update backupbot label

.drone.yml

@@ -17,6 +17,7 @@ steps:
     environment:
       APP_INI_VERSION: v1
       DOCKER_SETUP_SH_VERSION: v1
+      PG_BACKUP_VERSION: v1
       DOMAIN: gitea.swarm-test.autonomic.zone
       GITEA_ALLOW_ONLY_EXTERNAL_REGISTRATION: true
       GITEA_APP_NAME: Git with solidaritea

.env.sample

@@ -3,6 +3,7 @@ TYPE=gitea
 DOMAIN=gitea.example.com
 LETS_ENCRYPT_ENV=production
 COMPOSE_FILE="compose.yml"
+ENABLE_BACKUPS=true
 COMPOSE_FILE="$COMPOSE_FILE:compose.mariadb.yml"
 # COMPOSE_FILE="$COMPOSE_FILE:compose.postgres.yml"
 

abra.sh

@@ -1,5 +1,6 @@
 export APP_INI_VERSION=v18
 export DOCKER_SETUP_SH_VERSION=v1
+export PG_BACKUP_VERSION=v1
 
 abra_backup_app() {
   _abra_backup_dir "app:/var/lib/gitea"

compose.mariadb.yml

@@ -11,10 +11,9 @@ services:
     image: "mariadb:10.11.2"
     deploy:
       labels:
-          backupbot.backup: "true"
           backupbot.backup.pre-hook: 'mysqldump --single-transaction -u root -p"$$(cat /run/secrets/db_root_password)" gitea > /var/lib/mysql/backup.sql'
-          backupbot.backup.post-hook: "rm -rf /var/lib/mysql/backup.sql"
+          backupbot.backup.volumes.mariadb.path: "backup.sql"
-          backupbot.backup.path: "/var/lib/mysql/backup.sql"
+          backupbot.restore.post-hook: "mariadb -u root -p\"$$(cat /run/secrets/db_root_password)\" gitea < /var/lib/mysql/backup.sql"
     command: |
       mysqld --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
     environment:
@@ -40,4 +39,3 @@ secrets:
 
 volumes:
   mariadb:
-  internal:

compose.postgres.yml

@@ -11,10 +11,9 @@ services:
     image: postgres:15.8
     deploy:
       labels:
-          backupbot.backup: "true"
+        backupbot.backup.pre-hook: "/pg_backup.sh backup"
-          backupbot.backup.pre-hook: "PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /var/lib/postgresql/data/backup.sql"
+        backupbot.backup.volumes.db.path: "backup.sql"
-          backupbot.backup.post-hook: "rm -r /var/lib/postgresql/data/backup.sql"
+        backupbot.restore.post-hook: '/pg_backup.sh restore'
-          backupbot.backup.path: "/var/lib/postgresql/data"
     environment: 
       - POSTGRES_DB=gitea
       - POSTGRES_USER=gitea
@@ -25,6 +24,10 @@ services:
       - db:/var/lib/postgresql/data
     networks:
       - internal
+    configs:
+        - source: pg_backup
+          target: /pg_backup.sh
+          mode: 0555
 
 secrets:
   db_password:
@@ -33,4 +36,8 @@ secrets:
 
 volumes:
   db:
-  internal:
+
+configs:
+  pg_backup:
+    name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION}
+    file: pg_backup.sh

compose.yml

@@ -71,7 +71,7 @@ services:
         failure_action: rollback
         order: start-first
       labels:
-        - "backupbot.backup=true"
+        - "backupbot.backup=${ENABLE_BACKUPS:-true}"
         - "traefik.enable=true"
         - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"

pg_backup.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+
+set -e
+
+BACKUP_FILE='/var/lib/postgresql/data/backup.sql'
+
+function backup {
+  export PGPASSWORD=$(cat $POSTGRES_PASSWORD_FILE)
+  pg_dump -U ${POSTGRES_USER} ${POSTGRES_DB} > $BACKUP_FILE
+}
+
+function restore {
+    cd /var/lib/postgresql/data/
+    restore_config(){
+        # Restore allowed connections
+        cat pg_hba.conf.bak > pg_hba.conf
+        su postgres -c 'pg_ctl reload'
+    }
+    # Don't allow any other connections than local
+    cp pg_hba.conf pg_hba.conf.bak
+    echo "local all all trust" > pg_hba.conf
+    su postgres -c 'pg_ctl reload'
+    trap restore_config EXIT INT TERM
+
+    # Recreate Database
+    psql -U ${POSTGRES_USER} -d postgres -c "DROP DATABASE ${POSTGRES_DB} WITH (FORCE);" 
+    createdb -U ${POSTGRES_USER} ${POSTGRES_DB}
+    psql -U ${POSTGRES_USER} -d ${POSTGRES_DB} -1 -f $BACKUP_FILE
+
+    trap - EXIT INT TERM
+    restore_config
+}
+
+$@