4.1 KiB
4.1 KiB
name, description, metadata
| name | description | metadata | ||||||
|---|---|---|---|---|---|---|---|---|
| backup | Automated backup and restore using restic |
|
Backup Skill
Automated backup and restore for all VibeStack data using restic.
Features
- Incremental, encrypted backups
- Multiple backup targets (local, S3, B2, SFTP)
- Scheduled automatic backups via cron
- Retention policy management
- Point-in-time restore
- PostgreSQL-aware backups (pg_dump)
Configuration
Environment Variables
| Variable | Default | Description |
|---|---|---|
BACKUP_SCHEDULE |
0 3 * * * |
Cron schedule (default: 3am daily) |
BACKUP_RETENTION |
7d |
Retention period |
BACKUP_TARGET |
/backups |
Local backup directory |
BACKUP_PASSWORD |
(required) | Encryption password |
BACKUP_S3_BUCKET |
(none) | S3 bucket URL (e.g., s3:bucket-name/path) |
BACKUP_S3_ACCESS_KEY |
(none) | S3 access key |
BACKUP_S3_SECRET_KEY |
(none) | S3 secret key |
BACKUP_B2_ACCOUNT_ID |
(none) | Backblaze B2 account ID |
BACKUP_B2_ACCOUNT_KEY |
(none) | Backblaze B2 account key |
BACKUP_B2_BUCKET |
(none) | B2 bucket name |
BACKUP_SFTP_HOST |
(none) | SFTP host for remote backup |
BACKUP_SFTP_USER |
(none) | SFTP username |
BACKUP_SFTP_PATH |
(none) | SFTP path |
What Gets Backed Up
| Path | Description |
|---|---|
/data/postgres |
PostgreSQL data (via pg_dump) |
/data/redis |
Redis persistence files |
/data/duckdb |
DuckDB databases |
/data/loki |
Log data |
/data/caddy |
TLS certificates |
/personalities |
Agent personality configs |
/workspaces |
Agent workspaces |
Usage
Manual Backup
# Trigger immediate backup
/skills/backup/scripts/backup.sh
# Backup specific path
/skills/backup/scripts/backup.sh /data/postgres
Manual Restore
# List available snapshots
/skills/backup/scripts/restore.sh --list
# Restore latest snapshot
/skills/backup/scripts/restore.sh --latest
# Restore specific snapshot
/skills/backup/scripts/restore.sh --snapshot abc123
# Restore specific path
/skills/backup/scripts/restore.sh --latest --path /data/postgres
Check Backup Status
# Show backup stats
restic -r "$BACKUP_TARGET" stats
# List snapshots
restic -r "$BACKUP_TARGET" snapshots
Backup Targets
Local (default)
BACKUP_TARGET=/backups
BACKUP_PASSWORD=your-secret-password
Amazon S3
BACKUP_TARGET=s3:my-bucket/vibestack-backups
BACKUP_S3_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE
BACKUP_S3_SECRET_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
BACKUP_PASSWORD=your-secret-password
Backblaze B2
BACKUP_TARGET=b2:my-bucket:/vibestack-backups
BACKUP_B2_ACCOUNT_ID=your-account-id
BACKUP_B2_ACCOUNT_KEY=your-account-key
BACKUP_PASSWORD=your-secret-password
SFTP
BACKUP_TARGET=sftp:user@host:/path/to/backups
BACKUP_SFTP_HOST=backup.example.com
BACKUP_SFTP_USER=backup
BACKUP_PASSWORD=your-secret-password
Retention Policy
The BACKUP_RETENTION variable controls how long backups are kept:
| Format | Example | Description |
|---|---|---|
Xd |
7d |
Keep backups for X days |
Xw |
4w |
Keep backups for X weeks |
Xm |
3m |
Keep backups for X months |
Restic's forget command with --keep-within is used to enforce retention.
PostgreSQL Backups
When PostgreSQL is detected, the backup skill:
- Runs
pg_dumpto create a consistent SQL dump - Stores the dump at
/data/postgres/backup.sql - Includes it in the restic backup
This ensures database consistency during backup.
Monitoring
Backup status is written to /run/vibestack/backup-status.json:
{
"last_backup": "2024-01-15T03:00:00Z",
"last_status": "success",
"snapshot_id": "abc123def",
"duration_seconds": 45,
"bytes_added": 1048576
}
Security
- Always set a strong
BACKUP_PASSWORD- backups are encrypted with this - Store credentials securely (use environment variables, not files)
- Test restore procedure regularly
- Keep backup target separate from primary data