From 9dffdfde39805c9098c8456b7909d914cdf4d507 Mon Sep 17 00:00:00 2001
From: Simon <simonthiessen@posteo.de>
Date: Tue, 26 Nov 2024 18:56:01 +0100
Subject: [PATCH] update backupbot labels

---
 .drone.yml   |  1 +
 .env.sample  |  1 +
 abra.sh      |  1 +
 compose.yml  | 14 +++++++++++---
 pg_backup.sh | 34 ++++++++++++++++++++++++++++++++++
 5 files changed, 48 insertions(+), 3 deletions(-)
 create mode 100644 pg_backup.sh

diff --git a/.drone.yml b/.drone.yml
index 458ac12..00e0d1e 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -19,6 +19,7 @@ steps:
       LETS_ENCRYPT_ENV: production
       CRON_ENTRYPOINT_VERSION: v1
       PRETIX_CONFIG_VERSION: v1
+      PG_BACKUP_VERSION: v1
 trigger:
   branch:
     - main
diff --git a/.env.sample b/.env.sample
index 6f16858..5c93359 100644
--- a/.env.sample
+++ b/.env.sample
@@ -6,6 +6,7 @@ DOMAIN=pretix.example.com
 #EXTRA_DOMAINS=', `www.pretix.example.com`'
 
 LETS_ENCRYPT_ENV=production
+ENABLE_BACKUPS=true
 
 SECRET_DB_PASSWORD_VERSION=v1
 SECRET_DJANGO_SECRET_KEY_VERSION=v1
diff --git a/abra.sh b/abra.sh
index edb4e8e..e11dd7c 100644
--- a/abra.sh
+++ b/abra.sh
@@ -1,2 +1,3 @@
 export PRETIX_CONFIG_VERSION=v1
 export CRON_ENTRYPOINT_VERSION=v1
+export PG_BACKUP_VERSION=v1
diff --git a/compose.yml b/compose.yml
index 4d70cc2..8a2a331 100644
--- a/compose.yml
+++ b/compose.yml
@@ -45,6 +45,10 @@ services:
       POSTGRES_DB: pretix
     secrets:
       - db_password
+    configs:
+      - source: pg_backup
+        target: /pg_backup.sh
+        mode: 0555
     healthcheck:
       test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
       interval: 10s
@@ -52,9 +56,10 @@ services:
       retries: 5
     deploy:
       labels:
-            backupbot.backup: "true"
-            backupbot.backup.pre-hook: "PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /var/lib/postgresql/data/backup.sql"
-            backupbot.backup.post-hook: "rm -rf /var/lib/postgresql/data/backup.sql"
+        backupbot.backup: "${ENABLE_BACKUPS:-true}"
+        backupbot.backup.pre-hook: "/pg_backup.sh backup" 
+        backupbot.backup.volumes.database.path: "backup.sql"
+        backupbot.restore.post-hook: '/pg_backup.sh restore'
 
   redis:
     image: redis:7.0.10-alpine
@@ -94,6 +99,9 @@ configs:
   cron_entrypoint:
     name: ${STACK_NAME}_cron_entrypoint_${CRON_ENTRYPOINT_VERSION}
     file: entrypoint.cron.sh
+  pg_backup:
+    name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION}
+    file: pg_backup.sh
 
 networks:
   proxy:
diff --git a/pg_backup.sh b/pg_backup.sh
new file mode 100644
index 0000000..e83074d
--- /dev/null
+++ b/pg_backup.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+set -e
+
+BACKUP_FILE='/var/lib/postgresql/data/backup.sql'
+
+function backup {
+  export PGPASSWORD=$(cat /run/secrets/db_password)
+  pg_dump -U ${POSTGRES_USER} ${POSTGRES_DB} > $BACKUP_FILE
+}
+
+function restore {
+    cd /var/lib/postgresql/data/
+    restore_config(){
+        # Restore allowed connections
+        cat pg_hba.conf.bak > pg_hba.conf
+        su postgres -c 'pg_ctl reload'
+    }
+    # Don't allow any other connections than local
+    cp pg_hba.conf pg_hba.conf.bak
+    echo "local all all trust" > pg_hba.conf
+    su postgres -c 'pg_ctl reload'
+    trap restore_config EXIT INT TERM
+
+    # Recreate Database
+    psql -U ${POSTGRES_USER} -d postgres -c "DROP DATABASE ${POSTGRES_DB} WITH (FORCE);" 
+    createdb -U ${POSTGRES_USER} ${POSTGRES_DB}
+    psql -U ${POSTGRES_USER} -d ${POSTGRES_DB} -1 -f $BACKUP_FILE
+
+    trap - EXIT INT TERM
+    restore_config
+}
+
+$@