diff --git a/.drone.yml b/.drone.yml index 1dacea80..2eb49c80 100644 --- a/.drone.yml +++ b/.drone.yml @@ -17,6 +17,7 @@ steps: environment: APP_INI_VERSION: v1 DOCKER_SETUP_SH_VERSION: v1 + PG_BACKUP_VERSION: v1 DOMAIN: gitea.swarm-test.autonomic.zone GITEA_ALLOW_ONLY_EXTERNAL_REGISTRATION: true GITEA_APP_NAME: Git with solidaritea diff --git a/.env.sample b/.env.sample index 201bd65c..7ef6a7a9 100644 --- a/.env.sample +++ b/.env.sample @@ -3,6 +3,7 @@ TYPE=gitea DOMAIN=gitea.example.com LETS_ENCRYPT_ENV=production COMPOSE_FILE="compose.yml" +ENABLE_BACKUPS=true COMPOSE_FILE="$COMPOSE_FILE:compose.mariadb.yml" # COMPOSE_FILE="$COMPOSE_FILE:compose.postgres.yml" diff --git a/abra.sh b/abra.sh index f16a75bc..61e8dd70 100644 --- a/abra.sh +++ b/abra.sh @@ -1,5 +1,6 @@ export APP_INI_VERSION=v18 export DOCKER_SETUP_SH_VERSION=v1 +export PG_BACKUP_VERSION=v1 abra_backup_app() { _abra_backup_dir "app:/var/lib/gitea" diff --git a/compose.mariadb.yml b/compose.mariadb.yml index 4fc83f21..301da3bb 100644 --- a/compose.mariadb.yml +++ b/compose.mariadb.yml @@ -11,10 +11,9 @@ services: image: "mariadb:10.11.2" deploy: labels: - backupbot.backup: "true" backupbot.backup.pre-hook: 'mysqldump --single-transaction -u root -p"$$(cat /run/secrets/db_root_password)" gitea > /var/lib/mysql/backup.sql' - backupbot.backup.post-hook: "rm -rf /var/lib/mysql/backup.sql" - backupbot.backup.path: "/var/lib/mysql/backup.sql" + backupbot.backup.volumes.mariadb.path: "backup.sql" + backupbot.restore.post-hook: "mariadb -u root -p\"$$(cat /run/secrets/db_root_password)\" gitea < /var/lib/mysql/backup.sql" command: | mysqld --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci environment: @@ -40,4 +39,3 @@ secrets: volumes: mariadb: - internal: diff --git a/compose.postgres.yml b/compose.postgres.yml index 2f237287..24571b06 100644 --- a/compose.postgres.yml +++ b/compose.postgres.yml @@ -11,10 +11,9 @@ services: image: postgres:15.8 deploy: labels: - backupbot.backup: "true" - backupbot.backup.pre-hook: "PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /var/lib/postgresql/data/backup.sql" - backupbot.backup.post-hook: "rm -r /var/lib/postgresql/data/backup.sql" - backupbot.backup.path: "/var/lib/postgresql/data" + backupbot.backup.pre-hook: "/pg_backup.sh backup" + backupbot.backup.volumes.db.path: "backup.sql" + backupbot.restore.post-hook: '/pg_backup.sh restore' environment: - POSTGRES_DB=gitea - POSTGRES_USER=gitea @@ -25,6 +24,10 @@ services: - db:/var/lib/postgresql/data networks: - internal + configs: + - source: pg_backup + target: /pg_backup.sh + mode: 0555 secrets: db_password: @@ -33,4 +36,8 @@ secrets: volumes: db: - internal: + +configs: + pg_backup: + name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION} + file: pg_backup.sh diff --git a/compose.yml b/compose.yml index 2a6ca810..e9607ff2 100644 --- a/compose.yml +++ b/compose.yml @@ -71,7 +71,7 @@ services: failure_action: rollback order: start-first labels: - - "backupbot.backup=true" + - "backupbot.backup=${ENABLE_BACKUPS:-true}" - "traefik.enable=true" - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)" - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" diff --git a/pg_backup.sh b/pg_backup.sh new file mode 100644 index 00000000..40298037 --- /dev/null +++ b/pg_backup.sh @@ -0,0 +1,34 @@ +#!/bin/bash + +set -e + +BACKUP_FILE='/var/lib/postgresql/data/backup.sql' + +function backup { + export PGPASSWORD=$(cat $POSTGRES_PASSWORD_FILE) + pg_dump -U ${POSTGRES_USER} ${POSTGRES_DB} > $BACKUP_FILE +} + +function restore { + cd /var/lib/postgresql/data/ + restore_config(){ + # Restore allowed connections + cat pg_hba.conf.bak > pg_hba.conf + su postgres -c 'pg_ctl reload' + } + # Don't allow any other connections than local + cp pg_hba.conf pg_hba.conf.bak + echo "local all all trust" > pg_hba.conf + su postgres -c 'pg_ctl reload' + trap restore_config EXIT INT TERM + + # Recreate Database + psql -U ${POSTGRES_USER} -d postgres -c "DROP DATABASE ${POSTGRES_DB} WITH (FORCE);" + createdb -U ${POSTGRES_USER} ${POSTGRES_DB} + psql -U ${POSTGRES_USER} -d ${POSTGRES_DB} -1 -f $BACKUP_FILE + + trap - EXIT INT TERM + restore_config +} + +$@