diff --git a/cloud-config b/cloud-config
index dbd2dc6154621d45f7e53522689c41f2e117a2a5..461b6f9bc85786d1f04a180a2954c9ed47d49c8b 100644
--- a/cloud-config
+++ b/cloud-config
@@ -13,21 +13,12 @@ coreos:
- name: etcd.service
command: start
write_files:
- - path: /data/BACKUP_DESTINATION
- permissions: 0644
+ - path: /etc/environment
+ permissions: 0600
owner: root
content: |
- core@backup.dev
-write_files:
- - path: /etc/hosts
- permissions: 0644
- owner: root
- content: |
- 127.0.0.1 localhost
- 255.255.255.255 broadcasthost
- ::1 localhost
- 10.0.0.xx mybackupserver
- 10.0.0.yy myotherserver
+ ENCRYPT_KEY=""
+ BACKUP_DESTINATION="core@backup.dev"
ssh_authorized_keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key
users:
diff --git a/dockerfiles/backup/duplicity/Dockerfile b/dockerfiles/backup/duplicity/Dockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..d55dae4e6f41ef01d21ca29677f1d2215f588795
--- /dev/null
+++ b/dockerfiles/backup/duplicity/Dockerfile
@@ -0,0 +1,20 @@
+FROM debian:jessie
+
+ENV DEBIAN_FRONTEND noninteractive
+
+RUN \
+ export VERSION=0.7.01 && \
+ apt-get update && \
+ apt-get install -y wget python python-dev python-pip librsync-dev ncftp lftp rsync && \
+ rm -rf /var/lib/apt/lists/* && \
+ pip install --upgrade lockfile paramiko pycrypto && \
+ cd /tmp/ && \
+ wget https://launchpad.net/duplicity/0.7-series/$VERSION/+download/duplicity-$VERSION.tar.gz && \
+ cd /opt/ && \
+ tar xzvf /tmp/duplicity-$VERSION.tar.gz && \
+ rm /tmp/duplicity-$VERSION.tar.gz && \
+ cd duplicity-$VERSION && \
+ ./setup.py install
+
+ENTRYPOINT [ "/usr/local/bin/duplicity" ]
+
diff --git a/scripts/setup.sh b/scripts/setup.sh
index 2394f97d067230694ede30ab7dfe031ce6a590bf..3b43cab352e4435422c7069b01b16a540d0f3508 100755
--- a/scripts/setup.sh
+++ b/scripts/setup.sh
@@ -27,7 +27,6 @@ sudo cp /data/indiehosters/unit-files/* /etc/systemd/system && systemctl daemon-
# Create Directory structure
mkdir -p /data/domains
-mkdir -p /data/import
mkdir -p /data/runtime/haproxy/approved-certs
mkdir -p /data/runtime/postfix
diff --git a/unit-files/backup@.service b/unit-files/backup@.service
index 446e88ddb905ab1cace02763de20810f78731e17..7e0862eb81d6d78bf52e12ac456ddbc1785da7a0 100644
--- a/unit-files/backup@.service
+++ b/unit-files/backup@.service
@@ -1,8 +1,10 @@
[Unit]
-Description=Back up domain data to a git repo and push it out
+Description=Back up data from %i
[Service]
Type=oneshot
+EnvironmentFile=/etc/environment
+ExecStartPre=/usr/bin/docker run --rm -v /opt/bin:/opt/bin ibuildthecloud/systemd-docker
ExecStartPre=-/usr/bin/docker kill mysqldump-%i
ExecStartPre=-/usr/bin/docker rm mysqldump-%i
ExecStartPre=/bin/bash -euxc ' \
@@ -24,10 +26,13 @@ ExecStartPre=/bin/bash -euxc ' \
fi'
ExecStart=/bin/bash -euxc ' \
+ /opt/bin/systemd-docker --env run \
+ --rm \
+ --name duplicity \
+ -h backup.container \
+ -v /root:/root \
+ -v /data/domains/%i:/backup pierreozoux/duplicity \
+ --encrypt-key ${ENCRYPT_KEY} \
+ /backup \
+ sftp://${BACKUP_DESTINATION}/%i'
- echo "Committing everything"; \
- cd /data/domains/%i/; \
- git add *; \
- git status; \
- git commit --allow-empty -am"backup %i @ `hostname` - `date`"; \
- git push origin master'
diff --git a/unit-files/init@.service b/unit-files/init@.service
deleted file mode 100644
index c21b5248ec749acd7a2454ac255ebb90e23fa632..0000000000000000000000000000000000000000
--- a/unit-files/init@.service
+++ /dev/null
@@ -1,40 +0,0 @@
-[Unit]
-Description=Initializer
-After=network-online.target
-
-[Service]
-Type=oneshot
-ExecStartPre=/bin/bash -euxc ' \
- BACKUP_DESTINATION=`cat /data/BACKUP_DESTINATION`; \
- echo "Intitializing backups with $BACKUP_DESTINATION"; \
- if [ ! -d /data/domains/%i/.git ]; then \
- if [ `ssh $BACKUP_DESTINATION "test -d %i"; echo $?` -eq 0 ]; then \
- git clone $BACKUP_DESTINATION:%i /data/domains/%i; \
- cd /data/domains/%i; \
- else \
- ssh $BACKUP_DESTINATION " \
- if [ ! -d %i ]; then \
- mkdir -p %i; \
- cd %i; \
- git init --bare; \
- fi"; \
- if [ ! -d /data/domains/%i ]; then \
- mkdir /data/domains/%i; \
- fi; \
- cd /data/domains/%i; \
- git init; \
- git remote add origin $BACKUP_DESTINATION:%i; \
- fi; \
- git config --local user.email "backups@`hostname`"; \
- git config --local user.name "`hostname` hourly backups"; \
- fi'
-
-ExecStart=/bin/bash -euxc ' \
- if [ -d /data/import/%i ]; then \
- cp -av /data/import/%i/* /data/domains/%i; \
- cp /data/import/%i/.env /data/domains/%i/; \
- cd /data/domains/%i/; \
- git add .env; \
- rm -rf /data/import/%i; \
- fi; \
- cp /data/domains/%i/TLS/%i.pem /data/runtime/haproxy/approved-certs/%i.pem;'
diff --git a/unit-files/lamp@.service b/unit-files/lamp@.service
index 53b7d8fb70722c33f62ecbc677e62649a88bb4f8..e7e5954a4c63de171a456d5e4068b45032ba77a3 100644
--- a/unit-files/lamp@.service
+++ b/unit-files/lamp@.service
@@ -3,20 +3,19 @@ Description=%p-%i
# Requirements
Requires=docker.service
-Requires=init@%i.service
Requires=mysql@%i.service
Requires=discovery@%i.service
Requires=backup@%i.timer
# Dependency ordering
After=docker.service
-After=init@%i.service
After=mysql@%i.service
Before=discovery@%i.service
Before=backup@%i.timer
[Service]
Restart=always
+ExecStartPre=cp /data/domains/%i/TLS/%i.pem /data/runtime/haproxy/approved-certs/%i.pem
Type=notify
NotifyAccess=all
EnvironmentFile=/data/domains/%i/.env
diff --git a/unit-files/mysql@.service b/unit-files/mysql@.service
index 25ab989fdba043d8ab2a2e5ca1095b7b1d6ef5e6..0f3b3a1f9548f1472c6002ff0be8505c516fa305 100644
--- a/unit-files/mysql@.service
+++ b/unit-files/mysql@.service
@@ -27,8 +27,6 @@ ExecStartPre=/bin/bash -euxc ' \
mkdir -p $mysql_folder; \
pass=`echo $RANDOM ${date} | md5sum | base64 | cut -c-10`; \
echo MYSQL_PASS=$pass > $mysql_folder/.env; \
- else \
- cp $mysql_folder/dump.sql /data/runtime/domains/%i/mysql/db_files/; \
fi; \
fi'
@@ -36,7 +34,6 @@ ExecStart=/opt/bin/systemd-docker run \
--rm \
--name %p-%i \
-v /data/runtime/domains/%i/%p/db_files:/var/lib/mysql \
- -e STARTUP_SQL=/var/lib/mysql/dump.sql \
--env-file /data/domains/%i/%p/.env \
pierreozoux/mysql
ExecReload=/usr/bin/docker restart %p-%i
diff --git a/unit-files/static@.service b/unit-files/static@.service
index 9cb1cc5f0f9c0ef3dab0c8f0127262962b0b1982..7c6d3fee9724a76c1dc1bca745bb16467838fb4b 100644
--- a/unit-files/static@.service
+++ b/unit-files/static@.service
@@ -3,18 +3,17 @@ Description=%p-%i
# Requirements
Requires=docker.service
-Requires=init@%i.service
Requires=discovery@%i.service
Requires=backup@%i.timer
# Dependency ordering
After=docker.service
-After=init@%i.service
Before=discovery@%i.service
Before=backup@%i.timer
[Service]
Restart=always
+ExecStartPre=cp /data/domains/%i/TLS/%i.pem /data/runtime/haproxy/approved-certs/%i.pem
ExecStartPre=-/usr/bin/docker kill %i
ExecStartPre=-/usr/bin/docker rm %i
ExecStartPre=/bin/bash -euxc ' \