364e058b8c
Enthaelt: - Docker Compose mit allen Services (Nextcloud, Vaultwarden, n8n, etc.) - nginx Reverse Proxy Konfiguration mit Rate Limiting - WireGuard VPN Template - Backup und Health-Check Scripts - Deployment Script - Ausfuehrliche Dokumentation und Troubleshooting Guide Services: - Isolierte Netzwerke pro Service - Resource Limits (CPU/Memory) - Health Checks - Logging Konfiguration Sicherheit: - .env Template ohne Secrets - Rate Limiting auf nginx - TLS 1.2+ only - Security Headers 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
145 lines
4.0 KiB
Bash
145 lines
4.0 KiB
Bash
#!/bin/bash
|
|
# ============================================
|
|
# Proxmox Infrastruktur Backup Script
|
|
# ============================================
|
|
# Ausfuehrung: ./backup.sh [service|all]
|
|
# Cronjob: 0 3 * * * /opt/scripts/backup.sh all >> /var/log/backup.log 2>&1
|
|
|
|
set -euo pipefail
|
|
|
|
BACKUP_DIR="/opt/backups"
|
|
DATE=$(date +%Y%m%d_%H%M%S)
|
|
RETENTION_DAYS=7
|
|
|
|
# Farben fuer Output
|
|
RED='\033[0;31m'
|
|
GREEN='\033[0;32m'
|
|
YELLOW='\033[1;33m'
|
|
NC='\033[0m'
|
|
|
|
log_info() { echo -e "${GREEN}[INFO]${NC} $(date '+%Y-%m-%d %H:%M:%S') $1"; }
|
|
log_warn() { echo -e "${YELLOW}[WARN]${NC} $(date '+%Y-%m-%d %H:%M:%S') $1"; }
|
|
log_error() { echo -e "${RED}[ERROR]${NC} $(date '+%Y-%m-%d %H:%M:%S') $1"; }
|
|
|
|
# Backup-Verzeichnis erstellen
|
|
mkdir -p "$BACKUP_DIR"
|
|
|
|
backup_nextcloud() {
|
|
log_info "Starte Nextcloud Backup..."
|
|
local backup_file="$BACKUP_DIR/nextcloud_$DATE.tar.gz"
|
|
|
|
# Maintenance Mode aktivieren
|
|
docker exec nextcloud php occ maintenance:mode --on || true
|
|
|
|
# Daten sichern
|
|
tar -czf "$backup_file" \
|
|
-C /opt/docker/nextcloud \
|
|
data db \
|
|
2>/dev/null
|
|
|
|
# Maintenance Mode deaktivieren
|
|
docker exec nextcloud php occ maintenance:mode --off || true
|
|
|
|
log_info "Nextcloud Backup erstellt: $backup_file ($(du -h "$backup_file" | cut -f1))"
|
|
}
|
|
|
|
backup_vaultwarden() {
|
|
log_info "Starte Vaultwarden Backup..."
|
|
local backup_file="$BACKUP_DIR/vaultwarden_$DATE.tar.gz"
|
|
|
|
tar -czf "$backup_file" \
|
|
-C /opt/docker \
|
|
vaultwarden \
|
|
2>/dev/null
|
|
|
|
log_info "Vaultwarden Backup erstellt: $backup_file ($(du -h "$backup_file" | cut -f1))"
|
|
}
|
|
|
|
backup_gitea() {
|
|
log_info "Starte Gitea Backup..."
|
|
local backup_file="$BACKUP_DIR/gitea_$DATE.tar.gz"
|
|
|
|
# Gitea internen Backup-Befehl nutzen
|
|
docker exec -u git gitea gitea dump -c /data/gitea/conf/app.ini -f /data/gitea-dump.zip || true
|
|
|
|
# Dump und Daten sichern
|
|
tar -czf "$backup_file" \
|
|
-C /opt/docker/gitea \
|
|
. \
|
|
2>/dev/null
|
|
|
|
log_info "Gitea Backup erstellt: $backup_file ($(du -h "$backup_file" | cut -f1))"
|
|
}
|
|
|
|
backup_n8n() {
|
|
log_info "Starte n8n Backup..."
|
|
local backup_file="$BACKUP_DIR/n8n_$DATE.tar.gz"
|
|
|
|
tar -czf "$backup_file" \
|
|
-C /opt/docker \
|
|
n8n \
|
|
2>/dev/null
|
|
|
|
log_info "n8n Backup erstellt: $backup_file ($(du -h "$backup_file" | cut -f1))"
|
|
}
|
|
|
|
backup_audiobookshelf() {
|
|
log_info "Starte Audiobookshelf Backup..."
|
|
local backup_file="$BACKUP_DIR/audiobookshelf_$DATE.tar.gz"
|
|
|
|
# Nur Config und Metadata, nicht die Audiobooks selbst
|
|
tar -czf "$backup_file" \
|
|
-C /opt/docker/audiobookshelf \
|
|
config metadata \
|
|
2>/dev/null
|
|
|
|
log_info "Audiobookshelf Backup erstellt: $backup_file ($(du -h "$backup_file" | cut -f1))"
|
|
}
|
|
|
|
backup_configs() {
|
|
log_info "Starte Config Backup..."
|
|
local backup_file="$BACKUP_DIR/configs_$DATE.tar.gz"
|
|
|
|
tar -czf "$backup_file" \
|
|
/opt/docker/docker-compose.yml \
|
|
/opt/docker/gitea/docker-compose.yml \
|
|
/etc/wireguard/wg0.conf \
|
|
2>/dev/null || true
|
|
|
|
log_info "Config Backup erstellt: $backup_file"
|
|
}
|
|
|
|
cleanup_old_backups() {
|
|
log_info "Loesche Backups aelter als $RETENTION_DAYS Tage..."
|
|
find "$BACKUP_DIR" -name "*.tar.gz" -mtime +$RETENTION_DAYS -delete
|
|
log_info "Cleanup abgeschlossen"
|
|
}
|
|
|
|
backup_all() {
|
|
log_info "========== VOLLSTAENDIGES BACKUP GESTARTET =========="
|
|
backup_nextcloud
|
|
backup_vaultwarden
|
|
backup_gitea
|
|
backup_n8n
|
|
backup_audiobookshelf
|
|
backup_configs
|
|
cleanup_old_backups
|
|
log_info "========== BACKUP ABGESCHLOSSEN =========="
|
|
log_info "Backup-Groesse gesamt: $(du -sh "$BACKUP_DIR" | cut -f1)"
|
|
}
|
|
|
|
# Hauptprogramm
|
|
case "${1:-all}" in
|
|
nextcloud) backup_nextcloud ;;
|
|
vaultwarden) backup_vaultwarden ;;
|
|
gitea) backup_gitea ;;
|
|
n8n) backup_n8n ;;
|
|
audiobookshelf) backup_audiobookshelf ;;
|
|
configs) backup_configs ;;
|
|
all) backup_all ;;
|
|
*)
|
|
echo "Verwendung: $0 [nextcloud|vaultwarden|gitea|n8n|audiobookshelf|configs|all]"
|
|
exit 1
|
|
;;
|
|
esac
|