vaultwarden: backup vault every day

services/vaultwarden/.env

@@ -1,2 +1,5 @@
 DATA_PATH="/home/vm-user/local-apps/vaultwarden"
 DOMAIN="https://vault.davydovcloud.com"
+VAULTWARDEN_CONTAINER_NAME='vaultwarden'
+BACKUP_DIR="/home/vm-user/remote-apps/vaultwarden-backups"
+CRON_SCHEDULE="0 4 * * *"

services/vaultwarden/docker-compose.yml

@@ -1,7 +1,7 @@
 services:
   vaultwarden:
     image: vaultwarden/server:latest
-    container_name: vaultwarden
+    container_name: ${VAULTWARDEN_CONTAINER_NAME}
     restart: unless-stopped
     ports:
      - ${SVC_PORT_1}:80
@@ -11,3 +11,21 @@ services:
      - WEBSOCKET_ENABLED=true
      - SIGNUPS_ALLOWED=true
      - DOMAIN=${DOMAIN}
+
+  backup:
+    build: 
+      context: vault-backup-manager
+      args:
+        CRON_SCHEDULE: ${CRON_SCHEDULE}  # Adjust the schedule as needed
+    container_name: vaultwarden-backup
+    restart: unless-stopped
+    environment:
+      - USER_UID=1001
+      - USER_GID=1001
+      - VAULTWARDEN_CONTAINER_NAME=${VAULTWARDEN_CONTAINER_NAME}
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock  # Allow Docker commands to run
+      - ${BACKUP_DIR}:/backup  # Mount backup directory
+      - ${DATA_PATH}:/data # Mount data directory
+    depends_on:
+      - vaultwarden

services/vaultwarden/vault-backup-manager/Dockerfile

@@ -0,0 +1,22 @@
+FROM alpine:latest
+
+# Install necessary packages
+RUN apk add --no-cache bash docker-cli curl
+
+# Copy the backup script into the container
+COPY backup.sh /usr/local/bin/backup.sh
+
+# Make the script executable
+RUN chmod +x /usr/local/bin/backup.sh
+
+# Install cron
+RUN apk add --no-cache openrc
+
+# Accept CRON_SCHEDULE as a build argument
+ARG CRON_SCHEDULE
+
+# Add the cron job
+RUN echo "$CRON_SCHEDULE /usr/local/bin/backup.sh >> /proc/1/fd/1 2>> /proc/1/fd/2" > /etc/crontabs/root
+
+# Start cron in the foreground
+CMD ["crond", "-f"]

services/vaultwarden/vault-backup-manager/backup.sh

@@ -0,0 +1,52 @@
+#!/bin/bash
+
+# Set the script to exit immediately if any command fails
+set -e
+
+# Function to log messages
+log() {
+    echo "$(date +'%Y-%m-%d %H:%M:%S') - $1"
+}
+
+DATE=$(date +%Y%m%d%H%M)
+BACKUP_DIR=/backup
+BACKUP_FILE=vaultwarden-snapshot-$DATE.tar.gz
+CONTAINER=${VAULTWARDEN_CONTAINER_NAME}
+CONTAINER_DATA_DIR=/data
+
+# Create backups directory if it does not exist
+mkdir -p $BACKUP_DIR
+log "Backup directory created at $BACKUP_DIR"
+
+# Stop the container
+log "Stopping container $CONTAINER"
+if /usr/bin/docker stop $CONTAINER; then
+    log "Container $CONTAINER stopped successfully"
+else
+    log "Failed to stop container $CONTAINER"
+    exit 1
+fi
+
+# Backup the vaultwarden data directory to the backup directory
+log "Backing up data from $CONTAINER_DATA_DIR to $BACKUP_DIR/$BACKUP_FILE"
+if tar -czf "$BACKUP_DIR/$BACKUP_FILE" "$CONTAINER_DATA_DIR"; then
+    log "Backup created successfully: $BACKUP_FILE"
+else
+    log "Backup failed"
+    exit 1
+fi
+
+# Restart the container
+log "Restarting container $CONTAINER"
+if /usr/bin/docker restart $CONTAINER; then
+    log "Container $CONTAINER restarted successfully"
+else
+    log "Failed to restart container $CONTAINER"
+    exit 1
+fi
+
+# To delete files older than 30 days
+log "Deleting backup files older than 30 days"
+find $BACKUP_DIR/* -mtime +30 -exec rm {} \; -print | while read -r file; do
+    log "Deleted old backup file: $file"
+done