diff --git a/services/vaultwarden/.env b/services/vaultwarden/.env index b99087d..984c69c 100644 --- a/services/vaultwarden/.env +++ b/services/vaultwarden/.env @@ -1,2 +1,5 @@ DATA_PATH="/home/vm-user/local-apps/vaultwarden" DOMAIN="https://vault.davydovcloud.com" +VAULTWARDEN_CONTAINER_NAME='vaultwarden' +BACKUP_DIR="/home/vm-user/remote-apps/vaultwarden-backups" +CRON_SCHEDULE="0 4 * * *" \ No newline at end of file diff --git a/services/vaultwarden/docker-compose.yml b/services/vaultwarden/docker-compose.yml index 9fce41d..2cb77a1 100644 --- a/services/vaultwarden/docker-compose.yml +++ b/services/vaultwarden/docker-compose.yml @@ -1,7 +1,7 @@ services: vaultwarden: image: vaultwarden/server:latest - container_name: vaultwarden + container_name: ${VAULTWARDEN_CONTAINER_NAME} restart: unless-stopped ports: - ${SVC_PORT_1}:80 @@ -10,4 +10,22 @@ services: environment: - WEBSOCKET_ENABLED=true - SIGNUPS_ALLOWED=true - - DOMAIN=${DOMAIN} \ No newline at end of file + - DOMAIN=${DOMAIN} + + backup: + build: + context: vault-backup-manager + args: + CRON_SCHEDULE: ${CRON_SCHEDULE} # Adjust the schedule as needed + container_name: vaultwarden-backup + restart: unless-stopped + environment: + - USER_UID=1001 + - USER_GID=1001 + - VAULTWARDEN_CONTAINER_NAME=${VAULTWARDEN_CONTAINER_NAME} + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Allow Docker commands to run + - ${BACKUP_DIR}:/backup # Mount backup directory + - ${DATA_PATH}:/data # Mount data directory + depends_on: + - vaultwarden \ No newline at end of file diff --git a/services/vaultwarden/vault-backup-manager/Dockerfile b/services/vaultwarden/vault-backup-manager/Dockerfile new file mode 100644 index 0000000..2555511 --- /dev/null +++ b/services/vaultwarden/vault-backup-manager/Dockerfile @@ -0,0 +1,22 @@ +FROM alpine:latest + +# Install necessary packages +RUN apk add --no-cache bash docker-cli curl + +# Copy the backup script into the container +COPY backup.sh /usr/local/bin/backup.sh + +# Make the script executable +RUN chmod +x /usr/local/bin/backup.sh + +# Install cron +RUN apk add --no-cache openrc + +# Accept CRON_SCHEDULE as a build argument +ARG CRON_SCHEDULE + +# Add the cron job +RUN echo "$CRON_SCHEDULE /usr/local/bin/backup.sh >> /proc/1/fd/1 2>> /proc/1/fd/2" > /etc/crontabs/root + +# Start cron in the foreground +CMD ["crond", "-f"] \ No newline at end of file diff --git a/services/vaultwarden/vault-backup-manager/backup.sh b/services/vaultwarden/vault-backup-manager/backup.sh new file mode 100644 index 0000000..76e0389 --- /dev/null +++ b/services/vaultwarden/vault-backup-manager/backup.sh @@ -0,0 +1,52 @@ +#!/bin/bash + +# Set the script to exit immediately if any command fails +set -e + +# Function to log messages +log() { + echo "$(date +'%Y-%m-%d %H:%M:%S') - $1" +} + +DATE=$(date +%Y%m%d%H%M) +BACKUP_DIR=/backup +BACKUP_FILE=vaultwarden-snapshot-$DATE.tar.gz +CONTAINER=${VAULTWARDEN_CONTAINER_NAME} +CONTAINER_DATA_DIR=/data + +# Create backups directory if it does not exist +mkdir -p $BACKUP_DIR +log "Backup directory created at $BACKUP_DIR" + +# Stop the container +log "Stopping container $CONTAINER" +if /usr/bin/docker stop $CONTAINER; then + log "Container $CONTAINER stopped successfully" +else + log "Failed to stop container $CONTAINER" + exit 1 +fi + +# Backup the vaultwarden data directory to the backup directory +log "Backing up data from $CONTAINER_DATA_DIR to $BACKUP_DIR/$BACKUP_FILE" +if tar -czf "$BACKUP_DIR/$BACKUP_FILE" "$CONTAINER_DATA_DIR"; then + log "Backup created successfully: $BACKUP_FILE" +else + log "Backup failed" + exit 1 +fi + +# Restart the container +log "Restarting container $CONTAINER" +if /usr/bin/docker restart $CONTAINER; then + log "Container $CONTAINER restarted successfully" +else + log "Failed to restart container $CONTAINER" + exit 1 +fi + +# To delete files older than 30 days +log "Deleting backup files older than 30 days" +find $BACKUP_DIR/* -mtime +30 -exec rm {} \; -print | while read -r file; do + log "Deleted old backup file: $file" +done