jack
6ebd237894
Reliability: - Add swap role (2GB, swappiness=10, idempotent via /etc/fstab) - Add mem_limit to plane-worker (512m) and plane-beat (256m) - Add health checks to all services (traefik, vaultwarden, forgejo, plane-*, syncthing, prometheus, grafana, loki) Code quality: - Remove Traefik Docker labels (file provider used, labels were dead code) - Add comment explaining file provider architecture Observability: - Add AlertManager with Telegram notifications - Add Prometheus alert rules: CPU, RAM, disk, swap, container health - Add Loki + Promtail for centralized log aggregation - Add Loki datasource to Grafana - Enable Traefik /ping endpoint for health checks Backups: - Add backup role: pg_dump for forgejo + plane DBs, tar for vaultwarden and forgejo data - 7-day retention, daily cron at 03:00 - Backup script at /usr/local/bin/backup-services Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
51 lines
2.6 KiB
Django/Jinja
51 lines
2.6 KiB
Django/Jinja
#!/usr/bin/env bash
|
|
# Generated by Ansible — do not edit manually
|
|
# Backs up PostgreSQL databases and Vaultwarden data.
|
|
# Runs daily at 03:00, keeps {{ backup_retention_days }} days of backups.
|
|
set -euo pipefail
|
|
|
|
BACKUP_DIR="{{ backup_dir }}"
|
|
DATE=$(date +%Y-%m-%d_%H-%M-%S)
|
|
KEEP_DAYS="{{ backup_retention_days }}"
|
|
|
|
log() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] $*"; }
|
|
|
|
log "=== Backup started ==="
|
|
|
|
# ── Forgejo PostgreSQL ──────────────────────────────────────────────────────
|
|
log "Backing up forgejo-db..."
|
|
docker exec forgejo-db pg_dump -U forgejo forgejo \
|
|
| gzip > "${BACKUP_DIR}/forgejo-db_${DATE}.sql.gz"
|
|
log " → ${BACKUP_DIR}/forgejo-db_${DATE}.sql.gz ($(du -sh "${BACKUP_DIR}/forgejo-db_${DATE}.sql.gz" | cut -f1))"
|
|
|
|
# ── Plane PostgreSQL ────────────────────────────────────────────────────────
|
|
log "Backing up plane-db..."
|
|
docker exec plane-db pg_dump -U plane plane \
|
|
| gzip > "${BACKUP_DIR}/plane-db_${DATE}.sql.gz"
|
|
log " → ${BACKUP_DIR}/plane-db_${DATE}.sql.gz ($(du -sh "${BACKUP_DIR}/plane-db_${DATE}.sql.gz" | cut -f1))"
|
|
|
|
# ── Vaultwarden data ────────────────────────────────────────────────────────
|
|
log "Backing up Vaultwarden..."
|
|
docker run --rm \
|
|
--volumes-from vaultwarden \
|
|
-v "${BACKUP_DIR}:/backup" \
|
|
alpine:3 \
|
|
tar czf "/backup/vaultwarden_${DATE}.tar.gz" /data
|
|
log " → ${BACKUP_DIR}/vaultwarden_${DATE}.tar.gz ($(du -sh "${BACKUP_DIR}/vaultwarden_${DATE}.tar.gz" | cut -f1))"
|
|
|
|
# ── Forgejo repositories ────────────────────────────────────────────────────
|
|
log "Backing up Forgejo data..."
|
|
docker run --rm \
|
|
--volumes-from forgejo \
|
|
-v "${BACKUP_DIR}:/backup" \
|
|
alpine:3 \
|
|
tar czf "/backup/forgejo-data_${DATE}.tar.gz" /data
|
|
log " → ${BACKUP_DIR}/forgejo-data_${DATE}.tar.gz ($(du -sh "${BACKUP_DIR}/forgejo-data_${DATE}.tar.gz" | cut -f1))"
|
|
|
|
# ── Cleanup old backups ─────────────────────────────────────────────────────
|
|
log "Removing backups older than ${KEEP_DAYS} days..."
|
|
find "${BACKUP_DIR}" -name "*.gz" -mtime +${KEEP_DAYS} -delete
|
|
log " → Done. Current backups:"
|
|
du -sh "${BACKUP_DIR}"/*.gz 2>/dev/null | sort -k2 || true
|
|
|
|
log "=== Backup completed ==="
|