From 7e5768b449da5b855fc579ac4f6d03f2ccb3e7c2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ma=C3=ABl=20Gramain?= <mael@enpls.org>
Date: Tue, 22 Oct 2024 21:14:57 +0200
Subject: [PATCH] add restic for mep-1

---
 compute-1-mep/restic/README.md           |  7 ++++
 compute-1-mep/restic/docker-compose.yaml | 45 ++++++++++++++++++++++++
 compute-1-mep/restic/pre_deploy.sh       |  5 +++
 3 files changed, 57 insertions(+)
 create mode 100644 compute-1-mep/restic/README.md
 create mode 100644 compute-1-mep/restic/docker-compose.yaml
 create mode 100644 compute-1-mep/restic/pre_deploy.sh

diff --git a/compute-1-mep/restic/README.md b/compute-1-mep/restic/README.md
new file mode 100644
index 0000000..5fe602b
--- /dev/null
+++ b/compute-1-mep/restic/README.md
@@ -0,0 +1,7 @@
+# Restic
+
+Restic is the tool used to backup and restore data on the compute-1-mep server.
+
+The ``pre_deploy.sh`` script is used as a Pre-Deploy shell command in the Komodo UI to deploy the restic container on the server with the required secrets.
+
+Backups are ran at 
\ No newline at end of file
diff --git a/compute-1-mep/restic/docker-compose.yaml b/compute-1-mep/restic/docker-compose.yaml
new file mode 100644
index 0000000..c672d88
--- /dev/null
+++ b/compute-1-mep/restic/docker-compose.yaml
@@ -0,0 +1,45 @@
+services:
+  backup:
+    image: mazzolino/restic:1.7.2
+    hostname: docker
+    restart: unless-stopped
+    environment:
+      RUN_ON_STARTUP: "false"
+      BACKUP_CRON: "0 30 2 * * *"
+      RESTIC_REPOSITORY: ${RESTIC_BASE_URL}/compute-1-mep
+      RESTIC_PASSWORD: ${RESTIC_PASSWORD}
+      RESTIC_BACKUP_SOURCES: >-
+        /mnt/volumes/forgejo_server/
+        /mnt/volumes/freshrss_freshrss_data/
+        /mnt/volumes/haste_hastes/
+        /mnt/volumes/searx_server/
+        /mnt/volumes/wallabag_wallabag/
+      RESTIC_BACKUP_ARGS: >-
+        --tag plan:dockervol_dump --tag created-by:compute_1_mep
+        --exclude *.tmp --exclude *.log --exclude *.bak
+        --exclude /mnt/volumes/forgejo_server/_data/gitea/repositories
+        --verbose
+      RESTIC_FORGET_ARGS: >-
+        --keep-last 3
+        --keep-daily 7
+        --keep-weekly 5
+        --keep-monthly 12
+      TZ: Europe/Paris
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /var/lib/docker/volumes:/mnt/volumes:ro
+      - ./ssh:/run/secrets/.ssh:ro
+
+  prune:
+    image: mazzolino/restic:1.7.2
+    hostname: docker
+    restart: unless-stopped
+    environment:
+      SKIP_INIT: "true"
+      RUN_ON_STARTUP: "false"
+      PRUNE_CRON: "0 30 5 * * *"
+      RESTIC_REPOSITORY: ${RESTIC_BASE_URL}/compute-1-mep
+      RESTIC_PASSWORD: ${RESTIC_PASSWORD}
+      TZ: Europe/Paris
+    volumes:
+      - ./ssh:/run/secrets/.ssh:ro
diff --git a/compute-1-mep/restic/pre_deploy.sh b/compute-1-mep/restic/pre_deploy.sh
new file mode 100644
index 0000000..1cf8f13
--- /dev/null
+++ b/compute-1-mep/restic/pre_deploy.sh
@@ -0,0 +1,5 @@
+mkdir -p ssh
+rm -rf .ssh/*
+echo -n '[[RESTIC_PRIVKEY]]' | base64 --decode > ./ssh/id_ed25519
+echo -n '[[RESTIC_PUBKEY]]' | base64 --decode > ./ssh/id_ed25519.pub
+echo -n '[[RESTIC_KNOWN_HOSTS]]' | base64 --decode  > ./ssh/known_hosts