azat/backup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
backup/SKILL.md
Azat 5a92cac546 Initial backup skill implementation
2026-02-02 23:44:24 +01:00

170 lines
4.1 KiB
Markdown
Raw Permalink Blame History

---
name: backup
description: Automated backup and restore using restic
metadata:
version: "1.0.0"
vibestack:
main: false
---
# Backup Skill
Automated backup and restore for all VibeStack data using [restic](https://restic.net/).
## Features
- Incremental, encrypted backups
- Multiple backup targets (local, S3, B2, SFTP)
- Scheduled automatic backups via cron
- Retention policy management
- Point-in-time restore
- PostgreSQL-aware backups (pg_dump)
## Configuration
### Environment Variables
| Variable | Default | Description |
|----------|---------|-------------|
| `BACKUP_SCHEDULE` | `0 3 * * *` | Cron schedule (default: 3am daily) |
| `BACKUP_RETENTION` | `7d` | Retention period |
| `BACKUP_TARGET` | `/backups` | Local backup directory |
| `BACKUP_PASSWORD` | (required) | Encryption password |
| `BACKUP_S3_BUCKET` | (none) | S3 bucket URL (e.g., `s3:bucket-name/path`) |
| `BACKUP_S3_ACCESS_KEY` | (none) | S3 access key |
| `BACKUP_S3_SECRET_KEY` | (none) | S3 secret key |
| `BACKUP_B2_ACCOUNT_ID` | (none) | Backblaze B2 account ID |
| `BACKUP_B2_ACCOUNT_KEY` | (none) | Backblaze B2 account key |
| `BACKUP_B2_BUCKET` | (none) | B2 bucket name |
| `BACKUP_SFTP_HOST` | (none) | SFTP host for remote backup |
| `BACKUP_SFTP_USER` | (none) | SFTP username |
| `BACKUP_SFTP_PATH` | (none) | SFTP path |
## What Gets Backed Up
| Path | Description |
|------|-------------|
| `/data/postgres` | PostgreSQL data (via pg_dump) |
| `/data/redis` | Redis persistence files |
| `/data/duckdb` | DuckDB databases |
| `/data/loki` | Log data |
| `/data/caddy` | TLS certificates |
| `/personalities` | Agent personality configs |
| `/workspaces` | Agent workspaces |
## Usage
### Manual Backup
```bash
# Trigger immediate backup
/skills/backup/scripts/backup.sh
# Backup specific path
/skills/backup/scripts/backup.sh /data/postgres
```
### Manual Restore
```bash
# List available snapshots
/skills/backup/scripts/restore.sh --list
# Restore latest snapshot
/skills/backup/scripts/restore.sh --latest
# Restore specific snapshot
/skills/backup/scripts/restore.sh --snapshot abc123
# Restore specific path
/skills/backup/scripts/restore.sh --latest --path /data/postgres
```
### Check Backup Status
```bash
# Show backup stats
restic -r "$BACKUP_TARGET" stats
# List snapshots
restic -r "$BACKUP_TARGET" snapshots
```
## Backup Targets
### Local (default)
```bash
BACKUP_TARGET=/backups
BACKUP_PASSWORD=your-secret-password
```
### Amazon S3
```bash
BACKUP_TARGET=s3:my-bucket/vibestack-backups
BACKUP_S3_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE
BACKUP_S3_SECRET_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
BACKUP_PASSWORD=your-secret-password
```
### Backblaze B2
```bash
BACKUP_TARGET=b2:my-bucket:/vibestack-backups
BACKUP_B2_ACCOUNT_ID=your-account-id
BACKUP_B2_ACCOUNT_KEY=your-account-key
BACKUP_PASSWORD=your-secret-password
```
### SFTP
```bash
BACKUP_TARGET=sftp:user@host:/path/to/backups
BACKUP_SFTP_HOST=backup.example.com
BACKUP_SFTP_USER=backup
BACKUP_PASSWORD=your-secret-password
```
## Retention Policy
The `BACKUP_RETENTION` variable controls how long backups are kept:
| Format | Example | Description |
|--------|---------|-------------|
| `Xd` | `7d` | Keep backups for X days |
| `Xw` | `4w` | Keep backups for X weeks |
| `Xm` | `3m` | Keep backups for X months |
Restic's `forget` command with `--keep-within` is used to enforce retention.
## PostgreSQL Backups
When PostgreSQL is detected, the backup skill:
1. Runs `pg_dump` to create a consistent SQL dump
2. Stores the dump at `/data/postgres/backup.sql`
3. Includes it in the restic backup
This ensures database consistency during backup.
## Monitoring
Backup status is written to `/run/vibestack/backup-status.json`:
```json
{
"last_backup": "2024-01-15T03:00:00Z",
"last_status": "success",
"snapshot_id": "abc123def",
"duration_seconds": 45,
"bytes_added": 1048576
}
```
## Security
1. **Always set a strong `BACKUP_PASSWORD`** - backups are encrypted with this
2. Store credentials securely (use environment variables, not files)
3. Test restore procedure regularly
4. Keep backup target separate from primary data
Reference in New Issue View Git Blame Copy Permalink