Noratrieb/vps
1
0
Fork 0
mirror of https://github.com/Noratrieb/vps.git synced 2026-01-14 16:55:00 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

backup

Browse source
This commit is contained in:
nora 2024-02-24 12:57:17 +01:00
parent 9028a785fc
commit 0720472bd0
4 changed files with 67 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
shell.nix
View file

@ -2,11 +2,13 @@
packages = with pkgs; [ packages = with pkgs; [
ansible ansible
ansible-lint ansible-lint
awscli
certbot certbot
dig dig
openssl openssl
caddy caddy
shellcheck shellcheck
git-crypt git-crypt
opentofu
]; ];
} }

2
tf-infra/README.md
View file

@ -7,7 +7,7 @@ The state can be found in an s3 bucket that is not managed via terraform and loo
This uses the following environment variables: This uses the following environment variables:
``` ```
# contabo # contabo from https://my.contabo.com/api/details
export CNTB_OAUTH2_CLIENT_ID="id" export CNTB_OAUTH2_CLIENT_ID="id"
export CNTB_OAUTH2_CLIENT_SECRET="secret" export CNTB_OAUTH2_CLIENT_SECRET="secret"
export CNTB_OAUTH2_USER="email" export CNTB_OAUTH2_USER="email"

63
tf-infra/backup_personal.tf Normal file
View file

@ -0,0 +1,63 @@
resource "aws_s3_bucket" "personal_backups" {
bucket = "nilstrieb-personal-backup"
}
resource "aws_s3_bucket_lifecycle_configuration" "personal_backups_lifecycle" {
bucket = aws_s3_bucket.personal_backups.bucket
rule {
id = "1-cold"
filter {
prefix = "1/"
}
transition {
days = 30
storage_class = "GLACIER_IR"
}
status = "Enabled"
}
}
resource "aws_iam_user" "personal_backup_uploader" {
name = "personal-backup-uploader"
}
resource "aws_iam_access_key" "personal_backup_uploader" {
user = aws_iam_user.personal_backup_uploader.name
}
resource "aws_iam_group" "personal_backup_uploaders" {
name = "personal-backup-uploaders"
}
resource "aws_iam_user_group_membership" "personal_backup_uploader" {
user = aws_iam_user.personal_backup_uploader.name
groups = [ aws_iam_group.personal_backup_uploaders.name ]
}
resource "aws_iam_group_policy" "upload_personal_backup" {
name = "nilstrieb-personal-backups-upload"
group = aws_iam_group.personal_backup_uploaders.name
policy = jsonencode({
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Action":"s3:*",
"Resource":"arn:aws:s3:::${aws_s3_bucket.personal_backups.bucket}*"
},
]
})
}
output "personal_backup_access_key_id" {
value = aws_iam_access_key.personal_backup_uploader.id
}
output "personal_backup_access_key_secret" {
value = aws_iam_access_key.personal_backup_uploader.secret
sensitive = true
}

2
tf-infra/state.sh
View file

@ -1,4 +1,4 @@
#!/usr/bin/bash #!/usr/bin/env bash
BUCKET="nilstrieb-states" BUCKET="nilstrieb-states"