From 41328342b38cf10f151288296164ea3a759e9a1b Mon Sep 17 00:00:00 2001 From: Alex Palaistras Date: Sat, 14 Aug 2021 22:31:02 +0100 Subject: [PATCH] Implement basic volume backup and restore mechanism This commit implements three new services, specifically: - The `container-volume` service, which applies to a specific volume name and ensures this exists. This is mainly useful as a dependency to other services, as Podman will create named volumes itself if needed. - The `container-volume-backup` service, which creates a `tar.gz` snapshot of the given volume's contents in `/var/lib/backups`. - The `container-volume-restore` service, which populates an empty volume from a pre-existing file in `/var/lib/backups`, presumably created by `container-volume-backup`. These are then be used to automatically create volume snapshots every 12 hours, rolling over every 7 days. --- config/common/container.bu | 8 ++++++++ .../systemd/container-volume-backup@.service | 16 ++++++++++++++++ .../systemd/container-volume-backup@.timer | 9 +++++++++ .../systemd/container-volume-restore@.service | 14 ++++++++++++++ config/common/systemd/container-volume@.service | 11 +++++++++++ config/service/biboumi/systemd/biboumi.service | 4 ++-- .../discord-ircd/systemd/discord-ircd.service | 4 ++-- config/service/dovecot/systemd/dovecot.service | 4 ++-- config/service/git/systemd/git.service | 4 ++-- config/service/mariadb/systemd/mariadb.service | 4 ++-- .../nginx/systemd/nginx-serve-php@.service | 4 ++-- config/service/prosody/systemd/prosody.service | 4 ++-- config/service/radicale/systemd/radicale.service | 4 ++-- config/service/redis/systemd/redis.service | 4 ++-- config/service/rspamd/systemd/rspamd.service | 4 ++-- config/service/spectrum/systemd/spectrum.service | 4 ++-- 16 files changed, 80 insertions(+), 22 deletions(-) create mode 100644 config/common/systemd/container-volume-backup@.service create mode 100644 config/common/systemd/container-volume-backup@.timer create mode 100644 config/common/systemd/container-volume-restore@.service create mode 100644 config/common/systemd/container-volume@.service diff --git a/config/common/container.bu b/config/common/container.bu index d363faa..9363ed8 100644 --- a/config/common/container.bu +++ b/config/common/container.bu @@ -19,3 +19,11 @@ systemd: enabled: true - name: container-environment@.service enabled: true + - name: container-volume@.service + enabled: true + - name: container-volume-backup@.service + enabled: true + - name: container-volume-backup@.timer + enabled: true + - name: container-volume-restore@.service + enabled: true diff --git a/config/common/systemd/container-volume-backup@.service b/config/common/systemd/container-volume-backup@.service new file mode 100644 index 0000000..01d263f --- /dev/null +++ b/config/common/systemd/container-volume-backup@.service @@ -0,0 +1,16 @@ +[Unit] +Description=Backup for container volume %I + +[Service] +Type=oneshot +ExecStartPre=/bin/install --mode 0700 --directory %S/backups/coreos-home-server/%i +ExecStart=/bin/podman run --replace --pull never --rm --name %p-%i \ + --volume %i:/data:z,ro \ + --volume %S/backups/coreos-home-server/%i:/backups:z \ + --entrypoint /bin/bash docker.io/debian:stable-slim \ + -c 'env name="%i-$(date +%%w%%H)" \ + tar -cvpzf "/backups/${name}.tar.gz" -C /data . && \ + ln --force "/backups/${name}.tar.gz" /backups/%i-latest.tar.gz' + +[Install] +WantedBy=multi-user.target diff --git a/config/common/systemd/container-volume-backup@.timer b/config/common/systemd/container-volume-backup@.timer new file mode 100644 index 0000000..6807f97 --- /dev/null +++ b/config/common/systemd/container-volume-backup@.timer @@ -0,0 +1,9 @@ +[Unit] +Description=Scheduled backup for container volume %i + +[Timer] +OnCalendar=00/12:30 +RandomizedDelaySec=15m + +[Install] +WantedBy=timers.target diff --git a/config/common/systemd/container-volume-restore@.service b/config/common/systemd/container-volume-restore@.service new file mode 100644 index 0000000..5ac5e37 --- /dev/null +++ b/config/common/systemd/container-volume-restore@.service @@ -0,0 +1,14 @@ +[Unit] +Description=Restore from backup for container volume %I +ConditionFileNotEmpty=%S/backups/coreos-home-server/%i/%i-latest.tar.gz + +[Service] +Type=oneshot +ExecStart=/bin/podman run --replace --pull never --rm --name %p-%i --volume %i:/data:z \ + --volume %S/backups/coreos-home-server/%i:/backups:z,ro \ + --entrypoint /bin/bash docker.io/debian:stable-slim \ + -c 'test -n "$(ls -A /data)" && echo "Volume %i is not empty, skipping." && exit 0; \ + tar -xvpf "/backups/%i-latest.tar.gz" -C /data' + +[Install] +WantedBy=multi-user.target diff --git a/config/common/systemd/container-volume@.service b/config/common/systemd/container-volume@.service new file mode 100644 index 0000000..4643b5e --- /dev/null +++ b/config/common/systemd/container-volume@.service @@ -0,0 +1,11 @@ +[Unit] +Description=Container volume for %I +Wants=container-volume-restore@%i.service container-volume-backup@%i.timer +After=container-volume-restore@%i.service + +[Service] +Type=oneshot +ExecStart=/bin/sh -c 'podman volume exists %i || podman volume create %i' + +[Install] +WantedBy=multi-user.target diff --git a/config/service/biboumi/systemd/biboumi.service b/config/service/biboumi/systemd/biboumi.service index e98383e..27ce38e 100644 --- a/config/service/biboumi/systemd/biboumi.service +++ b/config/service/biboumi/systemd/biboumi.service @@ -1,7 +1,7 @@ [Unit] Description=Biboumi IRC gateway for XMPP -Wants=container-build@%N.service prosody.service -After=container-build@%N.service prosody.service +Wants=container-build@%N.service container-volume@%N.service prosody.service +After=container-build@%N.service container-volume@%N.service prosody.service [Service] Type=notify diff --git a/config/service/discord-ircd/systemd/discord-ircd.service b/config/service/discord-ircd/systemd/discord-ircd.service index 9a73746..de96fd7 100644 --- a/config/service/discord-ircd/systemd/discord-ircd.service +++ b/config/service/discord-ircd/systemd/discord-ircd.service @@ -1,7 +1,7 @@ [Unit] Description=Reliable Discord-Client IRC Daemon -Wants=container-build@%N.service -After=container-build@%N.service +Wants=container-build@%N.service container-volume@%N.service +After=container-build@%N.service container-volume@%N.service [Service] Type=notify diff --git a/config/service/dovecot/systemd/dovecot.service b/config/service/dovecot/systemd/dovecot.service index e63b54e..82cc9dc 100644 --- a/config/service/dovecot/systemd/dovecot.service +++ b/config/service/dovecot/systemd/dovecot.service @@ -1,7 +1,7 @@ [Unit] Description=Dovecot POP3/IMAP server -Wants=container-build@%N.service mariadb.service rspamd.service -After=container-build@%N.service mariadb.service rspamd.service +Wants=container-build@%N.service container-volume@%N.service mariadb.service rspamd.service +After=container-build@%N.service container-volume@%N.service mariadb.service rspamd.service [Service] Type=notify diff --git a/config/service/git/systemd/git.service b/config/service/git/systemd/git.service index 8783955..8b81021 100644 --- a/config/service/git/systemd/git.service +++ b/config/service/git/systemd/git.service @@ -1,7 +1,7 @@ [Unit] Description=Git server over SSH -Wants=container-build@%N.service -After=container-build@%N.service +Wants=container-build@%N.service container-volume@%N.service +After=container-build@%N.service container-volume@%N.service [Service] Type=notify diff --git a/config/service/mariadb/systemd/mariadb.service b/config/service/mariadb/systemd/mariadb.service index 1b3fe80..3fd1ce7 100644 --- a/config/service/mariadb/systemd/mariadb.service +++ b/config/service/mariadb/systemd/mariadb.service @@ -1,7 +1,7 @@ [Unit] Description=MariaDB SQL Database -Wants=container-build@%N.service -After=container-build@%N.service +Wants=container-build@%N.service container-volume@%N.service +After=container-build@%N.service container-volume@%N.service [Service] Type=notify diff --git a/config/service/nginx/systemd/nginx-serve-php@.service b/config/service/nginx/systemd/nginx-serve-php@.service index c03dbbe..dd89afe 100644 --- a/config/service/nginx/systemd/nginx-serve-php@.service +++ b/config/service/nginx/systemd/nginx-serve-php@.service @@ -1,7 +1,7 @@ [Unit] Description=NGINX PHP web service for %I -Wants=container-build@%i.service nginx.service nginx-proxy-http@%i.service -After=container-build@%i.service nginx.service +Wants=container-build@%i.service container-volume@%i.service nginx.service nginx-proxy-http@%i.service +After=container-build@%i.service container-volume@%i.service nginx.service Before=nginx-proxy-http@%i.service [Service] diff --git a/config/service/prosody/systemd/prosody.service b/config/service/prosody/systemd/prosody.service index cde24af..d30f18c 100644 --- a/config/service/prosody/systemd/prosody.service +++ b/config/service/prosody/systemd/prosody.service @@ -1,7 +1,7 @@ [Unit] Description=Prosody XMPP server -Wants=container-build@%N.service mariadb.service dovecot.service -After=container-build@%N.service mariadb.service dovecot.service +Wants=container-build@%N.service container-volume@%N.service mariadb.service dovecot.service +After=container-build@%N.service container-volume@%N.service mariadb.service dovecot.service [Service] Type=notify diff --git a/config/service/radicale/systemd/radicale.service b/config/service/radicale/systemd/radicale.service index a82a8c3..1ee1f27 100644 --- a/config/service/radicale/systemd/radicale.service +++ b/config/service/radicale/systemd/radicale.service @@ -1,7 +1,7 @@ [Unit] Description=Radicale CalDAV and CardDAV server -Wants=container-build@%N.service dovecot.service -After=container-build@%N.service dovecot.service +Wants=container-build@%N.service container-volume@%N.service dovecot.service +After=container-build@%N.service container-volume@%N.service dovecot.service [Service] Type=notify diff --git a/config/service/redis/systemd/redis.service b/config/service/redis/systemd/redis.service index a9a0f73..de9342a 100644 --- a/config/service/redis/systemd/redis.service +++ b/config/service/redis/systemd/redis.service @@ -1,7 +1,7 @@ [Unit] Description=Redis Key-Value Store -Wants=container-build@%N.service -After=container-build@%N.service +Wants=container-build@%N.service container-volume@%N.service +After=container-build@%N.service container-volume@%N.service [Service] Type=notify diff --git a/config/service/rspamd/systemd/rspamd.service b/config/service/rspamd/systemd/rspamd.service index 8e8e8dc..b6c5c90 100644 --- a/config/service/rspamd/systemd/rspamd.service +++ b/config/service/rspamd/systemd/rspamd.service @@ -1,7 +1,7 @@ [Unit] Description=Rspamd spam filtering system -Wants=container-build@%N.service redis.service -After=container-build@%N.service redis.service +Wants=container-build@%N.service container-volume@%N.service redis.service +After=container-build@%N.service container-volume@%N.service redis.service [Service] Type=notify diff --git a/config/service/spectrum/systemd/spectrum.service b/config/service/spectrum/systemd/spectrum.service index 7ebf1c3..c6e1cec 100644 --- a/config/service/spectrum/systemd/spectrum.service +++ b/config/service/spectrum/systemd/spectrum.service @@ -1,7 +1,7 @@ [Unit] Description=Spectrum IM Transport for XMPP -Wants=container-build@%N.service prosody.service -After=container-build@%N.service prosody.service +Wants=container-build@%N.service container-volume@%N.service prosody.service +After=container-build@%N.service container-volume@%N.service prosody.service [Service] Type=notify