Ops-dashboard

janpeter/Ops-dashboard

Fork 0

Commit graph

Author	SHA1	Message	Date
Madhura68	ab87c0fada	feat(server-backup): restic dual-repo backup (NAS + B2) with dashboard UI Adds a server-wide backup capability beyond the existing ops_dashboard pg_dump flow: - Daily systemd timer (03:30) runs pg_dumpall + Forgejo dump, then restic to a local NAS repo and an offsite Backblaze B2 repo with Object Lock. Phase-based script with single-instance flock, structured statusfile, systemd hardening, and live-datadir excludes (Postgres / Forgejo) so the dumps stay authoritative. - Ops-agent gets nine new read-only/trigger commands (snapshots, stats, status, logs, plus two triggers) backed by sudoers-whitelisted wrapper scripts that source /etc/restic-backup.env so the agent never sees the restic password or B2 keys. - Two new flows (server_backup_full, server_backup_restore_test) drive the dashboard's "Backup now" and "Restore test" buttons. - /settings/backups gains a Server backup section with overall + per-phase status, NAS / B2 snapshot tables, restore-size / raw-data / dedup-ratio stats, and the last restore-test result. The existing pg_dump section is preserved unchanged. - Runbook docs/runbooks/server-backup.md follows the tailscale-setup pattern (plan + addendum) and covers B2 Object Lock + scoped keys, Forgejo subplan with isolated restore-test stack, the off-server maintenance flow for B2 prune, and the integrity-check schedule. Code-only change — installation on scrum4me-srv follows the runbook. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-15 13:03:00 +02:00
Janpeter Visser	2b746af1a3	docs(runbook): tailscale-setup plan + uitvoering-addendum Legt het plan voor de zelf-gehoste Scrum4Me-omgeving (Postgres + app via Tailscale bereikbaar) versioned vast in de repo, i.p.v. los in ~/Downloads. Bevat: - Origineel plan (Deel A/B/C/D) zoals opgesteld — host-Postgres + host-nginx/Caddy aannames - Addendum met de feitelijke uitvoering 2026-05-14: de server bleek een Docker-stack, dus per stap de Docker-variant (port-mapping i.p.v. listen_addresses, docker.service boot-order i.p.v. postgresql.service, Caddy al op 0.0.0.0:80, etc.) - Twee bugs onderweg: stale single-file bind-mount en de http://<IP> rode haring - Verificatie-status en lijst gewijzigde bestanden op scrum4me-srv Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-14 12:47:49 +02:00
Scrum4Me Agent	caeb5f3306	feat(ops): self-update script, systemd units, README install guide, recovery runbook - deploy/ops-dashboard-updater/update.sh: git pull → docker build → force-recreate → smoke-test - deploy/ops-dashboard-updater/install.sh: installs script + systemd units to host - ops-dashboard-updater.service / .timer: oneshot + daily 03:00 scheduled trigger - README.md: Installation and Configuration sections (env files, ops-agent, updater) - docs/runbooks/recovery.md: agent-crash, DB corruption/restore, container failure, cert expiry Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-13 20:10:21 +02:00

Author

SHA1

Message

Date

Madhura68

ab87c0fada

feat(server-backup): restic dual-repo backup (NAS + B2) with dashboard UI

Adds a server-wide backup capability beyond the existing ops_dashboard
pg_dump flow:

- Daily systemd timer (03:30) runs pg_dumpall + Forgejo dump, then restic
  to a local NAS repo and an offsite Backblaze B2 repo with Object Lock.
  Phase-based script with single-instance flock, structured statusfile,
  systemd hardening, and live-datadir excludes (Postgres / Forgejo) so
  the dumps stay authoritative.
- Ops-agent gets nine new read-only/trigger commands (snapshots, stats,
  status, logs, plus two triggers) backed by sudoers-whitelisted wrapper
  scripts that source /etc/restic-backup.env so the agent never sees the
  restic password or B2 keys.
- Two new flows (server_backup_full, server_backup_restore_test) drive
  the dashboard's "Backup now" and "Restore test" buttons.
- /settings/backups gains a Server backup section with overall + per-phase
  status, NAS / B2 snapshot tables, restore-size / raw-data / dedup-ratio
  stats, and the last restore-test result. The existing pg_dump section
  is preserved unchanged.
- Runbook docs/runbooks/server-backup.md follows the tailscale-setup
  pattern (plan + addendum) and covers B2 Object Lock + scoped keys,
  Forgejo subplan with isolated restore-test stack, the off-server
  maintenance flow for B2 prune, and the integrity-check schedule.

Code-only change — installation on scrum4me-srv follows the runbook.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-15 13:03:00 +02:00

Janpeter Visser

2b746af1a3

docs(runbook): tailscale-setup plan + uitvoering-addendum

Legt het plan voor de zelf-gehoste Scrum4Me-omgeving (Postgres + app
via Tailscale bereikbaar) versioned vast in de repo, i.p.v. los in
~/Downloads. Bevat:

- Origineel plan (Deel A/B/C/D) zoals opgesteld — host-Postgres +
  host-nginx/Caddy aannames
- Addendum met de feitelijke uitvoering 2026-05-14: de server bleek
  een Docker-stack, dus per stap de Docker-variant (port-mapping i.p.v.
  listen_addresses, docker.service boot-order i.p.v. postgresql.service,
  Caddy al op 0.0.0.0:80, etc.)
- Twee bugs onderweg: stale single-file bind-mount en de http://<IP>
  rode haring
- Verificatie-status en lijst gewijzigde bestanden op scrum4me-srv

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-14 12:47:49 +02:00

Scrum4Me Agent

caeb5f3306

feat(ops): self-update script, systemd units, README install guide, recovery runbook

- deploy/ops-dashboard-updater/update.sh: git pull → docker build → force-recreate → smoke-test
- deploy/ops-dashboard-updater/install.sh: installs script + systemd units to host
- ops-dashboard-updater.service / .timer: oneshot + daily 03:00 scheduled trigger
- README.md: Installation and Configuration sections (env files, ops-agent, updater)
- docs/runbooks/recovery.md: agent-crash, DB corruption/restore, container failure, cert expiry

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-05-13 20:10:21 +02:00

3 commits