diff options
| author | Quentin Dufour <quentin@deuxfleurs.fr> | 2021-03-06 19:52:13 +0100 |
|---|---|---|
| committer | Quentin Dufour <quentin@deuxfleurs.fr> | 2021-03-06 19:52:13 +0100 |
| commit | d1a4ed0f7918005dc8972a83a919b99616f79112 (patch) | |
| tree | d2caef2ba920d32a3bc4be453bb6aa044f0d7ed5 /app | |
| parent | 27963ca089bcbfc57313550bb4e466531755ae93 (diff) | |
| download | infrastructure-d1a4ed0f7918005dc8972a83a919b99616f79112.tar.gz infrastructure-d1a4ed0f7918005dc8972a83a919b99616f79112.zip | |
Matrix backup draft
Diffstat (limited to 'app')
| -rw-r--r-- | app/backup/build/backup-matrix/Dockerfile | 22 | ||||
| -rwxr-xr-x | app/backup/build/backup-matrix/do_backup.sh | 27 | ||||
| -rw-r--r-- | app/backup/deploy/backup-manual.hcl | 62 | ||||
| -rw-r--r-- | app/docker-compose.yml | 10 |
4 files changed, 121 insertions, 0 deletions
diff --git a/app/backup/build/backup-matrix/Dockerfile b/app/backup/build/backup-matrix/Dockerfile new file mode 100644 index 0000000..34b6040 --- /dev/null +++ b/app/backup/build/backup-matrix/Dockerfile @@ -0,0 +1,22 @@ +FROM golang:buster as builder + +WORKDIR /root +RUN git clone https://filippo.io/age && cd age/cmd/age && go build -o age . + +FROM amd64/debian:buster + +COPY --from=builder /root/age/cmd/age/age /usr/local/bin/age + +RUN apt-get update && \ + apt-get -qq -y full-upgrade && \ + apt-get install -y rsync wget openssh-client postgresql-client && \ + apt-get clean && \ + rm -f /var/lib/apt/lists/*_* + +RUN mkdir -p /root/.ssh +WORKDIR /root + +COPY do_backup.sh /root/do_backup.sh + +CMD "/root/do_backup.sh" + diff --git a/app/backup/build/backup-matrix/do_backup.sh b/app/backup/build/backup-matrix/do_backup.sh new file mode 100755 index 0000000..d7dd9f2 --- /dev/null +++ b/app/backup/build/backup-matrix/do_backup.sh @@ -0,0 +1,27 @@ +#!/bin/sh + +set -x -e + +cd /root + +chmod 0600 .ssh/id_ed25519 + +cat > .ssh/config <<EOF +Host backuphost + HostName $TARGET_SSH_HOST + Port $TARGET_SSH_PORT + User $TARGET_SSH_USER +EOF + +echo "export sql" +# note, -Fc means that postgresql compresses the output +PGPASSWORD=$MATRIX_PSQL_PWD +pg_dump -v -Fc -U $MATRIX_PSQL_USER -h psql-proxy.service.2.cluster.deuxfleurs.fr $MATRIX_PSQL_DB | \ + age -r "$(cat /root/.ssh/id_ed25519.pub)" | \ + ssh backuphost "cat > $TARGET_SSH_DIR/matrix/db-$(date --iso-8601=minute).gz.age" + +MATRIX_MEDIA="/mnt/glusterfs/chat/matrix/synapse/media" +echo "export local_content" +tar -vcf - ${MATRIX_MEDIA} | \ + age -r "$(cat /root/.ssh/id_ed25519.pub)" | \ + ssh backuphost "cat > $TARGET_SSH_DIR/matrix/media-$(date --iso-8601=minute).gz.age" diff --git a/app/backup/deploy/backup-manual.hcl b/app/backup/deploy/backup-manual.hcl new file mode 100644 index 0000000..2e6ffef --- /dev/null +++ b/app/backup/deploy/backup-manual.hcl @@ -0,0 +1,62 @@ +job "backup_manual" { + datacenters = ["dc1"] + + type = "batch" + + task "backup-matrix" { + driver = "docker" + + config { + image = "superboum/backup_matrix:1" + volumes = [ + "secrets/id_ed25519:/root/.ssh/id_ed25519", + "secrets/id_ed25519.pub:/root/.ssh/id_ed25519.pub", + "secrets/known_hosts:/root/.ssh/known_hosts" + ] + network_mode = "host" + } + + env { + CONSUL_HTTP_ADDR = "http://consul.service.2.cluster.deuxfleurs.fr:8500" + } + + template { + data = <<EOH +TARGET_SSH_USER={{ key "secrets/backup/target_ssh_user" }} +TARGET_SSH_PORT={{ key "secrets/backup/target_ssh_port" }} +TARGET_SSH_HOST={{ key "secrets/backup/target_ssh_host" }} +TARGET_SSH_DIR={{ key "secrets/backup/target_ssh_dir" }} +MATRIX_PSQL_DB={{ key "secrets/chat/synapse/postgres_db" }} +MATRIX_PSQL_USER={{ key "secrets/chat/synapse/postgres_user" }} +MATRIX_PSQL_PWD={{ key "secrets/chat/synapse/postgres_pwd" }} +EOH + + destination = "secrets/env_vars" + env = true + } + + template { + data = "{{ key \"secrets/backup/id_ed25519\" }}" + destination = "secrets/id_ed25519" + } + template { + data = "{{ key \"secrets/backup/id_ed25519.pub\" }}" + destination = "secrets/id_ed25519.pub" + } + template { + data = "{{ key \"secrets/backup/target_ssh_fingerprint\" }}" + destination = "secrets/known_hosts" + } + + resources { + memory = 200 + } + + restart { + attempts = 2 + interval = "30m" + delay = "15s" + mode = "fail" + } + } +} diff --git a/app/docker-compose.yml b/app/docker-compose.yml index da70c45..556996c 100644 --- a/app/docker-compose.yml +++ b/app/docker-compose.yml @@ -89,3 +89,13 @@ services: # https://packages.debian.org/fr/buster/postfix VERSION: 3.4.14-0+deb10u1 image: superboum/amd64_postfix:v3 + + backup-consul: + build: + context: ./backup/build/backup-consul + image: lxpz/backup_consul:12 + + backup-matrix: + build: + context: ./backup/build/backup-matrix + image: superboum/backup_matrix:1 |