From 5a61f6ad5164a735be26e016c59e72252ffb49b7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Thu, 16 Jul 2020 01:10:17 +0200
Subject: Add alternate cloud storage for daily backups

---
 modules/private/monitoring/default.nix | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

(limited to 'modules/private/monitoring/default.nix')

diff --git a/modules/private/monitoring/default.nix b/modules/private/monitoring/default.nix
index d5bf7fb..c573af2 100644
--- a/modules/private/monitoring/default.nix
+++ b/modules/private/monitoring/default.nix
@@ -58,9 +58,12 @@ let
     wrapProgram $out/check_eriomem --prefix PATH : ${lib.makeBinPath [
       pkgs.s3cmd pkgs.python3
     ]}
-    wrapProgram $out/check_eriomem_age --prefix PATH : ${lib.makeBinPath [
+    makeWrapper $out/check_backup_age $out/check_backup_eriomem_age --prefix PATH : ${lib.makeBinPath [
       pkgs.duplicity
     ]} --set SECRETS_PATH ${lib.optionalString cfg.master config.secrets.fullPaths."eriomem_access_key"}
+    makeWrapper $out/check_backup_age $out/check_backup_ovh_age --prefix PATH : ${lib.makeBinPath [
+      pkgs.duplicity
+    ]} --set SECRETS_PATH ${lib.optionalString cfg.master config.secrets.fullPaths."ovh_access_key"}
     wrapProgram $out/notify_by_email --prefix PATH : ${lib.makeBinPath [
       pkgs.mailutils
     ]}
@@ -256,18 +259,19 @@ in
         permissions = "0400";
         text = config.myEnv.monitoring.ssh_secret_key;
       }
-    ] ++ lib.optional cfg.master (
+    ] ++ lib.optionals cfg.master (
+      lib.mapAttrsToList (k: v:
       {
-        dest = "eriomem_access_key";
+        dest = "${k}_access_key";
         user = "naemon";
         group = "naemon";
         permissions = "0400";
         text = ''
-          export AWS_ACCESS_KEY_ID="${config.myEnv.backup.accessKeyId}"
-          export AWS_SECRET_ACCESS_KEY="${config.myEnv.backup.secretAccessKey}"
-          export BASE_URL="${config.myEnv.backup.remote}"
+          export AWS_ACCESS_KEY_ID="${v.accessKeyId}"
+          export AWS_SECRET_ACCESS_KEY="${v.secretAccessKey}"
+          export BASE_URL="${v.remote "immae-eldiron"}"
         '';
-      }
+      }) config.myEnv.backup.remotes
     );
     # needed since extraResource is not in the closure
     systemd.services.naemon.path = [ myplugins ];
-- 
cgit v1.2.3