rclone: Add systemd service for transparent backup
This commit adds a new systemd service, `rclone-sync@.service`, templated against the absolute path of a directory to keep in sync with a (presumably) remote store. Support for Backblaze B2 endpoints has been set up by default, but the specific remote type can be configured via the `RCLONE_REMOTE_TYPE` host variable. In addition, a default-passthrough remote that encrypts data against a static password and salt has been defined under the `crypt` name, and can also be used as the `RCLONE_DEST` of choice.
This commit is contained in:
parent
c65689d325
commit
9dad5ad2c4
Binary file not shown.
|
@ -21,6 +21,7 @@ ignition:
|
|||
- local: service/navidrome/spec.ign
|
||||
- local: service/writefreely/spec.ign
|
||||
- local: service/coturn/spec.ign
|
||||
- local: service/rclone/spec.ign
|
||||
|
||||
passwd:
|
||||
users:
|
||||
|
|
|
@ -46,5 +46,11 @@ RSPAMD_CONTROLLER_PASSWORD=password
|
|||
RSS2EMAIL_FROM=noreply@localhost
|
||||
RSS2EMAIL_TO=root@localhost
|
||||
|
||||
# Configuration for Rclone.
|
||||
RCLONE_DEST=crypt:
|
||||
RCLONE_CRYPT_REMOTE=/data/rclone
|
||||
RCLONE_CRYPT_PASSWORD=3NYQAySloaAVy4CxtVkAset0mz9KDlhT
|
||||
RCLONE_CRYPT_SALT=jqsQXp_MPwBPIzw69TkmSp7ScuA
|
||||
|
||||
# Configuration for WriteFreely.
|
||||
WRITEFREELY_SITE_HOST=https://writefreely.localhost
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
FROM docker.io/rclone/rclone:1.57
|
|
@ -0,0 +1,18 @@
|
|||
# Common configuration.
|
||||
RCLONE_DEST=${RCLONE_DEST}
|
||||
RCLONE_LOG_LEVEL=INFO
|
||||
|
||||
# Configuration for default encrypted remote. This should be configured to wrap the default
|
||||
# unencrypted remote. Password and salt values must be processed via `rclone obscure` before setting.
|
||||
RCLONE_CONFIG_CRYPT_TYPE=crypt
|
||||
RCLONE_CONFIG_CRYPT_REMOTE=${RCLONE_CRYPT_REMOTE}
|
||||
RCLONE_CONFIG_CRYPT_PASSWORD=${RCLONE_CRYPT_PASSWORD}
|
||||
RCLONE_CONFIG_CRYPT_PASSWORD2=${RCLONE_CRYPT_SALT}
|
||||
|
||||
# Configuration for default unencrypted remote.
|
||||
RCLONE_CONFIG_REMOTE_TYPE=${RCLONE_REMOTE_TYPE}
|
||||
|
||||
# Configuration for B2-type remotes.
|
||||
RCLONE_B2_ACCOUNT=${RCLONE_B2_ACCOUNT}
|
||||
RCLONE_B2_KEY=${RCLONE_B2_KEY}
|
||||
RCLONE_B2_HARD_DELETE=false
|
|
@ -0,0 +1,8 @@
|
|||
variant: fcos
|
||||
version: 1.3.0
|
||||
storage:
|
||||
trees:
|
||||
- path: /etc/coreos-home-server/rclone
|
||||
local: service/rclone/
|
||||
- path: /etc/systemd/system
|
||||
local: service/rclone/systemd/
|
|
@ -0,0 +1,3 @@
|
|||
[Unit]
|
||||
Wants=rclone-sync@var-lib-backups-coreos\x2dhome\x2dserver-%i.service
|
||||
After=rclone-sync@var-lib-backups-coreos\x2dhome\x2dserver-%i.service
|
|
@ -0,0 +1,15 @@
|
|||
[Unit]
|
||||
Description=Rclone Sync for /%I
|
||||
Wants=container-build@rclone.service
|
||||
After=container-build@rclone.service
|
||||
ConditionDirectoryNotEmpty=/%I
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
SyslogIdentifier=%N
|
||||
EnvironmentFile=%E/coreos-home-server/rclone/rclone.env
|
||||
ExecStart=/bin/podman run --rm --env-file %E/coreos-home-server/rclone/rclone.env \
|
||||
--volume /%I:/data:z localhost/rclone:latest sync /data ${RCLONE_DEST}
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
Loading…
Reference in New Issue