Matrix backup draft

app/backup/build/backup-matrix/Dockerfile

@@ -0,0 +1,22 @@
+FROM golang:buster as builder
+
+WORKDIR /root
+RUN git clone https://filippo.io/age && cd age/cmd/age && go build -o age .
+
+FROM amd64/debian:buster
+
+COPY --from=builder /root/age/cmd/age/age /usr/local/bin/age
+
+RUN apt-get update && \
+	apt-get -qq -y full-upgrade && \
+	apt-get install -y rsync wget openssh-client postgresql-client && \
+	apt-get clean && \
+	rm -f /var/lib/apt/lists/*_*
+
+RUN mkdir -p /root/.ssh
+WORKDIR /root
+
+COPY do_backup.sh /root/do_backup.sh
+
+CMD "/root/do_backup.sh"
+

app/backup/build/backup-matrix/do_backup.sh

@@ -0,0 +1,27 @@
+#!/bin/sh
+
+set -x -e
+
+cd /root
+
+chmod 0600 .ssh/id_ed25519
+
+cat > .ssh/config <<EOF
+Host backuphost
+	HostName $TARGET_SSH_HOST
+	Port $TARGET_SSH_PORT
+	User $TARGET_SSH_USER
+EOF
+
+echo "export sql"
+# note, -Fc means that postgresql compresses the output
+PGPASSWORD=$MATRIX_PSQL_PWD
+pg_dump -v -Fc -U $MATRIX_PSQL_USER -h psql-proxy.service.2.cluster.deuxfleurs.fr $MATRIX_PSQL_DB | \
+	age -r "$(cat /root/.ssh/id_ed25519.pub)" | \
+	ssh backuphost "cat > $TARGET_SSH_DIR/matrix/db-$(date --iso-8601=minute).gz.age"
+
+MATRIX_MEDIA="/mnt/glusterfs/chat/matrix/synapse/media"
+echo "export local_content"
+tar -vcf - ${MATRIX_MEDIA} | \
+	age -r "$(cat /root/.ssh/id_ed25519.pub)" | \
+	ssh backuphost "cat > $TARGET_SSH_DIR/matrix/media-$(date --iso-8601=minute).gz.age"

app/backup/deploy/backup-manual.hcl

@@ -0,0 +1,62 @@
+job "backup_manual" {
+	datacenters = ["dc1"]
+
+	type = "batch"
+
+	task "backup-matrix" {
+		driver = "docker"
+
+			config {
+				image = "superboum/backup_matrix:1"
+				volumes = [
+					"secrets/id_ed25519:/root/.ssh/id_ed25519",
+					"secrets/id_ed25519.pub:/root/.ssh/id_ed25519.pub",
+					"secrets/known_hosts:/root/.ssh/known_hosts"
+				]
+				network_mode = "host"
+			}
+
+		env {
+			CONSUL_HTTP_ADDR = "http://consul.service.2.cluster.deuxfleurs.fr:8500"
+		}
+
+		template {
+			data = <<EOH
+TARGET_SSH_USER={{ key "secrets/backup/target_ssh_user" }}
+TARGET_SSH_PORT={{ key "secrets/backup/target_ssh_port" }}
+TARGET_SSH_HOST={{ key "secrets/backup/target_ssh_host" }}
+TARGET_SSH_DIR={{ key "secrets/backup/target_ssh_dir" }}
+MATRIX_PSQL_DB={{ key "secrets/chat/synapse/postgres_db" }}
+MATRIX_PSQL_USER={{ key "secrets/chat/synapse/postgres_user" }}
+MATRIX_PSQL_PWD={{ key "secrets/chat/synapse/postgres_pwd" }}
+EOH
+
+			destination = "secrets/env_vars"
+			env = true
+		}
+
+		template {
+			data = "{{ key \"secrets/backup/id_ed25519\" }}"
+			destination = "secrets/id_ed25519"
+		}
+		template {
+			data = "{{ key \"secrets/backup/id_ed25519.pub\" }}"
+			destination = "secrets/id_ed25519.pub"
+		}
+		template {
+			data = "{{ key \"secrets/backup/target_ssh_fingerprint\" }}"
+			destination = "secrets/known_hosts"
+		}
+
+		resources {
+			memory = 200
+		}
+
+		restart {
+			attempts = 2
+			interval = "30m"
+			delay = "15s"
+			mode = "fail"
+		}
+	}
+}

app/docker-compose.yml

@@ -89,3 +89,13 @@ services:
         # https://packages.debian.org/fr/buster/postfix
         VERSION: 3.4.14-0+deb10u1
     image: superboum/amd64_postfix:v3
+
+  backup-consul:
+    build:
+      context: ./backup/build/backup-consul
+    image: lxpz/backup_consul:12
+
+  backup-matrix:
+    build:
+      context: ./backup/build/backup-matrix
+    image: superboum/backup_matrix:1