Login

Backup scripts

This solution contains a Makefile-based automated backup system designed to secure Docker-based databases and Gitea repositories. It facilitates periodic SQL dumping, git mirroring, retention-based cleanup, and off-site synchronization via rsync.

Configuration

The backup system is configured via environment variables in the Makefile. Key parameters include:

  • BACKUP_BASE: Root directory for all backups (default: /srv/backup).
  • BACKUP_KEEP_DAYS: Number of days to retain database dumps (default: 7).
  • DATABASE_BACKUP_BASE: Destination for SQL dumps.
  • REPOSITORY_BACKUP_BASE: Destination for mirrored git repositories.
  • GITEA_TOKEN: API token required for fetching repository lists from Gitea.
  • RSYNC_*: Configuration for off-site synchronization (host, user, port, path).

Database Backups

Database backups are performed by executing specialized scripts inside Docker containers for different services:

  • Redmine (MariaDB): Uses database/mariadb_backup.sh. It requires MARIADB_USER, MARIADB_PASSWORD, and MARIADB_DATABASE environment variables inside the container.
  • Wiki (PostgreSQL): Uses database/pg_backup.sh. It requires POSTGRES_USER and POSTGRES_DB environment variables.
  • Catalog (MySQL): Uses database/mysql_backup.sh. It requires MYSQL_ROOT_PASSWORD and MYSQL_DATABASE environment variables.

All dumps are timestamped and saved to the /db_backup directory inside the respective containers, which should be mounted to the host's DATABASE_BACKUP_BASE.

Repository Backups

The repos target automates the mirroring of all accessible repositories from a Gitea instance:

  1. Queries the Gitea API to retrieve a list of all private and public repositories.
  2. Iterates through each repository.
  3. If the repository already exists locally, it performs a fetch --all --prune and pull.
  4. If it does not exist, it performs a git clone.

Database Cleanup

The db_cleanup target manages disk space by removing old database dumps:

  • It identifies unique database prefixes from the filenames.
  • For each prefix, it deletes files older than BACKUP_KEEP_DAYS.
  • A safety check ensures that at least one backup remains for every database, even if it is older than the retention period.

Off-site Synchronization

The sync target uses rsync to mirror the local DATABASE_BACKUP_BASE and REPOSITORY_BACKUP_BASE to a remote server. It uses SSH with a custom port and supports specific rsync binary paths on the target host.

Main Workflow

The backup target provides a complete automated pipeline:

  1. Dumps all databases (db_redmine, db_wiki, db_catalog).
  2. Syncs all git repositories (repos).
  3. Cleans up expired database dumps (db_cleanup).
  4. Syncs the entire backup set to the remote destination (sync).

Example Commands

Run the full backup pipeline (requires GITEA_TOKEN):

BASH
export GITEA_TOKEN="your_token_here"
make backup

Backup only the databases:

BASH
make db_redmine db_wiki db_catalog

Update local git repository mirrors:

BASH
export GITEA_TOKEN="your_token_here"
make repos

Clean up old database dumps:

BASH
make db_cleanup

File Structure

Repository Structure

The backup script repository is organized as follows:

TEXT
.
├── Makefile                # Main entry point for all backup tasks
├── DOCS.md                 # System documentation
└── database/               # Database-specific backup scripts
    ├── mariadb_backup.sh   # Script for MariaDB containers
    ├── mysql_backup.sh     # Script for MySQL containers
    └── pg_backup.sh        # Script for PostgreSQL containers

Backup Destination Structure

Assuming BACKUP_BASE=/srv/backup, the system generates the following structure:

TEXT
/srv/backup/
├── database/               # SQL dump files
│   ├── redmine-2026-03-07-12-00.sql
│   ├── wiki-2026-03-07-12-00.sql
│   └── catalog-2026-03-07-12-00.sql
└── repositories/           # Mirrored Git repositories
    ├── project-a/
    │   └── .git/
    ├── project-b/
    │   └── .git/
    └── ...

Repository

https://git.teletype.hu/internal/backup-scripts