export AWS_SECRET_ACCESS_KEY="${config.myEnv.backup.secretAccessKey}" | 271 | export AWS_SECRET_ACCESS_KEY="${v.secretAccessKey}" |
268 | export BASE_URL="${config.myEnv.backup.remote}" | 272 | export BASE_URL="${v.remote "immae-eldiron"}" |
269 | ''; | 273 | ''; |
270 | } | 274 | }) config.myEnv.backup.remotes |
271 | ); | 275 | ); |
272 | # needed since extraResource is not in the closure | 276 | # needed since extraResource is not in the closure |
273 | systemd.services.naemon.path = [ myplugins ]; | 277 | systemd.services.naemon.path = [ myplugins ]; |