janpeter/Ops-dashboard
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(backup): add ops-db backup commands, flow, and systemd timer

Browse source 
Adds pg_dump_ops_db, list_ops_backups, and cleanup_ops_backups to the
agent command whitelist. Includes a backup_ops_db flow YAML (dump +
30-day retention), and a systemd service/timer for daily automated
backups at 02:00.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Scrum4Me Agent 2026-05-13 20:07:14 +02:00
parent aa1fd41bec
commit 4dd0490afc
4 changed files with 85 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

20
deploy/ops-agent/ops-db-backup.service Normal file
View file

@ -0,0 +1,20 @@
[Unit]
Description=Daily backup of ops_dashboard database
After=network.target ops-agent.service
[Service]
Type=oneshot
User=ops-agent
Group=ops-agent
# Reads the shared secret and POSTs to ops-agent to trigger the backup flow.
# ops-agent must be running and backup_ops_db.yml must be installed in /etc/ops-agent/flows/.
ExecStart=/usr/bin/bash -c '\
SECRET=$(cat /etc/ops-agent/secret); \
curl -sf -X POST http://127.0.0.1:3099/agent/v1/flow \
-H "Authorization: Bearer $SECRET" \
-H "Content-Type: application/json" \
-d "{\"flow_key\":\"backup_ops_db\"}" \
'
StandardOutput=journal
StandardError=journal
SyslogIdentifier=ops-db-backup

10
deploy/ops-agent/ops-db-backup.timer Normal file
View file

@ -0,0 +1,10 @@
[Unit]
Description=Daily backup of ops_dashboard database (timer)
[Timer]
# Run every day at 02:00 local time.
OnCalendar=*-*-* 02:00:00
Persistent=true
[Install]
WantedBy=timers.target

33
ops-agent/commands.yml.example
View file

@ -203,3 +203,36 @@ commands:
- -c - -c
- "code=$(curl -s -o /dev/null -w '%{http_code}' --max-time 15 https://thuis.jp-visser.nl/api/products); echo \"HTTP $code\"; [ \"$code\" = \"200\" ] || [ \"$code\" = \"401\" ]" - "code=$(curl -s -o /dev/null -w '%{http_code}' --max-time 15 https://thuis.jp-visser.nl/api/products); echo \"HTTP $code\"; [ \"$code\" = \"200\" ] || [ \"$code\" = \"401\" ]"
description: "Smoke test: /api/products must return 200 or 401" description: "Smoke test: /api/products must return 200 or 401"
# ── Ops-dashboard database backup ────────────────────────────────────────
pg_dump_ops_db:
cmd:
- sh
- -c
- |
mkdir -p /srv/ops/backups
FNAME="/srv/ops/backups/ops_db_$(date +%Y%m%d_%H%M).dump"
docker exec postgres pg_dump -Fc ops_dashboard > "$FNAME"
echo "Backup written: $FNAME"
ls -lh "$FNAME"
description: "Dump ops_dashboard DB via docker exec postgres to /srv/ops/backups/"
list_ops_backups:
cmd:
- sh
- -c
- "find /srv/ops/backups -maxdepth 1 -name '*.dump' -printf '%f\\t%s\\n' 2>/dev/null | sort -r || true"
description: "List ops_dashboard backup files (filename TAB size_bytes, newest-first)"
cleanup_ops_backups:
cmd:
- find
- /srv/ops/backups
- -name
- "*.dump"
- -mtime
- "+30"
- -delete
- -print
description: "Delete ops_dashboard backup files older than 30 days"

22
ops-agent/flows.example/backup_ops_db.yml Normal file
View file

@ -0,0 +1,22 @@
# Backup the ops_dashboard database.
# Copy to /etc/ops-agent/flows/backup_ops_db.yml on the host.
#
# Prerequisites:
# - ops-agent user must be in the docker group (to run docker exec)
# - /srv/ops/backups/ directory or its parent must be writable by ops-agent
#
# Steps:
# 1. Dump ops_dashboard via pg_dump inside the postgres container
# 2. Remove backup files older than 30 days (retention policy)
#
# Run on a schedule via ops-db-backup.timer (see deploy/ops-agent/).
# Or trigger manually via the Ops Dashboard → Settings → Backups.
name: Backup Ops DB
description: Dump ops_dashboard database and apply 30-day retention policy
steps:
- command_key: pg_dump_ops_db
on_failure: abort
- command_key: cleanup_ops_backups
on_failure: continue