git.stevedylan.dev

apps/backup/restore.sh 7.8 K raw

#!/bin/sh
set -eu

# Restore SQLite backups from Cloudflare R2 into Docker volumes.
#
# Usage:
#   restore.sh <app|all> [--timestamp <ts>] [--list] [--yes]
#
#   <app>            One of the registered apps, or "all".
#   --timestamp <ts> Restore a specific backup (e.g. 2026-04-04T060000Z).
#                    Default: latest. The .sqlite.gz suffix is optional.
#   --list           List available backups for the app(s) and exit.
#   --yes            Skip the interactive confirmation prompt.
#
# Env (same as backup.sh): R2_ENDPOINT, R2_BUCKET, AWS_ACCESS_KEY_ID,
# AWS_SECRET_ACCESS_KEY. Read from ./.env (or $ENV_FILE) if set; real env wins.
#
# Volume names are read ONLY from the root docker-compose.yml (the `name:`
# field of each external volume), not from .env. Override the compose file
# location with $COMPOSE_FILE. Missing volumes are created automatically.
#
# Run this on the HOST. It shells out to `docker run` to write into volumes;
# the backup container itself mounts those volumes read-only.

# Load .env from the script's directory (or $ENV_FILE) if present. Existing
# environment variables take precedence over the file.
SCRIPT_DIR=$(CDPATH= cd -- "$(dirname -- "$0")" && pwd)
ENV_FILE="${ENV_FILE:-$SCRIPT_DIR/.env}"
if [ -f "$ENV_FILE" ]; then
  while IFS= read -r line || [ -n "$line" ]; do
    case "$line" in
      ''|\#*) continue ;;
    esac
    key="${line%%=*}"
    case "$key" in
      *[!A-Za-z0-9_]*|'') continue ;;
    esac
    # Only set if not already in the environment.
    if [ -z "$(eval "printf '%s' \"\${$key:-}\"")" ]; then
      val="${line#*=}"
      export "$key=$val"
    fi
  done < "$ENV_FILE"
fi

BUCKET="${R2_BUCKET:-andromeda-backups}"

# Root docker-compose.yml is the single source of truth for volume names.
COMPOSE_FILE="${COMPOSE_FILE:-$SCRIPT_DIR/../../docker-compose.yml}"

# app | volume-internal filename | compose volume key | fallback volume name
# The compose key is looked up in COMPOSE_FILE; the fallback is used only if
# the key (or compose file) is missing.
APPS="jotts:jotts.sqlite:jotts_data:jotts_jotts-data
sipp:sipp.sqlite:sipp_data:sipp-rust_sipp-data
cellar:cellar.sqlite:cellar_data:cellar_cellar_data
posts:posts.sqlite:posts_data:posts_posts-data
feeds:feeds.sqlite:feeds_data:feeds_feeds_data
library:library.sqlite:library_data:library_library-data
bookmarks:bookmarks.sqlite:bookmarks_data:bookmarks_bookmarks-data
parcels:parcels.db:parcels_data:parcels_parcels_data
easel:easel.sqlite:easel_data:easel_easel-data"

RESTORE_IMAGE="debian:bookworm-slim"

usage() {
  sed -n '6,19p' "$0" | sed 's/^# \{0,1\}//'
  exit "${1:-0}"
}

die() {
  echo "ERROR: $*" >&2
  exit 1
}

# Look up a field for an app from the APPS registry.
# $1 app name, $2 field index (2=file, 3=compose key, 4=fallback volume)
app_field() {
  echo "$APPS" | while IFS=: read -r name file key def; do
    [ "$name" = "$1" ] || continue
    case "$2" in
      2) echo "$file" ;;
      3) echo "$key" ;;
      4) echo "$def" ;;
    esac
    break
  done
}

app_exists() {
  echo "$APPS" | cut -d: -f1 | grep -qx "$1"
}

# Read the external `name:` for a volume key from the compose file's top-level
# `volumes:` block. Echoes nothing if the file or key is absent.
compose_volume_name() {
  key="$1"
  [ -f "$COMPOSE_FILE" ] || return 0
  awk -v key="$key" '
    /^volumes:/             { invol=1; next }
    invol && /^[^[:space:]]/ { invol=0 }
    invol && $0 ~ "^  "key":[[:space:]]*$" { found=1; next }
    found && /^[[:space:]]*name:[[:space:]]/ {
      sub(/^[[:space:]]*name:[[:space:]]*/, ""); print; exit
    }
    found && /^  [^[:space:]]/ { exit }   # next volume block, no name set
  ' "$COMPOSE_FILE"
}

# Resolve the Docker volume name for an app from the root compose file,
# falling back to the registry default only if compose has no entry.
resolve_volume() {
  app="$1"
  key=$(app_field "$app" 3)
  def=$(app_field "$app" 4)
  name=$(compose_volume_name "$key")
  if [ -n "$name" ]; then
    echo "$name"
  else
    echo "$def"
  fi
}

list_backups() {
  app="$1"
  echo "Backups for $app (s3://$BUCKET/$app/):"
  aws s3 ls "s3://$BUCKET/$app/" --endpoint-url "$R2_ENDPOINT" \
    | awk '{print "  " $1 " " $2 "  " $4}' \
    || echo "  (none or unreachable)"
}

# Echo the object key (filename only) to restore for an app.
resolve_key() {
  app="$1"
  if [ -n "$TIMESTAMP" ]; then
    case "$TIMESTAMP" in
      *.sqlite.gz) echo "$TIMESTAMP" ;;
      *) echo "${TIMESTAMP}.sqlite.gz" ;;
    esac
    return
  fi
  aws s3 ls "s3://$BUCKET/$app/" --endpoint-url "$R2_ENDPOINT" \
    | awk '{print $4}' | grep -v '^$' | sort | tail -1
}

restore_app() {
  app="$1"

  key=$(resolve_key "$app")
  if [ -z "$key" ]; then
    echo "WARN: no backups found for $app, skipping"
    return 1
  fi

  volume=$(resolve_volume "$app")
  internal_file=$(app_field "$app" 2)
  src="s3://$BUCKET/$app/$key"

  if ! docker volume inspect "$volume" >/dev/null 2>&1; then
    echo "$(date -u) Creating docker volume '$volume' for $app ..."
    docker volume create "$volume" >/dev/null \
      || { echo "WARN: failed to create volume '$volume' for $app, skipping"; return 1; }
  fi

  if [ "$ASSUME_YES" != "1" ]; then
    echo
    echo "About to restore:"
    echo "  app:    $app"
    echo "  source: $src"
    echo "  volume: $volume -> /$internal_file"
    printf "Overwrite live data? [y/N] "
    read -r answer
    case "$answer" in
      y|Y|yes|YES) ;;
      *) echo "Skipped $app"; return 0 ;;
    esac
  fi

  workdir=$(mktemp -d)
  trap 'rm -rf "$workdir"' EXIT INT TERM

  echo "$(date -u) Downloading $src ..."
  aws s3 cp "$src" "$workdir/$key" --endpoint-url "$R2_ENDPOINT" \
    || { echo "WARN: download failed for $app"; rm -rf "$workdir"; trap - EXIT INT TERM; return 1; }

  echo "$(date -u) Decompressing ..."
  gunzip "$workdir/$key"
  decompressed="$workdir/${key%.gz}"

  echo "$(date -u) Verifying integrity ..."
  check=$(sqlite3 "$decompressed" 'PRAGMA integrity_check;' 2>&1 || true)
  if [ "$check" != "ok" ]; then
    echo "WARN: integrity check failed for $app: $check"
    rm -rf "$workdir"; trap - EXIT INT TERM
    return 1
  fi

  echo "$(date -u) Writing into volume $volume ..."
  docker run --rm \
    -v "$volume:/data" \
    -v "$workdir:/backup:ro" \
    "$RESTORE_IMAGE" \
    cp "/backup/$(basename "$decompressed")" "/data/$internal_file"

  rm -rf "$workdir"
  trap - EXIT INT TERM

  echo "$(date -u) OK: $app restored from $key"
  echo "WARNING: stop the '$app' service before restoring and restart it after for a clean"
  echo "         restore. This script does not stop or start services."
  return 0
}

# --- arg parsing ---------------------------------------------------------------

[ $# -ge 1 ] || usage 1

TARGET=""
TIMESTAMP=""
DO_LIST=0
ASSUME_YES=0

while [ $# -gt 0 ]; do
  case "$1" in
    -h|--help) usage 0 ;;
    --list) DO_LIST=1 ;;
    --yes|-y) ASSUME_YES=1 ;;
    --timestamp)
      shift
      [ $# -ge 1 ] || die "--timestamp requires a value"
      TIMESTAMP="$1"
      ;;
    --timestamp=*) TIMESTAMP="${1#*=}" ;;
    -*) die "unknown option: $1" ;;
    *)
      [ -z "$TARGET" ] || die "unexpected argument: $1"
      TARGET="$1"
      ;;
  esac
  shift
done

[ -n "$TARGET" ] || usage 1
: "${R2_ENDPOINT:?R2_ENDPOINT is required}"

if [ "$TARGET" = "all" ]; then
  if [ -n "$TIMESTAMP" ] && [ "$DO_LIST" != "1" ]; then
    die "--timestamp cannot be combined with 'all' (timestamps differ per app)"
  fi
  TARGETS=$(echo "$APPS" | cut -d: -f1)
else
  app_exists "$TARGET" || die "unknown app: $TARGET (valid: $(echo "$APPS" | cut -d: -f1 | tr '\n' ' '))"
  TARGETS="$TARGET"
fi

if [ "$DO_LIST" = "1" ]; then
  for app in $TARGETS; do
    list_backups "$app"
  done
  exit 0
fi

failures=0
total=0
for app in $TARGETS; do
  total=$((total + 1))
  restore_app "$app" || failures=$((failures + 1))
done

if [ "$failures" -gt 0 ] && [ "$failures" -eq "$total" ]; then
  die "all restores failed ($failures/$total)"
fi
echo "$(date -u) Restore complete ($((total - failures))/$total succeeded)"

1	#!/bin/sh
2	set -eu
3
4	# Restore SQLite backups from Cloudflare R2 into Docker volumes.
5	#
6	# Usage:
7	# restore.sh <app\|all> [--timestamp <ts>] [--list] [--yes]
8	#
9	# <app> One of the registered apps, or "all".
10	# --timestamp <ts> Restore a specific backup (e.g. 2026-04-04T060000Z).
11	# Default: latest. The .sqlite.gz suffix is optional.
12	# --list List available backups for the app(s) and exit.
13	# --yes Skip the interactive confirmation prompt.
14	#
15	# Env (same as backup.sh): R2_ENDPOINT, R2_BUCKET, AWS_ACCESS_KEY_ID,
16	# AWS_SECRET_ACCESS_KEY. Read from ./.env (or $ENV_FILE) if set; real env wins.
17	#
18	# Volume names are read ONLY from the root docker-compose.yml (the `name:`
19	# field of each external volume), not from .env. Override the compose file
20	# location with $COMPOSE_FILE. Missing volumes are created automatically.
21	#
22	# Run this on the HOST. It shells out to `docker run` to write into volumes;
23	# the backup container itself mounts those volumes read-only.
24
25	# Load .env from the script's directory (or $ENV_FILE) if present. Existing
26	# environment variables take precedence over the file.
27	SCRIPT_DIR=$(CDPATH= cd -- "$(dirname -- "$0")" && pwd)
28	ENV_FILE="${ENV_FILE:-$SCRIPT_DIR/.env}"
29	if [ -f "$ENV_FILE" ]; then
30	while IFS= read -r line \|\| [ -n "$line" ]; do
31	case "$line" in
32	''\|\#*) continue ;;
33	esac
34	key="${line%%=*}"
35	case "$key" in
36	[!A-Za-z0-9_]\|'') continue ;;
37	esac
38	# Only set if not already in the environment.
39	if [ -z "$(eval "printf '%s' \"\${$key:-}\"")" ]; then
40	val="${line#*=}"
41	export "$key=$val"
42	fi
43	done < "$ENV_FILE"
44	fi
45
46	BUCKET="${R2_BUCKET:-andromeda-backups}"
47
48	# Root docker-compose.yml is the single source of truth for volume names.
49	COMPOSE_FILE="${COMPOSE_FILE:-$SCRIPT_DIR/../../docker-compose.yml}"
50
51	# app \| volume-internal filename \| compose volume key \| fallback volume name
52	# The compose key is looked up in COMPOSE_FILE; the fallback is used only if
53	# the key (or compose file) is missing.
54	APPS="jotts:jotts.sqlite:jotts_data:jotts_jotts-data
55	sipp:sipp.sqlite:sipp_data:sipp-rust_sipp-data
56	cellar:cellar.sqlite:cellar_data:cellar_cellar_data
57	posts:posts.sqlite:posts_data:posts_posts-data
58	feeds:feeds.sqlite:feeds_data:feeds_feeds_data
59	library:library.sqlite:library_data:library_library-data
60	bookmarks:bookmarks.sqlite:bookmarks_data:bookmarks_bookmarks-data
61	parcels:parcels.db:parcels_data:parcels_parcels_data
62	easel:easel.sqlite:easel_data:easel_easel-data"
63
64	RESTORE_IMAGE="debian:bookworm-slim"
65
66	usage() {
67	sed -n '6,19p' "$0" \| sed 's/^# \{0,1\}//'
68	exit "${1:-0}"
69	}
70
71	die() {
72	echo "ERROR: $*" >&2
73	exit 1
74	}
75
76	# Look up a field for an app from the APPS registry.
77	# $1 app name, $2 field index (2=file, 3=compose key, 4=fallback volume)
78	app_field() {
79	echo "$APPS" \| while IFS=: read -r name file key def; do
80	[ "$name" = "$1" ] \|\| continue
81	case "$2" in
82	2) echo "$file" ;;
83	3) echo "$key" ;;
84	4) echo "$def" ;;
85	esac
86	break
87	done
88	}
89
90	app_exists() {
91	echo "$APPS" \| cut -d: -f1 \| grep -qx "$1"
92	}
93
94	# Read the external `name:` for a volume key from the compose file's top-level
95	# `volumes:` block. Echoes nothing if the file or key is absent.
96	compose_volume_name() {
97	key="$1"
98	[ -f "$COMPOSE_FILE" ] \|\| return 0
99	awk -v key="$key" '
100	/^volumes:/ { invol=1; next }
101	invol && /^[^[:space:]]/ { invol=0 }
102	invol && $0 ~ "^ "key":[[:space:]]*$" { found=1; next }
103	found && /^[[:space:]]*name:[[:space:]]/ {
104	sub(/^[[:space:]]name:[[:space:]]/, ""); print; exit
105	}
106	found && /^ [^[:space:]]/ { exit } # next volume block, no name set
107	' "$COMPOSE_FILE"
108	}
109
110	# Resolve the Docker volume name for an app from the root compose file,
111	# falling back to the registry default only if compose has no entry.
112	resolve_volume() {
113	app="$1"
114	key=$(app_field "$app" 3)
115	def=$(app_field "$app" 4)
116	name=$(compose_volume_name "$key")
117	if [ -n "$name" ]; then
118	echo "$name"
119	else
120	echo "$def"
121	fi
122	}
123
124	list_backups() {
125	app="$1"
126	echo "Backups for $app (s3://$BUCKET/$app/):"
127	aws s3 ls "s3://$BUCKET/$app/" --endpoint-url "$R2_ENDPOINT" \
128	\| awk '{print " " $1 " " $2 " " $4}' \
129	\|\| echo " (none or unreachable)"
130	}
131
132	# Echo the object key (filename only) to restore for an app.
133	resolve_key() {
134	app="$1"
135	if [ -n "$TIMESTAMP" ]; then
136	case "$TIMESTAMP" in
137	*.sqlite.gz) echo "$TIMESTAMP" ;;
138	*) echo "${TIMESTAMP}.sqlite.gz" ;;
139	esac
140	return
141	fi
142	aws s3 ls "s3://$BUCKET/$app/" --endpoint-url "$R2_ENDPOINT" \
143	\| awk '{print $4}' \| grep -v '^$' \| sort \| tail -1
144	}
145
146	restore_app() {
147	app="$1"
148
149	key=$(resolve_key "$app")
150	if [ -z "$key" ]; then
151	echo "WARN: no backups found for $app, skipping"
152	return 1
153	fi
154
155	volume=$(resolve_volume "$app")
156	internal_file=$(app_field "$app" 2)
157	src="s3://$BUCKET/$app/$key"
158
159	if ! docker volume inspect "$volume" >/dev/null 2>&1; then
160	echo "$(date -u) Creating docker volume '$volume' for $app ..."
161	docker volume create "$volume" >/dev/null \
162	\|\| { echo "WARN: failed to create volume '$volume' for $app, skipping"; return 1; }
163	fi
164
165	if [ "$ASSUME_YES" != "1" ]; then
166	echo
167	echo "About to restore:"
168	echo " app: $app"
169	echo " source: $src"
170	echo " volume: $volume -> /$internal_file"
171	printf "Overwrite live data? [y/N] "
172	read -r answer
173	case "$answer" in
174	y\|Y\|yes\|YES) ;;
175	*) echo "Skipped $app"; return 0 ;;
176	esac
177	fi
178
179	workdir=$(mktemp -d)
180	trap 'rm -rf "$workdir"' EXIT INT TERM
181
182	echo "$(date -u) Downloading $src ..."
183	aws s3 cp "$src" "$workdir/$key" --endpoint-url "$R2_ENDPOINT" \
184	\|\| { echo "WARN: download failed for $app"; rm -rf "$workdir"; trap - EXIT INT TERM; return 1; }
185
186	echo "$(date -u) Decompressing ..."
187	gunzip "$workdir/$key"
188	decompressed="$workdir/${key%.gz}"
189
190	echo "$(date -u) Verifying integrity ..."
191	check=$(sqlite3 "$decompressed" 'PRAGMA integrity_check;' 2>&1 \|\| true)
192	if [ "$check" != "ok" ]; then
193	echo "WARN: integrity check failed for $app: $check"
194	rm -rf "$workdir"; trap - EXIT INT TERM
195	return 1
196	fi
197
198	echo "$(date -u) Writing into volume $volume ..."
199	docker run --rm \
200	-v "$volume:/data" \
201	-v "$workdir:/backup:ro" \
202	"$RESTORE_IMAGE" \
203	cp "/backup/$(basename "$decompressed")" "/data/$internal_file"
204
205	rm -rf "$workdir"
206	trap - EXIT INT TERM
207
208	echo "$(date -u) OK: $app restored from $key"
209	echo "WARNING: stop the '$app' service before restoring and restart it after for a clean"
210	echo " restore. This script does not stop or start services."
211	return 0
212	}
213
214	# --- arg parsing ---------------------------------------------------------------
215
216	[ $# -ge 1 ] \|\| usage 1
217
218	TARGET=""
219	TIMESTAMP=""
220	DO_LIST=0
221	ASSUME_YES=0
222
223	while [ $# -gt 0 ]; do
224	case "$1" in
225	-h\|--help) usage 0 ;;
226	--list) DO_LIST=1 ;;
227	--yes\|-y) ASSUME_YES=1 ;;
228	--timestamp)
229	shift
230	[ $# -ge 1 ] \|\| die "--timestamp requires a value"
231	TIMESTAMP="$1"
232	;;
233	--timestamp=) TIMESTAMP="${1#=}" ;;
234	-*) die "unknown option: $1" ;;
235	*)
236	[ -z "$TARGET" ] \|\| die "unexpected argument: $1"
237	TARGET="$1"
238	;;
239	esac
240	shift
241	done
242
243	[ -n "$TARGET" ] \|\| usage 1
244	: "${R2_ENDPOINT:?R2_ENDPOINT is required}"
245
246	if [ "$TARGET" = "all" ]; then
247	if [ -n "$TIMESTAMP" ] && [ "$DO_LIST" != "1" ]; then
248	die "--timestamp cannot be combined with 'all' (timestamps differ per app)"
249	fi
250	TARGETS=$(echo "$APPS" \| cut -d: -f1)
251	else
252	app_exists "$TARGET" \|\| die "unknown app: $TARGET (valid: $(echo "$APPS" \| cut -d: -f1 \| tr '\n' ' '))"
253	TARGETS="$TARGET"
254	fi
255
256	if [ "$DO_LIST" = "1" ]; then
257	for app in $TARGETS; do
258	list_backups "$app"
259	done
260	exit 0
261	fi
262
263	failures=0
264	total=0
265	for app in $TARGETS; do
266	total=$((total + 1))
267	restore_app "$app" \|\| failures=$((failures + 1))
268	done
269
270	if [ "$failures" -gt 0 ] && [ "$failures" -eq "$total" ]; then
271	die "all restores failed ($failures/$total)"
272	fi
273	echo "$(date -u) Restore complete ($((total - failures))/$total succeeded)"