Add backup service

backup/.env

@@ -0,0 +1,7 @@
+HC_UID=
+
+RESTIC_REPOSITORY=
+RESTIC_PASSWORD=
+
+AWS_ACCESS_KEY_ID=
+AWS_SECRET_ACCESS_KEY=

backup/.gitignore

@@ -0,0 +1,2 @@
+/mailcheck.mail
+/msmtprc

backup/Dockerfile

@@ -0,0 +1,6 @@
+FROM ubuntu
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt update -y \
+	&& apt install -y curl restic

backup/backup.service

@@ -0,0 +1,4 @@
+[Service]
+Type=oneshot
+ExecStart=/opt/services/backup/backup.sh
+WorkingDirectory=/opt/services/backup/

backup/backup.sh

@@ -0,0 +1,60 @@
+#!/usr/bin/env sh
+
+set -e
+
+set -a
+. "/opt/services/backup/.env"
+. "/opt/services/backup/.secret.env"
+set +a
+
+hc_url="https://hc-ping.com/$HC_UID"
+
+curl -fsSL --retry 3 "$hc_url/start" >/dev/null
+
+BACKUP_LOCATION="/tmp/backup-misc"
+
+rm -rf "$BACKUP_LOCATION"
+mkdir -p "$BACKUP_LOCATION"
+cd "$BACKUP_LOCATION" || exit
+
+_hc_fail () {
+	curl -fsSL --retry 3 "$hc_url/fail"
+	exit 1
+}
+
+_backup_prepare_postgres () {
+	mkdir -p "$BACKUP_LOCATION/postgres"
+	cd "$BACKUP_LOCATION/postgres" || exit
+
+	postgres_tables=$(sudo -u postgres psql -Atc "SELECT datname FROM pg_database WHERE datistemplate = false;")
+
+	for i in $postgres_tables
+	do
+		echo "dumping $i"
+		sudo -u postgres pg_dump "$i" | gzip >"pg_dump_$i.gz"
+		echo "done with $i"
+		echo ""
+	done
+
+	echo "dumping all"
+	sudo -u postgres pg_dumpall | gzip >"pg_dumpall.gz"
+}
+
+_backup_prepare_mailcow () {
+	export MAILCOW_BACKUP_LOCATION="$BACKUP_LOCATION/mailcow"
+	mkdir -p "$MAILCOW_BACKUP_LOCATION"
+	/opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh \
+		backup all --delete-days 3
+}
+
+echo ""
+echo "preparing postgres"
+time _backup_prepare_postgres >/tmp/backup-postgres.log || _hc_fail
+echo ""
+echo "preparing mailcow"
+time _backup_prepare_mailcow >/tmp/backup-mailcow.log || _hc_fail
+
+cd /opt/services/backup/
+docker compose run --rm backup || _hc_fail
+
+curl -fsSL --retry 3 "$hc_url"

backup/backup.timer

@@ -0,0 +1,4 @@
+[Timer]
+OnCalendar=*-*-* 04:10:00
+[Install]
+WantedBy=timers.target

backup/docker-compose.yml

@@ -0,0 +1,31 @@
+version: "3.7"
+
+services:
+  backup:
+    build:
+      context: .
+    image: backup
+    restart: never
+    env_file:
+      - .env
+      - .secret.env
+    volumes:
+      - /tmp/backup-misc:/backup/misc
+      - gitea_data:/backup/volumes/gitea_data
+      - influxdb_data:/backup/volumes/influxdb_data
+      - reitanlage_data:/backup/volumes/reitanlage_data
+      - synapse_media_store:/backup/volumes/synapse_media_store
+      - tandoor_mediafiles:/backup/volumes/tandoor_mediafiles
+    command: restic backup /backup
+
+volumes:
+  gitea_data:
+    external: true
+  influxdb_data:
+    external: true
+  reitanlage_data:
+    external: true
+  synapse_media_store:
+    external: true
+  tandoor_mediafiles:
+    external: true