From 4a00286b20eb54ceafc2406a7c0c055eea05c17f Mon Sep 17 00:00:00 2001
From: Clemens Geibel <clemens.geibel@meissa-gmbh.de>
Date: Fri, 16 Sep 2022 11:57:24 +0200
Subject: [PATCH 1/5] Added backup doc and fixed init.sh

---
 doc/BackupAndRestore.md                       | 37 +++++++++++++++++++
 .../docker-backup/image/resources/init.sh     |  1 +
 2 files changed, 38 insertions(+)
 create mode 100644 doc/BackupAndRestore.md

diff --git a/doc/BackupAndRestore.md b/doc/BackupAndRestore.md
new file mode 100644
index 0000000..68222bb
--- /dev/null
+++ b/doc/BackupAndRestore.md
@@ -0,0 +1,37 @@
+# Backup Architecture details
+
+![](backup.svg)
+
+* we use restic to produce small & encrypted backups
+* backup is scheduled at `schedule: "10 23 * * *"`
+* Gitea stores files in `/data/gitea` and `/data/git/repositories`, these files are backed up. 
+* The postgres db is also backed up
+
+## Manual init the restic repository for the first time
+
+1. apply backup-and-restore pod:   
+   `kubectl scale deployment backup-restore --replicas=1`
+2. exec into pod and execute restore pod (press tab to get your exact pod name)   
+   `kubectl exec -it backup-restore-... -- /usr/local/bin/init.sh`
+3. remove backup-and-restore pod:   
+   `kubectl scale deployment backup-restore --replicas=0`
+
+
+## Manual backup the restic repository for the first time
+
+1. apply backup-and-restore pod:   
+  `kubectl scale deployment backup-restore --replicas=1`
+2. exec into pod and execute restore pod (press tab to get your exact pod name)   
+   `kubectl exec -it backup-restore-... -- /usr/local/bin/backup.sh`
+3. remove backup-and-restore pod:   
+   `kubectl scale deployment backup-restore --replicas=0`
+
+
+## Manual restore
+
+1. apply backup-and-restore pod:   
+  `kubectl scale deployment backup-restore --replicas=1`
+2. exec into pod and execute restore pod (press tab to get your exact pod name)   
+   `kubectl exec -it backup-restore-... -- /usr/local/bin/restore.sh`
+1. remove backup-and-restore pod:   
+   `kubectl scale deployment backup-restore --replicas=0`
diff --git a/infrastructure/docker-backup/image/resources/init.sh b/infrastructure/docker-backup/image/resources/init.sh
index 322b35d..5767e69 100755
--- a/infrastructure/docker-backup/image/resources/init.sh
+++ b/infrastructure/docker-backup/image/resources/init.sh
@@ -10,5 +10,6 @@ function main() {
 }
 
 source /usr/local/lib/functions.sh
+source /usr/local/lib/pg-functions.sh
 source /usr/local/lib/file-functions.sh
 main

From f8b4137c60010f554854b74b03ad073121264e5d Mon Sep 17 00:00:00 2001
From: Clemens Geibel <clemens.geibel@meissa-gmbh.de>
Date: Fri, 16 Sep 2022 12:26:18 +0200
Subject: [PATCH 2/5] Added more necessary env variables to
 backup-restore-deployment

---
 .../backup/backup-restore-deployment.yaml     | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/src/main/resources/backup/backup-restore-deployment.yaml b/src/main/resources/backup/backup-restore-deployment.yaml
index c74145b..79f4ec7 100644
--- a/src/main/resources/backup/backup-restore-deployment.yaml
+++ b/src/main/resources/backup/backup-restore-deployment.yaml
@@ -22,6 +22,27 @@ spec:
         imagePullPolicy: IfNotPresent
         command: ["/entrypoint-start-and-wait.sh"]
         env:
+        - name: POSTGRES_USER
+          valueFrom:
+            secretKeyRef:
+              name: postgres-secret
+              key: postgres-user
+        - name: POSTGRES_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: postgres-secret
+              key: postgres-password
+        - name: POSTGRES_DB
+          valueFrom:
+            configMapKeyRef:
+              name: postgres-config
+              key: postgres-db
+        - name: POSTGRES_HOST
+          value: "postgresql-service:5432"
+        - name: POSTGRES_SERVICE
+          value: "postgresql-service"
+        - name: POSTGRES_PORT
+          value: "5432"
         - name: AWS_DEFAULT_REGION
           value: eu-central-1
         - name: AWS_ACCESS_KEY_ID_FILE
@@ -35,6 +56,8 @@ spec:
               key: restic-repository
         - name: RESTIC_PASSWORD_FILE
           value: /var/run/secrets/backup-secrets/restic-password
+        - name: CERTIFICATE_FILE
+          value: ""
         volumeMounts:
         - name: gitea-data-volume
           mountPath: /var/backups

From 372f5c7a40e09d0c5de3ae0039b8196a5d2c9b26 Mon Sep 17 00:00:00 2001
From: Clemens Geibel <clemens.geibel@meissa-gmbh.de>
Date: Fri, 16 Sep 2022 15:23:25 +0200
Subject: [PATCH 3/5] More fixed for backup image

---
 doc/BackupAndRestore.md                          |  8 ++++++--
 .../image/resources/entrypoint-start-and-wait.sh |  2 ++
 .../docker-backup/image/resources/entrypoint.sh  |  4 +++-
 .../docker-backup/image/resources/init.sh        |  2 +-
 .../image/resources/restic-snapshots.sh          |  1 +
 .../docker-backup/image/resources/restore.sh     | 16 ++++++++--------
 6 files changed, 21 insertions(+), 12 deletions(-)

diff --git a/doc/BackupAndRestore.md b/doc/BackupAndRestore.md
index 68222bb..b15d4a1 100644
--- a/doc/BackupAndRestore.md
+++ b/doc/BackupAndRestore.md
@@ -31,7 +31,11 @@
 
 1. apply backup-and-restore pod:   
   `kubectl scale deployment backup-restore --replicas=1`
-2. exec into pod and execute restore pod (press tab to get your exact pod name)   
+2. Scale down gitea deployment:
+   `kubectl scale deployment gitea --replicas=0`
+3. exec into pod and execute restore pod (press tab to get your exact pod name)   
    `kubectl exec -it backup-restore-... -- /usr/local/bin/restore.sh`
-1. remove backup-and-restore pod:   
+4. Start gitea again:
+   `kubectl scale deployment gitea --replicas=1`
+5. remove backup-and-restore pod:   
    `kubectl scale deployment backup-restore --replicas=0`
diff --git a/infrastructure/docker-backup/image/resources/entrypoint-start-and-wait.sh b/infrastructure/docker-backup/image/resources/entrypoint-start-and-wait.sh
index 0915071..c6addac 100644
--- a/infrastructure/docker-backup/image/resources/entrypoint-start-and-wait.sh
+++ b/infrastructure/docker-backup/image/resources/entrypoint-start-and-wait.sh
@@ -1,6 +1,7 @@
 #!/bin/bash
 
 function main() {
+    create-pg-pass
 
     while true; do
         sleep 1m
@@ -8,4 +9,5 @@ function main() {
 }
 
 source /usr/local/lib/functions.sh
+source /usr/local/lib/pg-functions.sh
 main
\ No newline at end of file
diff --git a/infrastructure/docker-backup/image/resources/entrypoint.sh b/infrastructure/docker-backup/image/resources/entrypoint.sh
index b25e15f..96df4f3 100755
--- a/infrastructure/docker-backup/image/resources/entrypoint.sh
+++ b/infrastructure/docker-backup/image/resources/entrypoint.sh
@@ -1,9 +1,11 @@
 #!/bin/bash
 
 function main() {
-    
+    create-pg-pass
+
 	/usr/local/bin/backup.sh
 }
 
 source /usr/local/lib/functions.sh
+source /usr/local/lib/pg-functions.sh
 main
diff --git a/infrastructure/docker-backup/image/resources/init.sh b/infrastructure/docker-backup/image/resources/init.sh
index 5767e69..baac041 100755
--- a/infrastructure/docker-backup/image/resources/init.sh
+++ b/infrastructure/docker-backup/image/resources/init.sh
@@ -4,7 +4,7 @@ function main() {
     file_env AWS_ACCESS_KEY_ID
     file_env AWS_SECRET_ACCESS_KEY
 
-    init-role-repo
+    #init-role-repo
     init-database-repo
     init-file-repo
 }
diff --git a/infrastructure/docker-backup/image/resources/restic-snapshots.sh b/infrastructure/docker-backup/image/resources/restic-snapshots.sh
index ca889ce..1d97a2c 100755
--- a/infrastructure/docker-backup/image/resources/restic-snapshots.sh
+++ b/infrastructure/docker-backup/image/resources/restic-snapshots.sh
@@ -7,6 +7,7 @@ function main() {
     file_env AWS_SECRET_ACCESS_KEY
 
     restic -r ${RESTIC_REPOSITORY}/files snapshots
+    restic -r ${RESTIC_REPOSITORY}/pg-database snapshots
 }
 
 source /usr/local/lib/functions.sh
diff --git a/infrastructure/docker-backup/image/resources/restore.sh b/infrastructure/docker-backup/image/resources/restore.sh
index b56b97d..0d9d10d 100755
--- a/infrastructure/docker-backup/image/resources/restore.sh
+++ b/infrastructure/docker-backup/image/resources/restore.sh
@@ -15,16 +15,16 @@ function main() {
     rm -rf /var/backups/restore
     restore-directory '/var/backups/restore'
 
-    rm -rf /data/gitea/*
-    rm -rf /data/git/repositories/*
-    cp /var/backups/restore/gitea/* /data/gitea/
-    cp /var/backups/restore/git/repositories/* /data/git/repositories/
+    rm -rf /var/backups/gitea/*
+    rm -rf /var/backups/git/repositories/*
+    cp -r /var/backups/restore/gitea/* /var/backups/gitea/
+    cp -r /var/backups/restore/git/repositories/* /var/backups/git/repositories/
     
-    # adjust file permissions
-    chown -R git:git /data
+    # adjust file permissions for the git user
+    chown -R 1000:1000 /var/backups
 
-    # Regenerate Git Hooks
-    /usr/local/bin/gitea -c '/data/gitea/conf/app.ini' admin regenerate hooks
+    # TODO: Regenerate Git Hooks
+    #/usr/local/bin/gitea -c '/data/gitea/conf/app.ini' admin regenerate hooks
 
     # Restore db
     drop-create-db

From 4dda50ec694fa4f77e47a3350c7a34da58a849ab Mon Sep 17 00:00:00 2001
From: Clemens Geibel <clemens.geibel@meissa-gmbh.de>
Date: Fri, 16 Sep 2022 15:45:04 +0200
Subject: [PATCH 4/5] Use dda-backup:1.0.6

---
 infrastructure/docker-backup/image/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/docker-backup/image/Dockerfile b/infrastructure/docker-backup/image/Dockerfile
index 9b6d4f0..02f5ca9 100644
--- a/infrastructure/docker-backup/image/Dockerfile
+++ b/infrastructure/docker-backup/image/Dockerfile
@@ -1,4 +1,4 @@
-FROM domaindrivenarchitecture/dda-backup:1.0.5
+FROM domaindrivenarchitecture/dda-backup:1.0.6
 
 # Prepare Entrypoint Script
 ADD resources /tmp

From 5ff22f425aa2ac520a0e75fba10a96304650a762 Mon Sep 17 00:00:00 2001
From: Clemens Geibel <clemens.geibel@meissa-gmbh.de>
Date: Fri, 16 Sep 2022 16:44:14 +0200
Subject: [PATCH 5/5] Remove unused pg-role functions

---
 infrastructure/docker-backup/image/resources/backup.sh  | 1 -
 infrastructure/docker-backup/image/resources/init.sh    | 1 -
 infrastructure/docker-backup/image/resources/restore.sh | 3 +--
 3 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/infrastructure/docker-backup/image/resources/backup.sh b/infrastructure/docker-backup/image/resources/backup.sh
index 9bdbde1..d2549fd 100755
--- a/infrastructure/docker-backup/image/resources/backup.sh
+++ b/infrastructure/docker-backup/image/resources/backup.sh
@@ -8,7 +8,6 @@ function main() {
     file_env RESTIC_DAYS_TO_KEEP 30
     file_env RESTIC_MONTHS_TO_KEEP 12
 
-    #backup-roles 'TODO'
     backup-db-dump
     backup-fs-from-directory '/var/backups/' 'gitea/' 'git/repositories/'
 }
diff --git a/infrastructure/docker-backup/image/resources/init.sh b/infrastructure/docker-backup/image/resources/init.sh
index baac041..1f47fa5 100755
--- a/infrastructure/docker-backup/image/resources/init.sh
+++ b/infrastructure/docker-backup/image/resources/init.sh
@@ -4,7 +4,6 @@ function main() {
     file_env AWS_ACCESS_KEY_ID
     file_env AWS_SECRET_ACCESS_KEY
 
-    #init-role-repo
     init-database-repo
     init-file-repo
 }
diff --git a/infrastructure/docker-backup/image/resources/restore.sh b/infrastructure/docker-backup/image/resources/restore.sh
index 0d9d10d..2289ab2 100755
--- a/infrastructure/docker-backup/image/resources/restore.sh
+++ b/infrastructure/docker-backup/image/resources/restore.sh
@@ -23,12 +23,11 @@ function main() {
     # adjust file permissions for the git user
     chown -R 1000:1000 /var/backups
 
-    # TODO: Regenerate Git Hooks
+    # TODO: Regenerate Git Hooks? Do we need this?
     #/usr/local/bin/gitea -c '/data/gitea/conf/app.ini' admin regenerate hooks
 
     # Restore db
     drop-create-db
-    #restore-roles
     restore-db
 }