fix(backup): bundle the whole forgejo /data (app.ini + ssh host keys)
The backup tarred only /data/git, but CONTRACT_004 §4.2 requires the git repos AND app.ini AND the host SSH keys — without app.ini a restored Forgejo has no DB/S3 config and won't start. Discovered during the T13 DR rehearsal: restore reached Forgejo and it had nothing to configure from. Tar the whole /data volume (git/, gitea/conf/app.ini, ssh/ssh_host_*). It is ~1 MB at Layer 0 — the DB and LFS/packages are externalised to Postgres + RustFS, so /data holds no large recreatable state. Restored end-to-end on a fresh VM: Forgejo comes up fully configured against the restored PG + RustFS. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
82c34c9a42
commit
4cc5d10f51
1 changed files with 6 additions and 3 deletions
|
|
@ -30,9 +30,12 @@ mkdir -p "$W"
|
||||||
echo "[backup] postgres pg_dumpall" >&2
|
echo "[backup] postgres pg_dumpall" >&2
|
||||||
docker exec foundation-postgres pg_dumpall -U postgres | gzip > "$W/postgres.sql.gz"
|
docker exec foundation-postgres pg_dumpall -U postgres | gzip > "$W/postgres.sql.gz"
|
||||||
|
|
||||||
echo "[backup] forgejo git repos (tar.zst)" >&2
|
echo "[backup] forgejo data volume (tar.zst)" >&2
|
||||||
# Forgejo keeps repos under /data/git; use the container's own tar (no extra image).
|
# CONTRACT_004 §4.2 needs the git repos AND app.ini AND the host SSH keys — all live
|
||||||
docker exec foundation-forgejo sh -c 'tar -C /data -cf - git' | zstd -q -T0 > "$W/forgejo-repos.tar.zst"
|
# in the /data volume (git/, gitea/conf/app.ini, ssh/ssh_host_*). Tar the WHOLE volume
|
||||||
|
# (it is ~1 MB; the DB + LFS/packages are externalised to PG + RustFS, so /data has no
|
||||||
|
# large recreatable state at Layer 0). Use the container's own tar (no extra image).
|
||||||
|
docker exec foundation-forgejo sh -c 'tar -C /data -cf - .' | zstd -q -T0 > "$W/forgejo-repos.tar.zst"
|
||||||
|
|
||||||
echo "[backup] vault raft snapshot" >&2
|
echo "[backup] vault raft snapshot" >&2
|
||||||
docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN="$VAULT_TOKEN" foundation-vault \
|
docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN="$VAULT_TOKEN" foundation-vault \
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue