Add automatic back-ups. (#21)

## 🔍 Motivation & Context I lost 5 months of work. Let us not have this happen again. ## 🔖 Related Issue Solves #11. ## ✨ Changes - Added `crontab` job to Gitea instance. Reviewed-on: https://code.maximhutz.com/Web/Gitea/pulls/21 Co-authored-by: Max <git@maximhutz.me> Co-committed-by: Max <git@maximhutz.me>
2025-01-09 17:50:08 +00:00
parent c08f7885af
commit eed1cf2456
17 changed files with 224 additions and 50 deletions
--- a/Taskfile.yml
+++ b/Taskfile.yml
@@ -30,6 +30,6 @@ tasks:
  runner/enter: ./ssm/runner.sh
  runner/deploy: ansible-playbook playbooks/runner/deployment.yml
  
-  repository/copy: ansible-playbook playbooks/repository.yml
+  repo/fetch: ansible-playbook playbooks/repository/fetch.yml

-  dev: docker compose -f compose.dev.yml up
+  dev: docker compose -f compose.dev.yml up --build --force-recreate --no-deps
--- a/compose.dev.yml
+++ b/compose.dev.yml
@@ -10,25 +10,24 @@ services:
  #   ports:
  #     - 80:80

-  # gitea:
-  #   container_name: codebase-dev-gitea
-  #   build: gitea
-  #   volumes:
-  #     - ./gitea/boot:/var/lib/gitea
-  #     - /etc/timezone:/etc/timezone:ro
-  #     - /etc/localtime:/etc/localtime:ro
-  #   ports:
-  #     - 80:80
-  #     - 443:443
-  #     - 2222:2222
-  #   environment:
-  #     GITEA_APP_INI: /etc/gitea/dev.app.ini
-  
-  runner:
-    container_name: codebase-dev-runner
-    image: gitea/act_runner
-    environment:
-      GITEA_INSTANCE_URL: "https://code.maximhutz.com/"
-      GITEA_RUNNER_REGISTRATION_TOKEN: "bgM1Ux9do7EWj6JwniXjdfs8fmjuzWgMeeNF5vhd"
+  gitea:
+    container_name: codebase-dev-gitea
+    build:
+      context: gitea
+      dockerfile: Dockerfile.dev
    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+      - 80:80
+      - 443:443
+      - 2222:2222
+  
+  # runner:
+  #   container_name: codebase-dev-runner
+  #   image: gitea/act_runner
+  #   environment:
+  #     GITEA_INSTANCE_URL: "https://code.maximhutz.com/"
+  #     GITEA_RUNNER_REGISTRATION_TOKEN: "bgM1Ux9do7EWj6JwniXjdfs8fmjuzWgMeeNF5vhd"
+  #   volumes:
+  #     - /var/run/docker.sock:/var/run/docker.sock
--- a/gitea/Dockerfile
+++ b/gitea/Dockerfile
@@ -1,5 +1,15 @@
-FROM gitea/gitea:latest-rootless
+FROM gitea/gitea:latest

-ADD --chown=git:git config /etc/gitea
-ADD --chown=git:git custom /etc/gitea-custom
-ENV GITEA_CUSTOM /etc/gitea-custom
+RUN apk add aws-cli xz
+
+ADD --chown=git:git custom /data/gitea
+ADD --chown=git:git entrypoint.sh /home/entrypoint.sh
+
+ADD --chown=git:git scripts /home/scripts
+RUN chmod +x /home/scripts/*
+
+ADD --chown=git:git crontab.txt /home/crontab.txt
+RUN /usr/bin/crontab /home/crontab.txt
+
+ENTRYPOINT [ "/home/entrypoint.sh" ]
+CMD [ "/usr/bin/s6-svscan", "/etc/s6" ]
--- a/gitea/Dockerfile.dev
+++ b/gitea/Dockerfile.dev
@@ -0,0 +1,18 @@
+FROM gitea/gitea:latest
+
+RUN apk add aws-cli xz
+
+ADD --chown=git:git custom /data/gitea
+ADD --chown=git:git entrypoint.sh /home/entrypoint.sh
+
+ADD --chown=git:git scripts /home/scripts
+RUN chmod +x /home/scripts/*
+
+ADD --chown=git:git crontab.txt /home/crontab.txt
+RUN /usr/bin/crontab /home/crontab.txt
+
+RUN rm /data/gitea/conf/app.ini
+RUN mv /data/gitea/conf/dev.app.ini /data/gitea/conf/app.ini
+
+ENTRYPOINT [ "/home/entrypoint.sh" ]
+CMD [ "/usr/bin/s6-svscan", "/etc/s6" ]
--- a/gitea/crontab.txt
+++ b/gitea/crontab.txt
@@ -0,0 +1 @@
+0 0 * * * /home/scripts/push.sh >> /home/cron.log
--- a/gitea/custom/conf/app.ini
+++ b/gitea/custom/conf/app.ini
--- a/gitea/custom/conf/dev.app.ini
+++ b/gitea/custom/conf/dev.app.ini
--- a/gitea/entrypoint.sh
+++ b/gitea/entrypoint.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+# Get S3 data.
+echo "Pulling data..."
+./home/scripts/pull.sh
+echo "Data pulled!"
+
+# Run crontab.
+/usr/sbin/crond -f -l 8 &
+
+# shellcheck disable=SC2068
+exec /usr/bin/entrypoint $@
--- a/gitea/scripts/pull.sh
+++ b/gitea/scripts/pull.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+set -e
+
+# Pull achived data.
+aws s3 cp "$BOOT_URI" /home/archive.tar.xz
+
+# Extracted Gitea data.
+mkdir -p /var/lib/gitea
+tar -xvf /home/archive.tar.xz -C /var/lib/gitea
--- a/gitea/scripts/push.sh
+++ b/gitea/scripts/push.sh
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+set -e
+
+GITEA_PROCESS="$(pgrep gitea)"
+
+# Stop Gitea.
+echo "Stopped Gitea..."
+kill -STOP "$GITEA_PROCESS"
+
+# Archive Gitea data.
+echo "Archiving..."
+cd /var/lib/gitea
+tar cfJ ../archive.tar.xz .
+cd ..
+
+# Upload to S3.
+echo "Uploading..."
+aws s3 cp archive.tar.xz "$BOOT_URI"
+
+# Restart Gitea.
+kill -CONT "$GITEA_PROCESS"
+echo "Restarted Gitea!"
--- a/playbooks/gitea/deployment.yml
+++ b/playbooks/gitea/deployment.yml
@@ -20,7 +20,7 @@
        mode: get
        bucket: "{{ image_bucket }}"
        object: "{{ image_key }}"
-        dest: ~/image.tar.xz
+        dest: /root/image.tar.xz

        region: "{{ aws_region }}"
        access_key: "{{ aws_access_key }}"
@@ -28,7 +28,7 @@

    - name: Load image.
      community.docker.docker_image_load:
-        path: ~/image.tar.xz
+        path: /root/image.tar.xz
      register: image

    - name: Fetch repository.
@@ -36,7 +36,7 @@
        mode: get
        bucket: "{{ boot_bucket }}"
        object: "{{ boot_key }}"
-        dest: ~/boot.tar.xz
+        dest: /root/boot.tar.xz

        region: "{{ aws_region }}"
        access_key: "{{ aws_access_key }}"
@@ -44,9 +44,9 @@

    - name: Unarchive image.
      ansible.builtin.unarchive:
-        src: ~/boot.tar.xz
+        src: /root/boot.tar.xz
        remote_src: true
-        dest: "~"
+        dest: /root
        group: 1000
        owner: 1000

@@ -56,13 +56,17 @@
        image: "{{ image.image_names[0] }}"
        state: started
        recreate: true
-        restart_policy: always
+        restart_policy: unless-stopped
        ports: [80:80, 2222:2222]
        env:
          GITEA__security__INTERNAL_TOKEN: "{{ internal_secret }}"
          GITEA__server__LFS_JWT_SECRET: "{{ lfs_secret }}"
          GITEA__oauth2__JWT_SECRET: "{{ jwt_secret }}"
+          AWS_REGION: "{{ gitea_boot.value.region }}"
+          AWS_ACCESS_KEY_ID: "{{ gitea_boot.value.id }}"
+          AWS_SECRET_ACCESS_KEY: "{{ gitea_boot.value.secret }}"
+          BOOT_URI: "s3://{{ boot_bucket }}/{{ boot_key }}"
        volumes:
-          - ~/boot:/var/lib/gitea
+          - /root/boot:/var/lib/gitea
          - /etc/timezone:/etc/timezone:ro
          - /etc/localtime:/etc/localtime:ro
--- a/playbooks/repository/fetch.yml
+++ b/playbooks/repository/fetch.yml
@@ -1,9 +1,7 @@
---
-
 - name: Pull Gitea data.
  hosts: localhost
  vars_files:
-    ../secrets/gitea.json
+    ../../secrets/gitea.json
  tasks:
    - name: Temp file.
      ansible.builtin.tempfile:
@@ -12,8 +10,8 @@

    - name: Fetch from S3.
      amazon.aws.s3_object:
-        bucket: "acer-saccharum"
-        object: "codebase/gitea/boot"
+        bucket: "{{ boot_bucket }}"
+        object: "{{ boot_key }}"
        dest: "{{ file.path }}"
        mode: get

@@ -24,4 +22,4 @@
    - name: Unarchive image.
      ansible.builtin.unarchive:
        src: "{{ file.path }}"
-        dest: ../gitea
+        dest: ../../gitea
--- a/requirements.txt
+++ b/requirements.txt
@@ -0,0 +1,41 @@
+ansible==11.1.0
+ansible-compat==24.10.0
+ansible-core==2.18.1
+ansible-lint==24.12.2
+attrs==24.3.0
+black==24.10.0
+boto3==1.35.95
+botocore==1.35.95
+bracex==2.5.post1
+certifi==2024.12.14
+cffi==1.17.1
+charset-normalizer==3.4.1
+click==8.1.8
+cryptography==44.0.0
+filelock==3.16.1
+idna==3.10
+importlib_metadata==8.5.0
+Jinja2==3.1.5
+jmespath==1.0.1
+jsonschema==4.23.0
+jsonschema-specifications==2024.10.1
+MarkupSafe==3.0.2
+mypy-extensions==1.0.0
+packaging==24.2
+pathspec==0.12.1
+platformdirs==4.3.6
+pycparser==2.22
+python-dateutil==2.9.0.post0
+PyYAML==6.0.2
+referencing==0.35.1
+requests==2.32.3
+resolvelib==1.0.1
+rpds-py==0.22.3
+ruamel.yaml==0.18.10
+s3transfer==0.10.4
+six==1.17.0
+subprocess-tee==0.4.2
+urllib3==2.3.0
+wcmatch==10.0
+yamllint==1.35.1
+zipp==3.21.0
--- a/terraform/iam.tf
+++ b/terraform/iam.tf
@@ -0,0 +1,31 @@
+data "aws_s3_bucket" "storage_bucket" {
+  bucket = var.gitea_boot.bucket
+}
+
+data "aws_iam_policy_document" "gitea_bool_policy" {
+  statement {
+    effect    = "Allow"
+    actions   = ["s3:*", "s3-object-lambda:*"]
+    resources = ["${data.aws_s3_bucket.storage_bucket.arn}/${var.gitea_boot.key}"]
+  }
+}
+
+resource "aws_iam_policy" "gitea_boot_policy" {
+  name        = "${var.gitea_boot.role}Policy"
+  description = "The policy that manages the Gitea Boot."
+
+  policy = data.aws_iam_policy_document.gitea_bool_policy.json
+}
+
+resource "aws_iam_user" "gitea_boot_user" {
+  name = "${var.gitea_boot.role}User"
+}
+
+resource "aws_iam_user_policy_attachment" "attachment" {
+  user       = aws_iam_user.gitea_boot_user.name
+  policy_arn = aws_iam_policy.gitea_boot_policy.arn
+}
+
+resource "aws_iam_access_key" "gitea_boot_key" {
+  user = aws_iam_user.gitea_boot_user.name
+}
--- a/terraform/install.sh
+++ b/terraform/install.sh
@@ -2,10 +2,18 @@

 amazon-linux-extras install docker ansible2 python3.8 -y

+# Make Docker work.
 systemctl enable docker
 systemctl start docker
-
 usermod -a -G docker ssm-user
+
+# Set up the correct version of Python (for Ansible).
 ln -sf /usr/bin/python3.8 /usr/bin/python3
 ln -sf /usr/bin/pip3.8 /usr/bin/pip3
-pip3 install botocore boto3 requests
+pip3 install botocore boto3 requests
+
+# Add some swap space.
+sudo dd if=/dev/zero of=/swapfile bs=128M count=8
+sudo chmod 600 /swapfile
+sudo mkswap /swapfile
+sudo swapon /swapfile
--- a/terraform/outputs.tf
+++ b/terraform/outputs.tf
@@ -1,19 +1,29 @@
-# The instance ID (`i-*****************`) of the reverse proxy.
 output "public_instance_id" {
-  value = aws_instance.public.id
+  value       = aws_instance.public.id
+  description = "The instance ID (`i-*****************`) of the reverse proxy."
 }

-# The instance ID of the Gitea instance.
 output "private_instance_id" {
-  value = aws_instance.private.id
+  value       = aws_instance.private.id
+  description = "The instance ID of the Gitea instance."
 }

-# The instance ID of the Gitea runner.
 output "runner_instance_id" {
-  value = aws_instance.runner.id
+  value       = aws_instance.runner.id
+  description = "The instance ID of the Gitea runner."
 }

-# The private IP (not accessible from internet) of the Gitea instnace.
 output "private_instance_ip" {
-  value = aws_instance.private.private_ip
+  value       = aws_instance.private.private_ip
+  description = "The private IP (not accessible from internet) of the Gitea instnace."
+}
+
+output "gitea_boot" {
+  value = {
+    id     = aws_iam_access_key.gitea_boot_key.id
+    secret = aws_iam_access_key.gitea_boot_key.secret
+    region = var.region
+  }
+  description = "The credentials to manipulate the codebase repository boot."
+  sensitive   = true
 }
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -11,4 +11,13 @@ variable "roles" {
    secret = string
  }))
  description = "The different roles that are used by Terraform."
+}
+
+variable "gitea_boot" {
+  type = object({
+    bucket = string
+    key    = string
+    role   = string
+  })
+  description = "The storage for the Gitea instance."
 }
				`@@ -0,0 +1 @@`
				`0 0 * * * /home/scripts/push.sh >> /home/cron.log`