diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 4dbdb04022c18887dfc06bba1fcbe601dc070bfa..d8b01ad7c2b59188361860a2cef6492e0b75f67b 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -99,6 +99,11 @@ deploy_staging:
SECRET_KEY: ${STAGING_SECRET_KEY}
OIDC_RP_CLIENT_SECRET: ${STAGING_OIDC_RP_CLIENT_SECRET}
STAGING: 1
+ BORG_PASSPHRASE: ${STAGING_BORG_PASSPHRASE}
+ SSH_ID: ${STAGING_SSH_ID}
+ BORG_REPO: ${STAGING_BORG_REPO}
+ CRON_PATTERN: ${STAGING_CRON_PATTERN}
+ PRUNE_ARGS: ${STAGING_PRUNE_ARGS}
before_script:
- mkdir -p .remote
@@ -124,6 +129,11 @@ deploy_production:
SECRET_KEY: ${PRODUCTION_SECRET_KEY}
OIDC_RP_CLIENT_SECRET: ${PRODUCTION_OIDC_RP_CLIENT_SECRET}
PRODUCTION: 1
+ BORG_PASSPHRASE: ${PRODUCTION_BORG_PASSPHRASE}
+ SSH_ID: ${PRODUCTION_SSH_ID}
+ BORG_REPO: ${PRODUCTION_BORG_REPO}
+ CRON_PATTERN: ${PRODUCTION_CRON_PATTERN}
+ PRUNE_ARGS: ${PRODUCTION_PRUNE_ARGS}
only:
- master
diff --git a/backup/Dockerfile b/backup/Dockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..4adec44f8a06a33d9288206fcdb11bef1081f914
--- /dev/null
+++ b/backup/Dockerfile
@@ -0,0 +1,9 @@
+FROM centos:7
+
+RUN yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
+RUN yum install -y cronie epel-release openssh-clients postgresql12
+RUN yum install -y borgbackup
+ADD entrypoint.sh /usr/local/bin/entrypoint.sh
+ADD do_backup.sh /usr/local/bin/do_backup.sh
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
+CMD ["tail", "-f", "/var/log/borg"]
diff --git a/backup/do_backup.sh b/backup/do_backup.sh
new file mode 100755
index 0000000000000000000000000000000000000000..93e4b7fa3428acbb14980c9a42febfa171cf50d0
--- /dev/null
+++ b/backup/do_backup.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+set +e
+
+source /etc/borg/.env
+
+mkdir -p /var/dumps
+pg_dump > /var/dumps/backup.sql
+
+export ARCHIVE=$(date --iso-8601=minutes)
+
+borg create ::${ARCHIVE} /var/dumps/*
+borg prune --stats --list ${PRUNE_ARGS}
+echo
+echo
diff --git a/backup/entrypoint.sh b/backup/entrypoint.sh
new file mode 100755
index 0000000000000000000000000000000000000000..a238ba55a5bb16320a1c2db3829e36110f0c6f8c
--- /dev/null
+++ b/backup/entrypoint.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+set +xe
+
+mkdir -p /etc/borg
+
+export BORG_RSH="ssh -o UserKnownHostsFile=/etc/borg/persistent/known_hosts -i /etc/borg/id_rsa"
+
+echo "export PGUSER=\"${DB_USER}\"" >> /etc/borg/.env
+echo "export PGHOST=\"${DB_HOST}\"" >> /etc/borg/.env
+echo "export PGPASSWORD=\"${DB_PASSWORD}\"" >> /etc/borg/.env
+echo "export PGDATABASE=\"${DB_NAME}\"" >> /etc/borg/.env
+
+echo "export BORG_PASSPHRASE=\"${BORG_PASSPHRASE}\"" >> /etc/borg/.env
+echo "export BORG_REPO=\"${BORG_REPO}\"" >> /etc/borg/.env
+echo "export BORG_RSH=\"${BORG_RSH}\"" >> /etc/borg/.env
+echo "export PRUNE_ARGS=\"${PRUNE_ARGS}\"" >> /etc/borg/.env
+
+echo "${SSH_ID}" | sed -e 's/\\n/\n/g' > /etc/borg/id_rsa
+chmod 400 /etc/borg/id_rsa
+
+if ! borg info &> /dev/null; then
+ echo "Repository not ready. Initializing repo."
+ borg init -e repokey
+ echo " ... ready"
+fi
+
+touch /var/log/borg
+echo "${CRON_PATTERN} root /usr/local/bin/do_backup.sh 2>> /var/log/borg" >> /etc/crontab
+
+crond
+exec "$@"
+
diff --git a/docker-compose.yml b/docker-compose.yml
index 14d1d68c491c12448d3749bebe95d51c663f5ae9..e3815a884954cb28b8fed9f8fccd8a04ce7362fe 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -47,23 +47,23 @@ services:
volumes:
- "database:/var/lib/postgresql/data"
-# backup:
-# restart: always
-# build: backup
-# environment:
-# BORG_PASSPHRASE: ${BORG_PASSPHRASE}
-# SSH_ID: ${SSH_ID}
-# BORG_REPO: ${BORG_REPO}
-# CRON_PATTERN: ${CRON_PATTERN}
-# PRUNE_ARGS: ${PRUNE_ARGS}
-# DB_USER: 'webapp'
-# DB_PASSWORD: ${DB_PASSWORD}
-# DB_NAME: 'vinogreets'
-# DB_HOST: 'database'
-# volumes:
-# - "knownhosts:/etc/borg/persistent"
+ backup:
+ restart: always
+ build: backup
+ environment:
+ BORG_PASSPHRASE: ${BORG_PASSPHRASE}
+ SSH_ID: ${SSH_ID}
+ BORG_REPO: ${BORG_REPO}
+ CRON_PATTERN: ${CRON_PATTERN}
+ PRUNE_ARGS: ${PRUNE_ARGS}
+ DB_USER: 'webapp'
+ DB_PASSWORD: ${DB_PASSWORD}
+ DB_NAME: 'uhepp_hub'
+ DB_HOST: 'database'
+ volumes:
+ - "knownhosts:/etc/borg/persistent"
volumes:
static:
database:
- # knownhosts:
+ knownhosts: