[arch-devops] Offsite backups now in effect

[Sven-Hendrik Haase]

Hey everyone,

During my vacation, I found some time to tackle the offsite backups thing.
So let me break it down:

- We now have an offsite backup location provided by rsync.net and based in
Switzerland.
- Access the account data from the vault.
- You all should have SSH access already via SSH keys (we have full
authorized_keys file access)
- All current machines were configured to use this offsite backup.
- The offsite backup step runs as a separate backup right after the first
one.
- The offsite backups were tested and it appears to be working fine on all
machines.
- Payment-wise everything is managed by SPI directly (no reimbursements
required) and I'm currently the rsync.net liaison and point of contact.
This should be changed to a generic private mail that we can point to in
order to mitigate the bus factor.
- We should consider how to do 2FA with rsync.net in a DevOps meeting.
- I had to do quite some Ansible gymnastics in order to configure the
rsync.net machine as it doesn't have Python and is, in general, a pretty
restricted environment so we have a new role next to borg-server called
rsync_net.
- During all of this I cleaned up a few things surrounding borg and I
mostly/fully made it so that we can fairly easily add more different
offsite locations.
- Giancarlo reviewed my changes. Thanks!

I might have forgotten somethings but this is pretty much the most
important bit.

Enjoy,
Sven
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.archlinux.org/pipermail/arch-devops/attachments/20200311/c6c73563/attachment.htm>