feat(infra): Phase 0 provisioning + dev status dashboard
- scripts/phase0-provision.sh: idempotent root setup (nginx, PostgreSQL, Redis, certbot/TLS, UFW). Opens 22/2222/80/443 before enabling UFW so SSH and Gitea git-SSH can't be locked out. Redis/Postgres stay localhost-only. - infra/nginx/feedthepyre.com.conf: vhost serving the status page; commented web(:3000)/api(:4000) reverse-proxy blocks ready for app deploy. - infra/status/: data-driven dev status dashboard (status.json + gen-status.mjs + prebuilt index.html), served at feedthepyre.com. - ecosystem.config.cjs (PM2), infra/systemd/pm2-pyre.service, infra/logrotate/pyre, scripts/backup.sh — process mgmt + ops (inert until apps are built). Built by 4 parallel agents, reviewed by 2 audit agents; audit fixes applied (logs dir creation, port-citation accuracy, status truthfulness). pm2 installed user-level. Privileged steps gated on `sudo bash scripts/phase0-provision.sh`. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
48
scripts/backup.sh
Normal file
48
scripts/backup.sh
Normal file
@@ -0,0 +1,48 @@
|
||||
#!/usr/bin/env bash
|
||||
#
|
||||
# PYRE / Prometheus Protocol — PostgreSQL backup script.
|
||||
#
|
||||
# INERT until the `pyre` database exists and has data. Until then a run will
|
||||
# simply fail at pg_dump (no DB), which is harmless — nothing is deleted unless
|
||||
# pg_dump succeeds.
|
||||
#
|
||||
# What it does:
|
||||
# - dumps the `pyre` database (gzip) to /home/pyre/backups/
|
||||
# - prunes backups older than 14 days
|
||||
# Idempotent and safe to run from cron.
|
||||
#
|
||||
# DATABASE_URL is read from the environment if set, otherwise defaults to the
|
||||
# local pyre DB. Do NOT hardcode real passwords here — for non-trivial passwords
|
||||
# prefer a ~/.pgpass file (chmod 600) so the URL can omit the password.
|
||||
#
|
||||
# Example crontab (run as the `pyre` user, daily at 03:30):
|
||||
# 30 3 * * * /home/pyre/pyre/scripts/backup.sh >> /home/pyre/pyre/logs/backup.log 2>&1
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
DATABASE_URL="${DATABASE_URL:-postgresql://pyre:pyre@localhost:5432/pyre}"
|
||||
BACKUP_DIR="${BACKUP_DIR:-/home/pyre/backups}"
|
||||
RETENTION_DAYS="${RETENTION_DAYS:-14}"
|
||||
|
||||
TIMESTAMP="$(date +%Y%m%d-%H%M%S)"
|
||||
OUTFILE="${BACKUP_DIR}/pyre-${TIMESTAMP}.sql.gz"
|
||||
|
||||
mkdir -p "${BACKUP_DIR}"
|
||||
|
||||
echo "[backup] $(date -Is) dumping database -> ${OUTFILE}"
|
||||
|
||||
# --no-owner / --no-acl keeps the dump portable across roles when restoring.
|
||||
# Write to a temp file first, then atomically rename, so cron never prunes or
|
||||
# leaves behind a half-written archive.
|
||||
TMPFILE="${OUTFILE}.partial"
|
||||
pg_dump --no-owner --no-acl --dbname="${DATABASE_URL}" | gzip -c > "${TMPFILE}"
|
||||
mv "${TMPFILE}" "${OUTFILE}"
|
||||
|
||||
echo "[backup] $(date -Is) wrote $(du -h "${OUTFILE}" | cut -f1) backup"
|
||||
|
||||
# Prune backups older than RETENTION_DAYS (only PYRE dumps).
|
||||
echo "[backup] $(date -Is) pruning backups older than ${RETENTION_DAYS} days"
|
||||
find "${BACKUP_DIR}" -maxdepth 1 -type f -name 'pyre-*.sql.gz' \
|
||||
-mtime "+${RETENTION_DAYS}" -print -delete || true
|
||||
|
||||
echo "[backup] $(date -Is) done"
|
||||
Reference in New Issue
Block a user