Backups

For backups, restic is used. The SFTP backend is used, for simplicity. Both sender and receiver profile classes exist (profiles::backup::sender and profiles::backup::receiver).

In addition to that there are private Hiera data files on the puppetserver in /etc/puppetlabs/puppet/data which are not tracked in git. This contains the backup passwords to encrypt the data.

Adding a receiver target

The profiles::backup::receiver class has a parameter targets which is an array of target names. This gets converted into instances of profiles::backup::receiver::target. Add the short hostname to this array in data/common.yaml

Adding a sender

First, add a password in /etc/puppetlabs/puppet/data/nodes/HOSTNAME.yaml on the puppetserver:

---
restic::password: "ThePassword"

A password can be generated using pwgen -y -s 25.

TODO: securely store this TODO: shared storage?

Keys	Action
`?`	Open this help
`n`	Next page
`p`	Previous page
`s`	Search