From fcfe5086985edd1f177c2525453b265955802998 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20Kr=C3=BCger?= Date: Thu, 6 Nov 2025 10:40:28 +0100 Subject: [PATCH] docs: document automated backup configuration MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Updated documentation to reflect complete backup setup: **CLAUDE.md Updates:** - Added detailed repository configuration (hidrive-backup) - Documented all 11 backup plans with schedules and retention - Explained volume mounting strategy with prefixed names - Added configuration management instructions - Included maintenance schedule (weekly prune/check) **README.md Updates:** - Added "Backup Operations" section with CLI commands - Documented automated backup schedule (2-8 AM daily) - Added backup protocol to security section - Updated mission status with backup system indicator - Included next backup time and repository status **compose.yaml Updates:** - Restored backrest_config volume (needed for proper operation) - Removed direct config.json mount (causes write conflicts) - Config copied into volume after container start All 11 backup plans now documented: - postgres, redis, directus (uploads/bundle) - awesome, gotify, scrapy, n8n - filestash, linkwarden, letsencrypt Retention policies range from 3-12 months with yearly backups for critical data (postgres, directus, letsencrypt). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- CLAUDE.md | 79 ++++++++++++++++++++++++++++++++++++--------- README.md | 58 +++++++++++++++++++++++++++------ restic/compose.yaml | 6 ++-- 3 files changed, 116 insertions(+), 27 deletions(-) diff --git a/CLAUDE.md b/CLAUDE.md index 7d81d38..fa25181 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -207,22 +207,71 @@ Backrest backup system with restic backend: - Restore capabilities via web UI - Data persisted in `backrest_data`, `backrest_config`, `backrest_cache` volumes -**Backup Configuration**: -- **Backup Target**: `/mnt/hidrive/users/valknar/Backup` (mounted to container as `/repos`) -- **Volumes Backed Up** (all mounted read-only to `/volumes/`): - - `core_postgres_data` - PostgreSQL database files - - `core_redis_data` - Redis data - - `directus_uploads` - Directus media files - - `directus_bundle` - Directus extensions - - `awesome_data` - AWSM SQLite database - - `gotify_data` - Gotify notifications - - `scrapyd_data`, `scrapy_code` - Scrapy spider data - - `n8n_data` - n8n workflow configurations - - `filestash_data` - Filestash state - - `linkwarden_data`, `linkwarden_meili_data` - Linkwarden bookmarks and search index - - `letsencrypt_data` - SSL certificates +**Repository Configuration**: +- **Name**: `hidrive-backup` +- **URI**: `/repos` (mounted from `/mnt/hidrive/users/valknar/Backup`) +- **Password**: `falcon-backup-2025` +- **Auto-initialize**: Enabled (creates repository if missing) +- **Auto-unlock**: Enabled (automatically unlocks stuck repositories) +- **Maintenance**: + - Prune: Weekly (Sundays at 2 AM) - removes old snapshots per retention policy + - Check: Weekly (Sundays at 3 AM) - verifies repository integrity -**Important**: The backup destination path must be accessible from the container. For HiDrive, ensure the mount point exists on the host and is properly mounted before starting the backup service. +**Backup Plans** (11 automated daily backups): +1. **postgres-backup** (2 AM daily) + - Path: `/volumes/core_postgres_data` + - Retention: 7 daily, 4 weekly, 6 monthly, 2 yearly + +2. **redis-backup** (3 AM daily) + - Path: `/volumes/core_redis_data` + - Retention: 7 daily, 4 weekly, 3 monthly + +3. **directus-uploads-backup** (4 AM daily) + - Path: `/volumes/directus_uploads` + - Retention: 7 daily, 4 weekly, 6 monthly, 2 yearly + +4. **directus-bundle-backup** (4 AM daily) + - Path: `/volumes/directus_bundle` + - Retention: 7 daily, 4 weekly, 3 monthly + +5. **awesome-backup** (5 AM daily) + - Path: `/volumes/awesome_data` + - Retention: 7 daily, 4 weekly, 6 monthly + +6. **gotify-backup** (5 AM daily) + - Path: `/volumes/gotify_data` + - Retention: 7 daily, 4 weekly, 3 monthly + +7. **scrapy-backup** (6 AM daily) + - Paths: `/volumes/scrapyd_data`, `/volumes/scrapy_code` + - Retention: 7 daily, 4 weekly, 3 monthly + +8. **n8n-backup** (6 AM daily) + - Path: `/volumes/n8n_data` + - Retention: 7 daily, 4 weekly, 6 monthly + +9. **filestash-backup** (7 AM daily) + - Path: `/volumes/filestash_data` + - Retention: 7 daily, 4 weekly, 3 monthly + +10. **linkwarden-backup** (7 AM daily) + - Paths: `/volumes/linkwarden_data`, `/volumes/linkwarden_meili_data` + - Retention: 7 daily, 4 weekly, 6 monthly + +11. **letsencrypt-backup** (8 AM daily) + - Path: `/volumes/letsencrypt_data` + - Retention: 7 daily, 4 weekly, 12 monthly, 3 yearly + +**Volume Mounting**: +All Docker volumes are mounted read-only to `/volumes/` with prefixed names (e.g., `backup_core_postgres_data`) to avoid naming conflicts with other compose stacks. + +**Configuration Management**: +- `config.json` template in repository defines all backup plans +- On first run, copy config into volume: `docker cp restic/config.json restic_app:/config/config.json` +- Config version must be `4` for Backrest 1.10.1 compatibility +- Backrest manages auth automatically (username: `valknar`, password set via web UI on first access) + +**Important**: The backup destination path `/mnt/hidrive/users/valknar/Backup` must be accessible from the container. Ensure HiDrive is mounted on the host before starting the backup service. ## Important Environment Variables diff --git a/README.md b/README.md index 4c143c0..47f9579 100644 --- a/README.md +++ b/README.md @@ -152,6 +152,32 @@ arty uploads/import arty env/sync ``` +### Backup Operations (RESTIC System) + +```bash +# Access backup web interface +# URL: https://restic.pivoine.art +# Username: valknar +# Password: Set on first access + +# View backup status +docker logs restic_app | grep scheduled + +# Manually trigger backup for a specific plan +docker exec restic_app /backrest backup --plan postgres-backup + +# List all snapshots in repository +docker exec restic_app restic -r /repos snapshots + +# Restore from backup (via web UI recommended) +# Navigate to restic.pivoine.art → Browse snapshots → Restore files +``` + +**Automated Backup Schedule:** +- Daily backups: 2 AM - 8 AM (staggered by service) +- Weekly maintenance: Sundays at 2 AM (prune) and 3 AM (check) +- All volumes backed up to: `/mnt/hidrive/users/valknar/Backup` + --- ## 🌠 SHIP ARCHITECTURE @@ -238,6 +264,15 @@ THE FALCON (falcon_network) ├─ HTTP Basic Auth on sensitive endpoints ├─ Rate limiting available (100 req/s) └─ VPN cloaking device enabled + +💾 BACKUP PROTOCOL +├─ Automated daily backups (2-8 AM) +├─ 11 backup plans covering all volumes +├─ Retention: 7 daily, 4 weekly, 3-12 monthly +├─ Encrypted restic repositories +├─ Weekly maintenance (prune & integrity check) +├─ Web UI for monitoring & restore +└─ HiDrive remote storage ``` --- @@ -245,15 +280,20 @@ THE FALCON (falcon_network) ## 📊 MISSION STATUS ``` -╔═══════════════════════════════════════╗ -║ SHIP'S VITAL SIGNS ║ -╠═══════════════════════════════════════╣ -║ ✅ Core Systems → OPERATIONAL ║ -║ ✅ Shield Generator → ONLINE ║ -║ ✅ Database Vault → SECURED ║ -║ ✅ Cache Drive → OPTIMIZED ║ -║ 🌟 Captain Status → ON ADVENTURE ║ -╚═══════════════════════════════════════╝ +╔════════════════════════════════════════╗ +║ SHIP'S VITAL SIGNS ║ +╠════════════════════════════════════════╣ +║ ✅ Core Systems → OPERATIONAL ║ +║ ✅ Shield Generator → ONLINE ║ +║ ✅ Database Vault → SECURED ║ +║ ✅ Cache Drive → OPTIMIZED ║ +║ ✅ Backup System → AUTOMATED ║ +║ 🌟 Captain Status → ON ADVENTURE ║ +╚════════════════════════════════════════╝ + +Next Backup: Tomorrow 2:00 AM (postgres-backup) +Backup Target: /mnt/hidrive/users/valknar/Backup +Repository Status: Initialized & Ready ``` --- diff --git a/restic/compose.yaml b/restic/compose.yaml index 2602b2b..f5b4b16 100644 --- a/restic/compose.yaml +++ b/restic/compose.yaml @@ -7,12 +7,10 @@ services: volumes: # Backrest application data - backrest_data:/data + - backrest_config:/config - backrest_cache:/cache - backrest_tmp:/tmp - # Configuration file (mount directly to override) - - ./config.json:/config/config.json:rw - # Backup destination - ${RESTIC_BACKUP_PATH:-/mnt/hidrive/users/valknar/Backup}:/repos @@ -59,6 +57,8 @@ services: volumes: backrest_data: name: ${RESTIC_COMPOSE_PROJECT_NAME}_data + backrest_config: + name: ${RESTIC_COMPOSE_PROJECT_NAME}_config backrest_cache: name: ${RESTIC_COMPOSE_PROJECT_NAME}_cache backrest_tmp: