From 5de451d9d987ed5be93629d03f4212b0602732fa Mon Sep 17 00:00:00 2001
From: Michal 'vorner' Vaner <michal.vaner@nic.cz>
Date: Thu, 28 Nov 2013 09:55:30 +0100
Subject: [PATCH] Scripts for maintaining the databases

---
 backup/README        | 15 +++++++++++++++
 backup/backup-turris |  8 ++++++++
 backup/purge-backups |  9 +++++++++
 backup/store-backup  | 11 +++++++++++
 4 files changed, 43 insertions(+)
 create mode 100644 backup/README
 create mode 100644 backup/backup-turris
 create mode 100755 backup/purge-backups
 create mode 100644 backup/store-backup

diff --git a/backup/README b/backup/README
new file mode 100644
index 0000000..810e1c4
--- /dev/null
+++ b/backup/README
@@ -0,0 +1,15 @@
+Here are various scripts that help backing up the databases and maintaining
+them.
+
+Currenty, we have these:
+
+backup-turris::
+  Backs up the main turris database from db.turris.cz to archive.turris.cz, in
+  a strongly encrypted form. This should be run from cron.
+
+store-backup::
+  A forced command for SSH, on the receiving side. This will accept the data
+  and store it into a file. This is configured with a key in .ssh/authorized_keys.
+
+purge-backups::
+  This is run on archive.turris.cz, to clean up old database backups.
diff --git a/backup/backup-turris b/backup/backup-turris
new file mode 100644
index 0000000..03ba525
--- /dev/null
+++ b/backup/backup-turris
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+set -xe
+
+renice -n 10 -p $$
+# Use compression externally from pg_dump ‒ xz is better than gz and this can run on separate core
+# The xz -5 is a compromise between size and speed. But we may revisit later, when the DB is larger.
+(echo turris ; pg_dump -Fc -Z 0 turris | xz -5 | gpg -e -r db@turris.cz) | ssh db-backup@217.31.192.99
diff --git a/backup/purge-backups b/backup/purge-backups
new file mode 100755
index 0000000..a4fe022
--- /dev/null
+++ b/backup/purge-backups
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+set -ex
+
+purge_dir() {
+	find "$1" -mtime +"$2" -delete
+}
+
+purge_dir turris 8
diff --git a/backup/store-backup b/backup/store-backup
new file mode 100644
index 0000000..f0a0ed5
--- /dev/null
+++ b/backup/store-backup
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+# The first line of the remote command should be the directory to store to
+read DIRECTORY
+cd "$DIRECTORY"
+DATE="$(date +%Y-%m-%d-%H-%M)"
+NAME="$DATE".dbdump.xz.gpg
+touch "$NAME"
+chmod 0600 "$NAME"
+cat >"$NAME"
+chmod 0400 "$NAME"
-- 
GitLab