valknar/stacks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: absorb _backup and _update into stacks.sh

Browse Source 
- Inline update logic (pull → compare digests → up -d → prune → notify)
- Inline backup logic with dynamic Postgres detection: any running
  <stack>_db container is dumped using the <stack>/<stack> convention
- Systemd unit files are now generated on `install` from embedded
  heredocs pointing at stacks.sh itself — no external scripts needed
- Root .env (WEBHOOK_URL, RESTIC_REPOSITORY, RESTIC_PASSWORD) replaces
  the per-service .env files in _backup/ and _update/
- Remove _backup/ and _update/ directories entirely
- Update README accordingly

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Sebastian Krüger
2026-06-16 20:56:04 +02:00
parent e3cd2df372
commit fcff6f3298
11 changed files with 238 additions and 253 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+22 -31
View File
@@ -20,11 +20,11 @@ Each stack is independently deployable with its own `compose.yml` and `.env`. Al
## Tools
| File/Directory | Description |
| File | Description |
|---|---|
| `stacks.sh` | CLI to manage stacks, services, and scaffolding |
| `_backup` | Daily restic backups to HiDrive (host script + systemd timer) |
| `_update` | Nightly image update check + prune (host script + systemd timer) |
| `stacks.sh` | CLI to manage stacks, services, scaffolding, updates, and backups |
| `.env` | Root config: `WEBHOOK_URL`, `RESTIC_REPOSITORY`, `RESTIC_PASSWORD` (gitignored) |
| `.env.example` | Template for the root `.env` |
## stacks.sh
@@ -50,16 +50,16 @@ Each stack is independently deployable with its own `compose.yml` and `.env`. Al
./stacks.sh run passbolt passbolt bin/cake passbolt healthcheck
```
**Service management:**
**Service management** (reads `WEBHOOK_URL`, `RESTIC_REPOSITORY`, `RESTIC_PASSWORD` from root `.env`):
```bash
./stacks.sh update install # link & enable systemd update timer
./stacks.sh update install # write & enable systemd update timer
./stacks.sh update run # run update now
./stacks.sh update status # show timer/service status
./stacks.sh update logs # show journal logs
./stacks.sh backup install # link & enable systemd backup timer
./stacks.sh backup run # run backup now
./stacks.sh backup install # write & enable systemd backup timer
./stacks.sh backup run # run backup now (auto-detects <stack>_db containers)
./stacks.sh backup snapshots # list restic snapshots
```
@@ -105,38 +105,29 @@ All stacks share the external `falcon_network` Docker network for inter-service
## Backup
The `_backup` stack runs a daily restic backup at 3:00 AM. It dumps all Postgres databases, then backs up the entire `.data/` directory to HiDrive. Retention: 7 daily, 4 weekly, 6 monthly snapshots. Notifications go to Telegram via n8n.
Runs daily at 3:00 AM via a systemd timer. Detects Postgres databases automatically by convention (`<stack>_db` container, user `<stack>`, database `<stack>`), dumps each one, then runs a full restic backup of `.data/`. Retention: 7 daily, 4 weekly, 6 monthly. Notifications go to Telegram via n8n.
```bash
# Deploy backup stack
rsync -avz _backup/ vps:~/stacks/_backup/
# First-time setup on VPS
cp .env.example .env && $EDITOR .env # set RESTIC_REPOSITORY, RESTIC_PASSWORD, WEBHOOK_URL
restic init # initialise restic repo (uses vars from .env)
# Initialize restic repo (first time only)
ssh vps 'source ~/stacks/_backup/.env && restic init -r /mnt/hidrive/users/valknar/Backup/stacks'
# Install systemd units (or use stacks.sh on the VPS)
ssh vps '~/stacks/stacks.sh backup install'
# Manual run / status
ssh vps '~/stacks/stacks.sh backup run'
ssh vps '~/stacks/stacks.sh backup status'
ssh vps '~/stacks/stacks.sh backup snapshots'
./stacks.sh backup install # write & enable systemd unit + timer
./stacks.sh backup run # test run
./stacks.sh backup snapshots # list snapshots
./stacks.sh backup status # timer/service status
./stacks.sh backup logs # journald logs
```
## Updates
The `_update` script runs nightly at 2:00 AM. It pulls the latest image for every stack, recreates any containers whose image changed, prunes dangling images, and sends a Telegram notification via n8n.
Runs nightly at 2:00 AM via a systemd timer. Pulls the latest image for every stack, recreates any container whose image changed, prunes dangling images, and sends a Telegram notification via n8n.
```bash
# Deploy update stack
rsync -avz _update/ vps:~/stacks/_update/
# Install systemd units (or use stacks.sh on the VPS)
ssh vps '~/stacks/stacks.sh update install'
# Manual run / status
ssh vps '~/stacks/stacks.sh update run'
ssh vps '~/stacks/stacks.sh update status'
./stacks.sh update install # write & enable systemd unit + timer
./stacks.sh update run # test run
./stacks.sh update status # timer/service status
./stacks.sh update logs # journald logs
```
## Notifications