Initial backup skill implementation
This commit is contained in:
Azat
169
SKILL.md
Normal file
169
SKILL.md
Normal file
@@ -0,0 +1,169 @@
|
||||
---
|
||||
name: backup
|
||||
description: Automated backup and restore using restic
|
||||
metadata:
|
||||
version: "1.0.0"
|
||||
vibestack:
|
||||
main: false
|
||||
---
|
||||
|
||||
# Backup Skill
|
||||
|
||||
Automated backup and restore for all VibeStack data using [restic](https://restic.net/).
|
||||
|
||||
## Features
|
||||
|
||||
- Incremental, encrypted backups
|
||||
- Multiple backup targets (local, S3, B2, SFTP)
|
||||
- Scheduled automatic backups via cron
|
||||
- Retention policy management
|
||||
- Point-in-time restore
|
||||
- PostgreSQL-aware backups (pg_dump)
|
||||
|
||||
## Configuration
|
||||
|
||||
### Environment Variables
|
||||
|
||||
| Variable | Default | Description |
|
||||
|----------|---------|-------------|
|
||||
| `BACKUP_SCHEDULE` | `0 3 * * *` | Cron schedule (default: 3am daily) |
|
||||
| `BACKUP_RETENTION` | `7d` | Retention period |
|
||||
| `BACKUP_TARGET` | `/backups` | Local backup directory |
|
||||
| `BACKUP_PASSWORD` | (required) | Encryption password |
|
||||
| `BACKUP_S3_BUCKET` | (none) | S3 bucket URL (e.g., `s3:bucket-name/path`) |
|
||||
| `BACKUP_S3_ACCESS_KEY` | (none) | S3 access key |
|
||||
| `BACKUP_S3_SECRET_KEY` | (none) | S3 secret key |
|
||||
| `BACKUP_B2_ACCOUNT_ID` | (none) | Backblaze B2 account ID |
|
||||
| `BACKUP_B2_ACCOUNT_KEY` | (none) | Backblaze B2 account key |
|
||||
| `BACKUP_B2_BUCKET` | (none) | B2 bucket name |
|
||||
| `BACKUP_SFTP_HOST` | (none) | SFTP host for remote backup |
|
||||
| `BACKUP_SFTP_USER` | (none) | SFTP username |
|
||||
| `BACKUP_SFTP_PATH` | (none) | SFTP path |
|
||||
|
||||
## What Gets Backed Up
|
||||
|
||||
| Path | Description |
|
||||
|------|-------------|
|
||||
| `/data/postgres` | PostgreSQL data (via pg_dump) |
|
||||
| `/data/redis` | Redis persistence files |
|
||||
| `/data/duckdb` | DuckDB databases |
|
||||
| `/data/loki` | Log data |
|
||||
| `/data/caddy` | TLS certificates |
|
||||
| `/personalities` | Agent personality configs |
|
||||
| `/workspaces` | Agent workspaces |
|
||||
|
||||
## Usage
|
||||
|
||||
### Manual Backup
|
||||
|
||||
```bash
|
||||
# Trigger immediate backup
|
||||
/skills/backup/scripts/backup.sh
|
||||
|
||||
# Backup specific path
|
||||
/skills/backup/scripts/backup.sh /data/postgres
|
||||
```
|
||||
|
||||
### Manual Restore
|
||||
|
||||
```bash
|
||||
# List available snapshots
|
||||
/skills/backup/scripts/restore.sh --list
|
||||
|
||||
# Restore latest snapshot
|
||||
/skills/backup/scripts/restore.sh --latest
|
||||
|
||||
# Restore specific snapshot
|
||||
/skills/backup/scripts/restore.sh --snapshot abc123
|
||||
|
||||
# Restore specific path
|
||||
/skills/backup/scripts/restore.sh --latest --path /data/postgres
|
||||
```
|
||||
|
||||
### Check Backup Status
|
||||
|
||||
```bash
|
||||
# Show backup stats
|
||||
restic -r "$BACKUP_TARGET" stats
|
||||
|
||||
# List snapshots
|
||||
restic -r "$BACKUP_TARGET" snapshots
|
||||
```
|
||||
|
||||
## Backup Targets
|
||||
|
||||
### Local (default)
|
||||
|
||||
```bash
|
||||
BACKUP_TARGET=/backups
|
||||
BACKUP_PASSWORD=your-secret-password
|
||||
```
|
||||
|
||||
### Amazon S3
|
||||
|
||||
```bash
|
||||
BACKUP_TARGET=s3:my-bucket/vibestack-backups
|
||||
BACKUP_S3_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE
|
||||
BACKUP_S3_SECRET_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
|
||||
BACKUP_PASSWORD=your-secret-password
|
||||
```
|
||||
|
||||
### Backblaze B2
|
||||
|
||||
```bash
|
||||
BACKUP_TARGET=b2:my-bucket:/vibestack-backups
|
||||
BACKUP_B2_ACCOUNT_ID=your-account-id
|
||||
BACKUP_B2_ACCOUNT_KEY=your-account-key
|
||||
BACKUP_PASSWORD=your-secret-password
|
||||
```
|
||||
|
||||
### SFTP
|
||||
|
||||
```bash
|
||||
BACKUP_TARGET=sftp:user@host:/path/to/backups
|
||||
BACKUP_SFTP_HOST=backup.example.com
|
||||
BACKUP_SFTP_USER=backup
|
||||
BACKUP_PASSWORD=your-secret-password
|
||||
```
|
||||
|
||||
## Retention Policy
|
||||
|
||||
The `BACKUP_RETENTION` variable controls how long backups are kept:
|
||||
|
||||
| Format | Example | Description |
|
||||
|--------|---------|-------------|
|
||||
| `Xd` | `7d` | Keep backups for X days |
|
||||
| `Xw` | `4w` | Keep backups for X weeks |
|
||||
| `Xm` | `3m` | Keep backups for X months |
|
||||
|
||||
Restic's `forget` command with `--keep-within` is used to enforce retention.
|
||||
|
||||
## PostgreSQL Backups
|
||||
|
||||
When PostgreSQL is detected, the backup skill:
|
||||
1. Runs `pg_dump` to create a consistent SQL dump
|
||||
2. Stores the dump at `/data/postgres/backup.sql`
|
||||
3. Includes it in the restic backup
|
||||
|
||||
This ensures database consistency during backup.
|
||||
|
||||
## Monitoring
|
||||
|
||||
Backup status is written to `/run/vibestack/backup-status.json`:
|
||||
|
||||
```json
|
||||
{
|
||||
"last_backup": "2024-01-15T03:00:00Z",
|
||||
"last_status": "success",
|
||||
"snapshot_id": "abc123def",
|
||||
"duration_seconds": 45,
|
||||
"bytes_added": 1048576
|
||||
}
|
||||
```
|
||||
|
||||
## Security
|
||||
|
||||
1. **Always set a strong `BACKUP_PASSWORD`** - backups are encrypted with this
|
||||
2. Store credentials securely (use environment variables, not files)
|
||||
3. Test restore procedure regularly
|
||||
4. Keep backup target separate from primary data
|
||||
Reference in New Issue
Block a user