diff --git a/backup/backup-remote.sh b/backup/backup-remote.sh index a32ce3b..07e5c50 100755 --- a/backup/backup-remote.sh +++ b/backup/backup-remote.sh @@ -30,9 +30,12 @@ mkdir -p "$W" echo "[backup] postgres pg_dumpall" >&2 docker exec foundation-postgres pg_dumpall -U postgres | gzip > "$W/postgres.sql.gz" -echo "[backup] forgejo git repos (tar.zst)" >&2 -# Forgejo keeps repos under /data/git; use the container's own tar (no extra image). -docker exec foundation-forgejo sh -c 'tar -C /data -cf - git' | zstd -q -T0 > "$W/forgejo-repos.tar.zst" +echo "[backup] forgejo data volume (tar.zst)" >&2 +# CONTRACT_004 §4.2 needs the git repos AND app.ini AND the host SSH keys — all live +# in the /data volume (git/, gitea/conf/app.ini, ssh/ssh_host_*). Tar the WHOLE volume +# (it is ~1 MB; the DB + LFS/packages are externalised to PG + RustFS, so /data has no +# large recreatable state at Layer 0). Use the container's own tar (no extra image). +docker exec foundation-forgejo sh -c 'tar -C /data -cf - .' | zstd -q -T0 > "$W/forgejo-repos.tar.zst" echo "[backup] vault raft snapshot" >&2 docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN="$VAULT_TOKEN" foundation-vault \