arcodange-org/factory
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

setup cron local mail reporting and longhorn recurring backup job

Browse Source
This commit is contained in:
Gabriel Radureau
2025-09-01 19:38:50 +02:00
parent 2d4cb5d8a5
commit 04e29d29c5
10 changed files with 273 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
iac/gcs_backup.tf
View File

@@ -1,7 +1,7 @@
# https://longhorn.io/docs/1.9.1/snapshots-and-backups/backup-and-restore/set-backup-target/#set-up-gcp-cloud-storage-backupstore
resource "google_storage_bucket" "longhorn_backup" {
name = "arcodange-backup"
location = "US-EAST1"
location = "NAM4" # https://cloud.google.com/storage/docs/locations#location-dr
force_destroy = true
public_access_prevention = "enforced"
@@ -17,8 +17,8 @@ resource "google_storage_bucket_iam_member" "longhorn_backup" {
member = "serviceAccount:${google_service_account.longhorn_backup.email}"
}
resource "google_service_account_key" "longhorn_backup" {
service_account_id = google_service_account.longhorn_backup.account_id
resource "google_storage_hmac_key" "longhorn_backup" {
service_account_email = google_service_account.longhorn_backup.email
}
@@ -34,9 +34,11 @@ resource "vault_kv_secret_v2" "longhorn_gcs_backup" {
name = "longhorn/gcs-backup"
cas = 1
delete_all_versions = true
data_json = base64decode(
google_service_account_key.longhorn_backup.private_key
)
data_json = jsonencode({
AWS_ACCESS_KEY_ID = google_storage_hmac_key.longhorn_backup.access_id
AWS_SECRET_ACCESS_KEY = google_storage_hmac_key.longhorn_backup.secret
AWS_ENDPOINTS: "https://storage.googleapis.com"
})
}
data "vault_policy_document" "longhorn_gcs_backup" {

9
iac/providers.tf
View File

@@ -22,11 +22,10 @@ provider "gitea" { # https://registry.terraform.io/providers/go-gitea/gitea/late
provider "vault" {
address = "https://vault.arcodange.duckdns.org"
token = "hvs.CAESINCaMZanSRV-JM2rhHijIcFjT3mNE63jNpy_LInw-qy_Gh4KHGh2cy5PcndCWVhRUWpORmdyZzJISFNZYzlLVGk"
# auth_login_jwt { # TERRAFORM_VAULT_AUTH_JWT environment variable
# mount = "gitea_jwt"
# role = "gitea_cicd"
# }
auth_login_jwt { # TERRAFORM_VAULT_AUTH_JWT environment variable
mount = "gitea_jwt"
role = "gitea_cicd"
}
}
provider "google" {