stuff

.vscode/tasks.json

@@ -80,6 +80,16 @@
             "panel": "dedicated"
         }
     },
+    {
+        "label": "Deploy: backup",
+        "type": "shell",
+        "command": "make deploy-backup",
+        "group": "build",
+        "presentation": {
+            "reveal": "always",
+            "panel": "dedicated"
+        }
+    },
     {
         "label": "Deploy: wireguard",
         "type": "shell",

playbooks/backup/backup.yml

@@ -0,0 +1,57 @@
+- name: Backup
+  hosts: pi
+  become: true
+  vars:
+    gpg_password: !vault |
+              $ANSIBLE_VAULT;1.1;AES256
+              34383033383462626132353163303532376137613539326662383038663537633465373863396539
+              6139623961303165353230303637303530343136363165380a323534663665323836636165323237
+              39653863313962353033336338376462303962323762663139663136663033306161316361303630
+              6466663761643438360a653166616130633862643236633663303731356337326361636436646439
+              37303633353961623766313063363734376334383163376337376639306135373064
+  tasks:
+    - name: Install rsync
+      ansible.builtin.apt:
+        name: rsync
+        state: present
+
+    - name: Create backup directory
+      ansible.builtin.file:
+        path: /opt/backup
+        state: directory
+        mode: '0700'
+
+    - name: Copy daily
+      ansible.builtin.copy:
+        src: backupDaily.sh
+        dest: /opt/backup/backupDaily.sh
+        mode: '0700'
+
+    - name: Copy weekly
+      ansible.builtin.copy:
+        src: backupWeekly.sh
+        dest: /opt/backup/backupWeekly.sh
+        mode: '0700'
+
+    - name: Copy passphrase
+      ansible.builtin.template:
+        src: passphrase.txt.j2
+        dest: /opt/backup/passphrase.txt
+        mode: '0600'
+
+    - name: Schedule daily backup
+      ansible.builtin.cron:
+        name: beepi backup daily
+        user: root
+        minute: '0'
+        hour: '3'
+        job: /opt/backup/backupDaily.sh >> /var/log/beepi-backup.log 2>&1
+
+    - name: Schedule weekly backup
+      ansible.builtin.cron:
+        name: beepi backup weekly
+        user: root
+        minute: '0'
+        hour: '5'
+        weekday: '0'
+        job: /opt/backup/backupWeekly.sh >> /var/log/beepi-backup.log 2>&1

playbooks/backup/backupDaily.sh

@@ -0,0 +1,49 @@
+#!/bin/bash
+
+set -euo pipefail
+
+now=$(date +"%Y%m%d%H%M")
+
+declare -a arr=("gitea" "mail" "matrix" "monitoring")
+declare -a monitoring=("monitoring_prometheus-data" "monitoring_grafana-storage" "monitoring_loki-data" "monitoring_alloy-data")
+declare -a matrix=("matrix_db")
+
+trap cleanup EXIT
+
+for i in "${arr[@]}"
+do
+    cd /opt/beeserver/${i}
+    podman-compose down -t 60
+    if [[ "$i" == "monitoring" ]]
+    then
+        for j in "${monitoring[@]}"
+        do
+            podman volume export ${j} --output ${j}.tar
+        done
+    fi
+
+    if [[ "$i" == "matrix" ]]
+    then
+        for j in "${matrix[@]}"
+        do
+            podman volume export ${j} --output ${j}.tar
+        done
+    fi
+    rsync -aH /opt/beeserver/${i} /opt/backup/beeserver
+    podman-compose up -d
+done
+
+tar -czf - /opt/backup/beeserver | gpg --batch --passphrase-file /opt/backup/passphrase.txt -c -o /home/beeshare/raid/serverBackup/beeserver_daily_${now}.tar.gz.gpg
+
+function cleanup()
+{
+    for j in "${monitoring[@]}"
+    do
+        rm -rf /opt/beeserver/monitoring/${j}.tar
+    done
+
+    for j in "${matrix[@]}"
+    do
+        rm -rf /opt/beeserver/matrix/${j}.tar
+    done
+}

playbooks/backup/backupWeekly.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+set -euo pipefail
+
+now=$(date +"%Y%m%d%H%M")
+
+tar -czf - /opt/backup/beeserver | gpg --batch --passphrase-file /opt/backup/passphrase.txt -c -o /home/beeshare/raid/serverBackup/beeserver_weekly_${now}.tar.gz.gpg
+
+if [ -s /home/beeshare/raid/serverBackup/beeserver_weekly_${now}.tar.gz.gpg ]
+then
+    rm -rf /opt/backup/beeserver
+fi
+
+find /home/beeshare/raid/serverBackup -maxdepth 1 -name 'beeserver_weekly_*.tar.gz.gpg' -mtime +30 -delete
+find /home/beeshare/raid/serverBackup -maxdepth 1 -name 'beeserver_daily_*.tar.gz.gpg' -mtime +7 -delete

playbooks/backup/passphrase.txt.j2

@@ -0,0 +1 @@
+{{ gpg_password }}

playbooks/monitoring/monitoring.yml

@@ -46,18 +46,18 @@
         state: directory
         mode: '0755'
 
-    - name: Copy compose
-      ansible.builtin.template:
-        src: docker-compose.yml.j2
-        dest: /opt/beeserver/monitoring/docker-compose.yml
-        mode: '0644'
-
     - name: Compose down
       changed_when: true
       ansible.builtin.command:
         cmd: podman-compose down
         chdir: /opt/beeserver/monitoring
 
+    - name: Copy compose
+      ansible.builtin.template:
+        src: docker-compose.yml.j2
+        dest: /opt/beeserver/monitoring/docker-compose.yml
+        mode: '0644'
+
     - name: Copy prometheus config
       ansible.builtin.copy:
         src: prometheus_config.yml

playbooks/monitoring/prometheus_config.yml

@@ -8,10 +8,9 @@ scrape_configs:
       - targets: ['localhost:9090']
   - job_name: node
     static_configs:
-      - targets: ['host.containers.internal:9100']
+      - targets: 
+        - 'host.containers.internal:9100'
+        - '192.168.178.51:9100'
   - job_name: podman
     static_configs:
-      - targets: ['podman-exporter:9882']
-  - job_name: beepc
-    static_configs:
-      - targets: ['192.168.178.51:9100']
+      - targets: ['podman-exporter:9882']