Matrix backup draft

3 files changed, 111 insertions, 0 deletions

diff --git a/app/backup/build/backup-matrix/Dockerfile b/app/backup/build/backup-matrix/Dockerfile
new file mode 100644
index 0000000..34b6040
--- /dev/null
+++ b/app/backup/build/backup-matrix/Dockerfile
@@ -0,0 +1,22 @@
+FROM golang:buster as builder
+
+WORKDIR /root
+RUN git clone https://filippo.io/age && cd age/cmd/age && go build -o age .
+
+FROM amd64/debian:buster
+
+COPY --from=builder /root/age/cmd/age/age /usr/local/bin/age
+
+RUN apt-get update && \
+	apt-get -qq -y full-upgrade && \
+	apt-get install -y rsync wget openssh-client postgresql-client && \
+	apt-get clean && \
+	rm -f /var/lib/apt/lists/*_*
+
+RUN mkdir -p /root/.ssh
+WORKDIR /root
+
+COPY do_backup.sh /root/do_backup.sh
+
+CMD "/root/do_backup.sh"
+
diff --git a/app/backup/build/backup-matrix/do_backup.sh b/app/backup/build/backup-matrix/do_backup.sh
new file mode 100755
index 0000000..d7dd9f2
--- /dev/null
+++ b/app/backup/build/backup-matrix/do_backup.sh
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+set -x -e
+
+cd /root
+
+chmod 0600 .ssh/id_ed25519
+
+cat > .ssh/config <<EOF
+Host backuphost
+	HostName $TARGET_SSH_HOST
+	Port $TARGET_SSH_PORT
+	User $TARGET_SSH_USER
+EOF
+
+echo "export sql"
+# note, -Fc means that postgresql compresses the output
+PGPASSWORD=$MATRIX_PSQL_PWD
+pg_dump -v -Fc -U $MATRIX_PSQL_USER -h psql-proxy.service.2.cluster.deuxfleurs.fr $MATRIX_PSQL_DB | \
+	age -r "$(cat /root/.ssh/id_ed25519.pub)" | \
+	ssh backuphost "cat > $TARGET_SSH_DIR/matrix/db-$(date --iso-8601=minute).gz.age"
+
+MATRIX_MEDIA="/mnt/glusterfs/chat/matrix/synapse/media"
+echo "export local_content"
+tar -vcf - ${MATRIX_MEDIA} | \
+	age -r "$(cat /root/.ssh/id_ed25519.pub)" | \
+	ssh backuphost "cat > $TARGET_SSH_DIR/matrix/media-$(date --iso-8601=minute).gz.age"
diff --git a/app/backup/deploy/backup-manual.hcl b/app/backup/deploy/backup-manual.hcl
new file mode 100644
index 0000000..2e6ffef
--- /dev/null
+++ b/app/backup/deploy/backup-manual.hcl
@@ -0,0 +1,62 @@
+job "backup_manual" {
+	datacenters = ["dc1"]
+
+	type = "batch"
+
+	task "backup-matrix" {
+		driver = "docker"
+
+			config {
+				image = "superboum/backup_matrix:1"
+				volumes = [
+					"secrets/id_ed25519:/root/.ssh/id_ed25519",
+					"secrets/id_ed25519.pub:/root/.ssh/id_ed25519.pub",
+					"secrets/known_hosts:/root/.ssh/known_hosts"
+				]
+				network_mode = "host"
+			}
+
+		env {
+			CONSUL_HTTP_ADDR = "http://consul.service.2.cluster.deuxfleurs.fr:8500"
+		}
+
+		template {
+			data = <<EOH
+TARGET_SSH_USER={{ key "secrets/backup/target_ssh_user" }}
+TARGET_SSH_PORT={{ key "secrets/backup/target_ssh_port" }}
+TARGET_SSH_HOST={{ key "secrets/backup/target_ssh_host" }}
+TARGET_SSH_DIR={{ key "secrets/backup/target_ssh_dir" }}
+MATRIX_PSQL_DB={{ key "secrets/chat/synapse/postgres_db" }}
+MATRIX_PSQL_USER={{ key "secrets/chat/synapse/postgres_user" }}
+MATRIX_PSQL_PWD={{ key "secrets/chat/synapse/postgres_pwd" }}
+EOH
+
+			destination = "secrets/env_vars"
+			env = true
+		}
+
+		template {
+			data = "{{ key \"secrets/backup/id_ed25519\" }}"
+			destination = "secrets/id_ed25519"
+		}
+		template {
+			data = "{{ key \"secrets/backup/id_ed25519.pub\" }}"
+			destination = "secrets/id_ed25519.pub"
+		}
+		template {
+			data = "{{ key \"secrets/backup/target_ssh_fingerprint\" }}"
+			destination = "secrets/known_hosts"
+		}
+
+		resources {
+			memory = 200
+		}
+
+		restart {
+			attempts = 2
+			interval = "30m"
+			delay = "15s"
+			mode = "fail"
+		}
+	}
+}