meissa/c4k-nextcloud
6
0
Fork 0
Code Issues Pull requests Projects Releases27 Packages Wiki Activity

refactor for new backup #1

Merged
jem merged 6 commits from new-backup into main 2025-01-09 12:58:40 +00:00
Conversation 0 Commits 6 Files changed 32 +335 -193
32 changed files with 335 additions and 193 deletions

6
infrastructure/backup/image/Dockerfile
View file

@ -1,5 +1,7 @@
FROM domaindrivenarchitecture/dda-backup:latest
FROM domaindrivenarchitecture/dda-backup:5.1.0
# Prepare Entrypoint Script
ADD resources /tmp
RUN /tmp/install.sh
RUN /tmp/install.bb
RUN init.bb
ADD resources2 /tmp

35
infrastructure/backup/image/resources/backup.bb Executable file
View file

@ -0,0 +1,35 @@
#!/usr/bin/env bb
(require
'[babashka.fs :as fs])
(-> "/usr/local/bin/config.clj" fs/file load-file)
(require
'[babashka.tasks :as t]
'[dda.backup.core :as bc]
'[dda.backup.restic :as rc]
'[dda.backup.postgresql :as pg]
'[dda.backup.backup :as bak]
'[config :as cf])
(defn prepare!
[]
(bc/create-aws-credentials! cf/aws-config)
(pg/create-pg-pass! cf/db-config))
(defn restic-repo-init!
[]
(rc/init! cf/file-config)
(rc/init! cf/db-role-config)
(rc/init! cf/db-config))
(defn restic-backup!
[]
(bak/backup-file! cf/file-config)
(bak/backup-db-roles! cf/db-role-config)
(bak/backup-db! cf/db-config))
(t/shell "start-maintenance.sh")
(prepare!)
(restic-repo-init!)
(restic-backup!)
(t/shell "end-maintenance.sh")

28
infrastructure/backup/image/resources/backup.sh
View file

@ -1,28 +0,0 @@
#!/bin/bash
set -Eexo pipefail
function main() {
start-maintenance.sh
file_env AWS_ACCESS_KEY_ID
file_env AWS_SECRET_ACCESS_KEY
file_env POSTGRES_DB
file_env POSTGRES_PASSWORD
file_env POSTGRES_USER
file_env RESTIC_DAYS_TO_KEEP 30
file_env RESTIC_MONTHS_TO_KEEP 12
backup-roles 'oc_'
backup-db-dump
backup-directory '/var/backups/'
end-maintenance.sh
}
source /usr/local/lib/functions.sh
source /usr/local/lib/pg-functions.sh
source /usr/local/lib/file-functions.sh
main

3
infrastructure/backup/image/resources/bb-backup.edn Normal file
View file

@ -0,0 +1,3 @@
{:deps {org.clojure/spec.alpha {:mvn/version "0.4.233"}
orchestra/orchestra {:mvn/version "2021.01.01-1"}
org.domaindrivenarchitecture/dda-backup {:local/root "/usr/local/lib/dda-backup"}}}

3
infrastructure/backup/image/resources/bb.edn Normal file
View file

@ -0,0 +1,3 @@
{:deps {org.clojure/spec.alpha {:mvn/version "0.4.233"}
orchestra/orchestra {:mvn/version "2021.01.01-1"}
org.domaindrivenarchitecture/dda-build {:mvn/version "0.2.0"}}}

34
infrastructure/backup/image/resources/config.clj Normal file
View file

@ -0,0 +1,34 @@
(ns config
(:require
[dda.backup.core :as bc]))
(def restic-repo {:password-file (bc/env-or-file "RESTIC_PASSWORD_FILE")
:restic-repository (bc/env-or-file "RESTIC_REPOSITORY")})
(def file-config (merge restic-repo {:backup-path "files"
:execution-directory "/var/backups"
:restore-target-directory "/var/backups/"
:files ["."]}))
(def file-restore-config (merge restic-repo {:backup-path "files"
:restore-target-directory "/var/backups/"}))
(def db-config (merge restic-repo {:backup-path "pg-database"
:pg-host (bc/env-or-file "POSTGRES_SERVICE")
:pg-port (bc/env-or-file "POSTGRES_PORT")
:pg-db (bc/env-or-file "POSTGRES_DB")
:pg-user (bc/env-or-file "POSTGRES_USER")
:pg-password (bc/env-or-file "POSTGRES_PASSWORD")}))
(def db-role-config (merge restic-repo {:backup-path "pg-role"
:pg-role-prefix "oc_"
:pg-host (bc/env-or-file "POSTGRES_SERVICE")
:pg-port (bc/env-or-file "POSTGRES_PORT")
:pg-db (bc/env-or-file "POSTGRES_DB")
:pg-user (bc/env-or-file "POSTGRES_USER")
:pg-password (bc/env-or-file "POSTGRES_PASSWORD")}))
(def aws-config {:aws-access-key-id (bc/env-or-file "AWS_ACCESS_KEY_ID")
:aws-secret-access-key (bc/env-or-file "AWS_SECRET_ACCESS_KEY")})
(def dry-run {:dry-run true :debug true})

19
infrastructure/backup/image/resources/entrypoint-start-and-wait.sh
View file

@ -1,19 +0,0 @@
#!/bin/bash
set -exo pipefail
function main() {
file_env POSTGRES_DB
file_env POSTGRES_PASSWORD
file_env POSTGRES_USER
create-pg-pass
while true; do
sleep 1m
done
}
source /usr/local/lib/functions.sh
source /usr/local/lib/pg-functions.sh
main

17
infrastructure/backup/image/resources/entrypoint.sh
View file

@ -1,17 +0,0 @@
#!/bin/bash
set -Eexo pipefail
function main() {
file_env POSTGRES_DB
file_env POSTGRES_PASSWORD
file_env POSTGRES_USER
create-pg-pass
/usr/local/bin/backup.sh
}
source /usr/local/lib/functions.sh
source /usr/local/lib/pg-functions.sh
main

3
infrastructure/backup/image/resources/init.bb Executable file
View file

@ -0,0 +1,3 @@
#!/usr/bin/env bb
(println "initialized")

17
infrastructure/backup/image/resources/init.sh
View file

@ -1,17 +0,0 @@
#!/bin/bash
set -Eexo pipefail
function main() {
file_env AWS_ACCESS_KEY_ID
file_env AWS_SECRET_ACCESS_KEY
init-role-repo
init-database-repo
init-file-repo
}
source /usr/local/lib/functions.sh
source /usr/local/lib/pg-functions.sh
source /usr/local/lib/file-functions.sh
main

19
infrastructure/backup/image/resources/install.bb Executable file
View file

@ -0,0 +1,19 @@
#!/usr/bin/env bb
(require
'[dda.image.ubuntu :as ub]
'[dda.image.install :as in])
(ub/upgrade-system!)
(in/install! "bb-backup.edn" :target-name "bb.edn" :mod "0440")
(in/install! "config.clj" :mod "0440")
(in/install! "init.bb")
(in/install! "backup.bb")
(in/install! "restore.bb")
(in/install! "list-snapshots.bb")
(in/install! "start-maintenance.sh")
(in/install! "end-maintenance.sh")
(in/install! "restore.bb")
(in/install! "wait.bb")
(ub/cleanup-container!)

21
infrastructure/backup/image/resources/install.sh
View file

@ -1,21 +0,0 @@
#!/bin/bash
set -exo pipefail
function main() {
{
install -m 0700 /tmp/entrypoint.sh /
install -m 0700 /tmp/entrypoint-start-and-wait.sh /
install -m 0700 /tmp/init.sh /usr/local/bin/
install -m 0700 /tmp/backup.sh /usr/local/bin/
install -m 0700 /tmp/restore.sh /usr/local/bin/
install -m 0700 /tmp/list-snapshots.sh /usr/local/bin/
install -m 0700 /tmp/start-maintenance.sh /usr/local/bin/
install -m 0700 /tmp/end-maintenance.sh /usr/local/bin/
cleanupDocker
} > /dev/null
}
source /tmp/install_functions_debian.sh
main

22
infrastructure/backup/image/resources/list-snapshots.bb Executable file
View file

@ -0,0 +1,22 @@
#!/usr/bin/env bb
(require
'[babashka.fs :as fs])
(-> "/usr/local/bin/config.clj" fs/file load-file)
(require
'[dda.backup.core :as bc]
'[dda.backup.restic :as rc]
'[config :as cf])
(defn prepare!
[]
(bc/create-aws-credentials! cf/aws-config))
(defn list-snapshots!
[]
(rc/list-snapshots! cf/file-config)
(rc/list-snapshots! cf/db-role-config)
(rc/list-snapshots! cf/db-config))
(prepare!)
(list-snapshots!)

31
infrastructure/backup/image/resources/list-snapshots.sh
View file

@ -1,31 +0,0 @@
#!/bin/bash
set -exo pipefail
function list-snapshot-files() {
if [ -z ${CERTIFICATE_FILE} ];
then
restic -r ${RESTIC_REPOSITORY}/${backup_file_path} snapshots
else
restic -r ${RESTIC_REPOSITORY}/${backup_file_path} snapshots --cacert ${CERTIFICATE_FILE}
fi
}
function main() {
file_env AWS_ACCESS_KEY_ID
file_env AWS_SECRET_ACCESS_KEY
file_env POSTGRES_DB
file_env POSTGRES_PASSWORD
file_env POSTGRES_USER
list-snapshot-roles
list-snapshot-db
list-snapshot-files
}
source /usr/local/lib/functions.sh
source /usr/local/lib/file-functions.sh
source /usr/local/lib/pg-functions.sh
main

29
infrastructure/backup/image/resources/restore.bb Executable file
View file

@ -0,0 +1,29 @@
#!/usr/bin/env bb
(require
'[babashka.fs :as fs])
(-> "/usr/local/bin/config.clj" fs/file load-file)
(require
'[babashka.tasks :as t]
'[dda.backup.core :as bc]
'[dda.backup.postgresql :as pg]
'[dda.backup.restore :as rs]
'[config :as cf])
(defn prepare!
[]
(bc/create-aws-credentials! cf/aws-config)
(pg/create-pg-pass! cf/db-config))
(defn restic-restore!
[]
(pg/drop-create-db! cf/db-config)
(rs/restore-db-roles! cf/db-role-config)
(rs/restore-db! cf/db-config)
(rs/restore-file! cf/file-config)
)
(t/shell "start-maintenance.sh")
(prepare!)
(restic-restore!)
(t/shell "end-maintenance.sh")

33
infrastructure/backup/image/resources/restore.sh
View file

@ -1,33 +0,0 @@
#!/bin/bash
set -Eexo pipefail
function main() {
local role_snapshot_id="${1:-latest}"
local db_snapshot_id="${2:-latest}"
local file_snapshot_id="${3:-latest}"
start-maintenance.sh
file_env AWS_ACCESS_KEY_ID
file_env AWS_SECRET_ACCESS_KEY
file_env POSTGRES_DB
file_env POSTGRES_PASSWORD
file_env POSTGRES_USER
drop-create-db
restore-roles ${role_snapshot_id}
restore-db ${db_snapshot_id}
restore-directory '/var/backups/' ${file_snapshot_id}
end-maintenance.sh
}
source /usr/local/lib/functions.sh
source /usr/local/lib/pg-functions.sh
source /usr/local/lib/file-functions.sh
main "$@"

21
infrastructure/backup/image/resources/wait.bb Executable file
View file

@ -0,0 +1,21 @@
#!/usr/bin/env bb
(require
'[babashka.fs :as fs])
(-> "/usr/local/bin/config.clj" fs/file load-file)
(require
'[dda.backup.core :as bc]
'[dda.backup.postgresql :as pg]
'[config :as cf])
(defn prepare!
[]
(bc/create-aws-credentials! cf/aws-config)
(pg/create-pg-pass! cf/db-config))
(defn wait! []
(while true
(Thread/sleep 1000)))
(prepare!)
(wait!)

3
infrastructure/backup/image/resources2/bb.edn Normal file
View file

@ -0,0 +1,3 @@
{:deps {org.clojure/spec.alpha {:mvn/version "0.4.233"}
orchestra/orchestra {:mvn/version "2021.01.01-1"}
org.domaindrivenarchitecture/dda-backup {:local/root "/usr/local/lib/dda-backup"}}}

10
infrastructure/backup/image/resources2/exports.sh Normal file
View file

@ -0,0 +1,10 @@
export ENV_PASSWORD=env-password
export RESTIC_PASSWORD_FILE=/tmp/file_password
export RESTIC_REPOSITORY=/var/restic-repo
export POSTGRES_SERVICE=dummy
export POSTGRES_PORT=dummy
export POSTGRES_DB=dummy
export POSTGRES_USER=dummy
export POSTGRES_PASSWORD=dummy
export AWS_ACCESS_KEY_ID=dummy
export AWS_SECRET_ACCESS_KEY=dummy

1
infrastructure/backup/image/resources2/file_password Normal file
View file

@ -0,0 +1 @@
oldPassword

52
infrastructure/backup/image/resources2/test.bb Executable file
View file

@ -0,0 +1,52 @@
#!/usr/bin/env bb
(require
'[babashka.fs :as fs])
(-> "/usr/local/bin/config.clj" fs/file load-file)
(require '[babashka.tasks :as tasks]
'[dda.backup.core :as bc]
'[dda.backup.restic :as rc]
'[dda.backup.postgresql :as pg]
'[dda.backup.backup :as bak]
'[dda.backup.restore :as rs]
'[config :as cf])
(defn prepare!
[]
(println (bc/env-or-file "RESTIC_PASSWORD_FILE"))
(println (bc/env-or-file "ENV_PASSWORD"))
(tasks/shell "mkdir" "-p" "/var/backups/")
(tasks/shell "mkdir" "-p" "/var/restic-repo/")
(spit "/var/backups/file" "I was here"))
(defn restic-repo-init!
[]
(rc/init! cf/file-config)
(rc/init! (merge cf/db-config))
(rc/init! (merge cf/db-role-config)))
(defn restic-backup!
[]
(bak/backup-file! cf/file-config)
(bak/backup-db-roles! (merge cf/db-role-config cf/dry-run))
(bak/backup-db! (merge cf/db-config cf/dry-run)))
(defn list-snapshots!
[]
(rc/list-snapshots! cf/file-config)
(rc/list-snapshots! (merge cf/db-role-config cf/dry-run))
(rc/list-snapshots! (merge cf/db-config cf/dry-run)))
(defn restic-restore!
[]
(println "huhu")
(rs/restore-file! (merge cf/file-restore-config {:debug true}))
(pg/drop-create-db! (merge cf/db-config cf/dry-run))
(rs/restore-db-roles! (merge cf/db-role-config cf/dry-run))
(rs/restore-db! (merge cf/db-config cf/dry-run)))
(prepare!)
(restic-repo-init!)
(restic-backup!)
(list-snapshots!)
(restic-restore!)

4
infrastructure/backup/test/Dockerfile Normal file
View file

@ -0,0 +1,4 @@
FROM c4k-cloud-backup:latest
ADD resources /tmp/
RUN ENV_PASSWORD=env-password RESTIC_PASSWORD_FILE_FILE=/tmp/file_password RESTIC_REPOSITORY=restic-repo POSTGRES_SERVICE=dummy POSTGRES_PORT=dummy POSTGRES_DB=dummy POSTGRES_USER=dummy POSTGRES_PASSWORD=dummy AWS_ACCESS_KEY_ID=dummy AWS_SECRET_ACCESS_KEY=dummy /tmp/test.bb

3
infrastructure/backup/test/resources/bb.edn Normal file
View file

@ -0,0 +1,3 @@
{:deps {org.clojure/spec.alpha {:mvn/version "0.4.233"}
orchestra/orchestra {:mvn/version "2021.01.01-1"}
org.domaindrivenarchitecture/dda-backup {:local/root "/usr/local/lib/dda-backup"}}}

1
infrastructure/backup/test/resources/file_password Normal file
View file

@ -0,0 +1 @@
oldPassword

48
infrastructure/backup/test/resources/test.bb Executable file
View file

@ -0,0 +1,48 @@
#!/usr/bin/env bb
(require
'[babashka.fs :as fs])
(-> "/usr/local/bin/config.clj" fs/file load-file)
(require '[babashka.tasks :as tasks]
'[dda.backup.core :as bc]
'[dda.backup.restic :as rc]
'[dda.backup.postgresql :as pg]
'[dda.backup.backup :as bak]
'[dda.backup.restore :as rs]
'[config :as cf])
(defn prepare!
[]
(println (bc/env-or-file "RESTIC_PASSWORD_FILE"))
(println (bc/env-or-file "ENV_PASSWORD"))
(tasks/shell "mkdir" "-p" "/var/backups/")
(spit "/var/backups/file" "I was here")
(tasks/shell "mkdir" "-p" "/var/restore"))
(defn restic-repo-init!
[]
(rc/init! (merge cf/file-config cf/dry-run))
(rc/init! (merge cf/db-config cf/dry-run)))
(defn restic-backup!
[]
(bak/backup-file! cf/file-config)
(bak/backup-db! (merge cf/db-config cf/dry-run)))
(defn list-snapshots!
[]
(rc/list-snapshots! cf/file-config)
(rc/list-snapshots! (merge cf/db-config cf/dry-run)))
(defn restic-restore!
[]
(rs/restore-file! cf/file-config)
(pg/drop-create-db! (merge cf/db-config cf/dry-run))
(rs/restore-db! (merge cf/db-config cf/dry-run)))
(prepare!)
(restic-repo-init!)
#(restic-backup!)
#(list-snapshots!)
#(restic-restore!)

4
project.clj
View file

@ -3,9 +3,9 @@
:url "https://domaindrivenarchitecture.org"
:license {:name "Apache License, Version 2.0"
:url "https://www.apache.org/licenses/LICENSE-2.0.html"}
:dependencies [[org.clojure/clojure "1.11.3"]
:dependencies [[org.clojure/clojure "1.12.0"]
[org.clojure/tools.reader "1.5.0"]
[org.domaindrivenarchitecture/c4k-common-clj "9.0.1"]
[org.domaindrivenarchitecture/c4k-common-clj "8.1.1"]
[hickory "0.7.1" :exclusions [viebel/codox-klipse-theme]]]
:target-path "target/%s/"
:source-paths ["src/main/cljc"

2
shadow-cljs.edn
View file

@ -4,7 +4,7 @@
"src/test/cljc"
"src/test/cljs"
"src/test/resources"]
:dependencies [[org.domaindrivenarchitecture/c4k-common-cljs "6.3.1"]
:dependencies [[org.domaindrivenarchitecture/c4k-common-cljs "8.0.0"]
[hickory "0.7.1"]]
:builds {:frontend {:target :browser
:modules {:main {:init-fn dda.c4k-nextcloud.browser/init}}

5
src/main/clj/dda/c4k_nextcloud/uberjar.clj
View file

@ -6,10 +6,11 @@
[dda.c4k-nextcloud.core :as core]))
(defn -main [& cmd-args]
(uberjar/main-common
(uberjar/main-cm
"c4k-nextcloud"
nextcloud/config?
nextcloud/auth?
core/config-defaults
core/k8s-objects
core/config-objects
core/auth-objects
cmd-args))

48
src/main/cljc/dda/c4k_nextcloud/core.cljc
View file

@ -16,7 +16,30 @@
:pvc-storage-class-name "hcloud-volumes-encrypted"
:pv-storage-size-gb 200})
(defn-spec k8s-objects cp/map-or-seq?
(defn-spec config-objects cp/map-or-seq?
[config nextcloud/config?]
(let [resolved-config (merge config-defaults config)]
(map yaml/to-string
(filter
#(not (nil? %))
(cm/concat-vec
(ns/generate resolved-config)
(postgres/generate-config (merge resolved-config {:postgres-image "postgres:17"
:postgres-size :8gb
:db-name "cloud"
:pv-storage-size-gb 50}))
[(nextcloud/generate-pvc resolved-config)
(nextcloud/generate-deployment resolved-config)
(nextcloud/generate-service)]
(nextcloud/generate-ingress-and-cert resolved-config)
(when (:contains? resolved-config :restic-repository)
[(backup/generate-config resolved-config)
(backup/generate-cron)
(backup/generate-backup-restore-deployment resolved-config)])
(when (:contains? resolved-config :mon-cfg)
(mon/generate-config)))))))
(defn-spec auth-objects cp/map-or-seq?
[config nextcloud/config?
auth nextcloud/auth?]
(let [resolved-config (merge config-defaults config)]
@ -24,21 +47,12 @@
(filter
#(not (nil? %))
(cm/concat-vec
(ns/generate resolved-config)
(postgres/generate (merge resolved-config {:postgres-image "postgres:17"
:postgres-size :8gb
:db-name "cloud"
:pv-storage-size-gb 50})
auth)
[(nextcloud/generate-secret auth)
(nextcloud/generate-pvc resolved-config)
(nextcloud/generate-deployment resolved-config)
(nextcloud/generate-service)]
(nextcloud/generate-ingress-and-cert resolved-config)
(postgres/generate-auth (merge resolved-config {:postgres-size :8gb
:db-name "cloud"
:pv-storage-size-gb 50})
auth)
[(nextcloud/generate-secret auth)]
(when (:contains? resolved-config :restic-repository)
[(backup/generate-config resolved-config)
(backup/generate-secret auth)
(backup/generate-cron)
(backup/generate-backup-restore-deployment resolved-config)])
[(backup/generate-secret auth)])
(when (:contains? resolved-config :mon-cfg)
(mon/generate (:mon-cfg resolved-config) (:mon-auth auth))))))))
(mon/generate-auth (:mon-cfg resolved-config) (:mon-auth auth))))))))

2
src/main/resources/backup/backup-restore-deployment.yaml
View file

@ -21,7 +21,7 @@ spec:
- name: backup-app
image: domaindrivenarchitecture/c4k-cloud-backup
imagePullPolicy: IfNotPresent
command: ["/entrypoint-start-and-wait.sh"]
command: ["wait.bb"]
env:
- name: POSTGRES_USER
valueFrom:

2
src/main/resources/backup/cron.yaml
View file

@ -17,7 +17,7 @@ spec:
- name: backup-app
image: domaindrivenarchitecture/c4k-cloud-backup
imagePullPolicy: IfNotPresent
command: ["/entrypoint.sh"]
command: ["backup.bb"]
env:
- name: POSTGRES_USER
valueFrom:

2
src/test/cljc/dda/c4k_nextcloud/backup_test.cljc
View file

@ -41,7 +41,7 @@
[{:name "backup-app"
:image "domaindrivenarchitecture/c4k-cloud-backup"
:imagePullPolicy "IfNotPresent"
:command ["/entrypoint.sh"]
:command ["backup.bb"]
:env
[{:valueFrom
{:secretKeyRef