chore: backup infrastructure configurations [skip ci]

2025-11-24 15:25:01 +00:00
parent a5e11de6ed
commit 26a7d1eee1
31 changed files with 1016 additions and 306 deletions
--- a/nomad_backup/vaultwarden.hcl
+++ b/nomad_backup/vaultwarden.hcl
@@ -17,8 +17,7 @@ job "vaultwarden" {
    task "vaultwarden" {
      driver = "docker"
      config {
-        # image             = "vaultwarden/server:latest"
-        image             = "vaultwarden/server:1.32.7"
+        image             = "vaultwarden/server:latest"
        memory_hard_limit = 2048

        ports = ["http"]
@@ -33,7 +32,6 @@ job "vaultwarden" {
        // vaultwarden_PODCAST_PATH = "/podcasts"
        ADMIN_TOKEN   = "VReYRX0RuSw3mxmGFG4+2ECY71l/wYmuD52NOWDur6e43z/inbUmJGUr5KU4wtjW"
        ENABLE_DB_WAL = "false"
-        DATABASE_URL= "postgresql://postgres:postgres@master.postgres.service.dc1.consul:5432/vaultwarden"
      }
      resources {
        cpu    = 100 # 100 MHz
@@ -51,7 +49,8 @@ job "vaultwarden" {
          "traefik.http.routers.vaultwardenwan-admin.rule=(Host(`vault.fbleagh.duckdns.org`) && PathPrefix(`/admin/`))",
          "traefik.http.routers.vaultwardenwan.tls=true",
          // "traefik.http.routers.vaultwardenwan.tls.certresolver=myresolver-int",
-          "traefik.http.middlewares.vaultwardenwan-admin-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.4.0/22",
+          "traefik.http.middlewares.vaultwardenwan-admin-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.0/24",
+          "traefik.http.routers.nginx-admin.middlewares=vaultwardenwan-admin-ipwhitelist",
          "enable_gocast",
          "gocast_vip=192.168.1.246/32",
          "gocast_nat=tcp:8081:8081",
@@ -162,20 +161,53 @@ job "vaultwarden" {

        image = "ghcr.io/sstent/rsync"
        volumes = [
-          "/mnt/configs/${NOMAD_GROUP_NAME}/data:/config",
+          "/mnt/configs/:/configs",
          "/mnt/Public/config/${NOMAD_GROUP_NAME}:/configbackup",
        ]
        args = ["client"]
      }
      env {
-        CRON_TASK_1 = "50 * * * * rsync -av --exclude='*.db' --exclude='*.db' --exclude='.*.db-litestream' --exclude='generations' /config/ /configbackup/;"
+        CRON_TASK_1 = "50 * * * * rsync -av --exclude='*.db' --exclude='*.db' --exclude='.*.db-litestream' --exclude='generations' /configs/${NOMAD_GROUP_NAME}/ /configbackup/;"
      }
      resources {
        cpu    = 20 # 500 MHz
        memory = 20 # 128MB
      }
    }
+    task "Backup" {
+      driver = "docker"

+      lifecycle {
+        hook    = "poststart"
+        sidecar = true
+      }
+
+      config {
+        image             = "bruceforce/vaultwarden-backup"
+        memory_hard_limit = 2048
+
+        volumes = [
+          "/mnt/configs/${NOMAD_GROUP_NAME}/data:/data",
+          // "/mnt/Public/config/${NOMAD_GROUP_NAME}:/configbackup",
+        ]
+
+        args = ["client"]
+      }
+
+      env {
+        TIMESTAMP              = true
+        DELETE_AFTER           = 60
+        CRON_TIME              = "0 5 * * *"
+        BACKUP_DIR             = "/data/backups"
+        BACKUP_DIR_PERMISSIONS = "-1"
+        UID                    = 1000
+        GID                    = 1000
+      }
+      resources {
+        cpu    = 20 # 500 MHz
+        memory = 20 # 128MB
+      }
+    } #end sync task

    network {
      // mbits = 100