From 4cc5d10f5120dfb9c947ed642cc6de1cdb04b016 Mon Sep 17 00:00:00 2001 From: Andreas Niemann Date: Tue, 30 Jun 2026 23:58:07 +0200 Subject: [PATCH] fix(backup): bundle the whole forgejo /data (app.ini + ssh host keys) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The backup tarred only /data/git, but CONTRACT_004 §4.2 requires the git repos AND app.ini AND the host SSH keys — without app.ini a restored Forgejo has no DB/S3 config and won't start. Discovered during the T13 DR rehearsal: restore reached Forgejo and it had nothing to configure from. Tar the whole /data volume (git/, gitea/conf/app.ini, ssh/ssh_host_*). It is ~1 MB at Layer 0 — the DB and LFS/packages are externalised to Postgres + RustFS, so /data holds no large recreatable state. Restored end-to-end on a fresh VM: Forgejo comes up fully configured against the restored PG + RustFS. Co-Authored-By: Claude Opus 4.8 (1M context) --- backup/backup-remote.sh | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/backup/backup-remote.sh b/backup/backup-remote.sh index a32ce3b..07e5c50 100755 --- a/backup/backup-remote.sh +++ b/backup/backup-remote.sh @@ -30,9 +30,12 @@ mkdir -p "$W" echo "[backup] postgres pg_dumpall" >&2 docker exec foundation-postgres pg_dumpall -U postgres | gzip > "$W/postgres.sql.gz" -echo "[backup] forgejo git repos (tar.zst)" >&2 -# Forgejo keeps repos under /data/git; use the container's own tar (no extra image). -docker exec foundation-forgejo sh -c 'tar -C /data -cf - git' | zstd -q -T0 > "$W/forgejo-repos.tar.zst" +echo "[backup] forgejo data volume (tar.zst)" >&2 +# CONTRACT_004 §4.2 needs the git repos AND app.ini AND the host SSH keys — all live +# in the /data volume (git/, gitea/conf/app.ini, ssh/ssh_host_*). Tar the WHOLE volume +# (it is ~1 MB; the DB + LFS/packages are externalised to PG + RustFS, so /data has no +# large recreatable state at Layer 0). Use the container's own tar (no extra image). +docker exec foundation-forgejo sh -c 'tar -C /data -cf - .' | zstd -q -T0 > "$W/forgejo-repos.tar.zst" echo "[backup] vault raft snapshot" >&2 docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN="$VAULT_TOKEN" foundation-vault \