feat(backup): declare server databases + fail safe to stop on dump failure

- Add libreportal.backup.db labels to the MariaDB/Postgres apps (nextcloud,
  owncloud, bookstack, mastodon, invidious) so they back up live + consistent.
- If a declared dump cannot be taken (DB down, wrong path), the backup falls
  back to stop-snapshot-start for that run instead of snapshotting torn data —
  a misconfiguration degrades to 'safe with downtime', never to 'unsafe'.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
This commit is contained in:
librelad 2026-05-23 15:12:55 +01:00
parent cc2ea503ee
commit 69f7289b4a
7 changed files with 17 additions and 2 deletions

View File

@ -32,6 +32,7 @@ services:
labels:
libreportal.category: "CATEGORY_DATA" #LIBREPORTAL|CATEGORY_TAG|CATEGORY_DATA
libreportal.title: "TITLE_DATA" #LIBREPORTAL|TITLE_TAG|TITLE_DATA
libreportal.backup.db: "mariadb:bookstack_db:db:"
traefik.enable: TRAEFIK_ENABLE_DATA #LIBREPORTAL|TRAEFIK_ENABLE_TAG|TRAEFIK_ENABLE_DATA
# TRAEFIK_PORT_1_BEGIN
traefik.http.routers.bookstack-service.entrypoints: web,websecure

View File

@ -42,6 +42,7 @@ services:
labels:
libreportal.category: "CATEGORY_DATA" #LIBREPORTAL|CATEGORY_TAG|CATEGORY_DATA
libreportal.title: "TITLE_DATA" #LIBREPORTAL|TITLE_TAG|TITLE_DATA
libreportal.backup.db: "postgres:invidious-db:postgresdata:"
traefik.enable: TRAEFIK_ENABLE_DATA #LIBREPORTAL|TRAEFIK_ENABLE_TAG|TRAEFIK_ENABLE_DATA
# TRAEFIK_PORT_1_BEGIN
traefik.http.routers.invidious-service.entrypoints: web,websecure

View File

@ -36,6 +36,7 @@ services:
labels:
libreportal.category: "CATEGORY_DATA" #LIBREPORTAL|CATEGORY_TAG|CATEGORY_DATA
libreportal.title: "TITLE_DATA" #LIBREPORTAL|TITLE_TAG|TITLE_DATA
libreportal.backup.db: "postgres:mastodon-postgres:postgres:"
traefik.enable: TRAEFIK_ENABLE_DATA #LIBREPORTAL|TRAEFIK_ENABLE_TAG|TRAEFIK_ENABLE_DATA
# TRAEFIK_PORT_1_BEGIN
traefik.http.routers.mastodon-service.entrypoints: web,websecure

View File

@ -31,6 +31,7 @@ services:
labels:
libreportal.category: "CATEGORY_DATA" #LIBREPORTAL|CATEGORY_TAG|CATEGORY_DATA
libreportal.title: "TITLE_DATA" #LIBREPORTAL|TITLE_TAG|TITLE_DATA
libreportal.backup.db: "mariadb:nextcloud-db:db_data:"
traefik.enable: TRAEFIK_ENABLE_DATA #LIBREPORTAL|TRAEFIK_ENABLE_TAG|TRAEFIK_ENABLE_DATA
# TRAEFIK_PORT_1_BEGIN
traefik.http.routers.nextcloud-service.entrypoints: web,websecure

View File

@ -32,6 +32,7 @@ services:
labels:
libreportal.category: "CATEGORY_DATA" #LIBREPORTAL|CATEGORY_TAG|CATEGORY_DATA
libreportal.title: "TITLE_DATA" #LIBREPORTAL|TITLE_TAG|TITLE_DATA
libreportal.backup.db: "mariadb:owncloud-mariadb:mysql:"
traefik.enable: TRAEFIK_ENABLE_DATA #LIBREPORTAL|TRAEFIK_ENABLE_TAG|TRAEFIK_ENABLE_DATA
# TRAEFIK_PORT_1_BEGIN
traefik.http.routers.owncloud-service.entrypoints: web,websecure

View File

@ -41,7 +41,12 @@ backupAppStart()
dockerComposePause "$stored_app_name" 2>/dev/null || dockerComposeDown "$stored_app_name"
elif [[ "$strategy" == "live" ]]; then
isNotice "Live strategy — containers stay running; databases dumped consistently"
backupDbDump "$stored_app_name"
if ! backupDbDump "$stored_app_name"; then
isError "Live database dump failed — falling back to stop-snapshot-start for safety"
sudo rm -rf "${containers_dir:?}$stored_app_name/.lp-backup"
strategy="stop-snapshot-start"
dockerComposeDown "$stored_app_name"
fi
else
dockerComposeDown "$stored_app_name"
fi

View File

@ -159,7 +159,12 @@ backupDbDump()
isNotice "Dumping sqlite ($path) — live, consistent"
local src="$app_dir/$path"
if [[ ! -f "$src" ]]; then
isNotice "sqlite file $path not present yet — skipping"
# Declared but not found — could be a fresh app, or a wrong
# path. Treat as a dump failure so the caller falls back to
# the safe stop-snapshot-start rather than snapshotting a
# live sqlite file untorn.
isError "sqlite file $path not found — cannot dump"
rc=1
continue
fi
# .backup takes a consistent copy even while the app writes.