ops: add nightly Docker volume backup to SAMURAI
- scripts/backup-volumes.sh: tar each named volume via alpine, rsync to
SAMURAI (Tailscale 100.74.x.x) at 02:00; 7-day retention; preflight
checks Tailscale + SSH before starting
- scripts/setup-samurai-ssh.sh: one-time SSH key install to SAMURAI
- scripts/monk-backup.{service,timer}: systemd units for nightly schedule
- docs/backup-setup.md: full setup instructions incl. Windows OpenSSH
config and admin authorized_keys fix
Phase 2 (MinIO S3 on SAMURAI) tracked as TODO in backup-volumes.sh.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
4c28ed131a
commit
5b3698191e
5 changed files with 280 additions and 0 deletions
47
scripts/setup-samurai-ssh.sh
Executable file
47
scripts/setup-samurai-ssh.sh
Executable file
|
|
@ -0,0 +1,47 @@
|
|||
#!/usr/bin/env bash
|
||||
# One-time setup: generate SSH key for SAMURAI and install it on Windows
|
||||
# Run this once from monk, then approve the connection on SAMURAI if prompted.
|
||||
#
|
||||
# Prerequisites on SAMURAI (Windows 11):
|
||||
# - OpenSSH Server enabled: Settings → Apps → Optional Features → OpenSSH Server
|
||||
# - Service running: sc start sshd (or via Services panel)
|
||||
# - Firewall: allow port 22 from Tailscale interface (100.x.x.x range)
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
SAMURAI_IP="100.74.0.109"
|
||||
SAMURAI_USER="${SAMURAI_USER:-kenpat}"
|
||||
KEY_PATH="${HOME}/.ssh/id_ed25519_samurai"
|
||||
|
||||
if [[ -f "${KEY_PATH}" ]]; then
|
||||
echo "Key already exists at ${KEY_PATH} — skipping generation"
|
||||
else
|
||||
ssh-keygen -t ed25519 -C "monk→samurai-backup" -f "${KEY_PATH}" -N ""
|
||||
echo "Generated: ${KEY_PATH}"
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "Installing public key on SAMURAI (${SAMURAI_USER}@${SAMURAI_IP}) ..."
|
||||
echo "You will be prompted for your Windows password once."
|
||||
echo ""
|
||||
|
||||
# ssh-copy-id works if OpenSSH Server is running on Windows
|
||||
ssh-copy-id -i "${KEY_PATH}.pub" \
|
||||
-p 22 \
|
||||
"${SAMURAI_USER}@${SAMURAI_IP}"
|
||||
|
||||
echo ""
|
||||
echo "Testing passwordless login ..."
|
||||
if ssh -i "${KEY_PATH}" -o BatchMode=yes "${SAMURAI_USER}@${SAMURAI_IP}" echo "SSH OK from monk"; then
|
||||
echo ""
|
||||
echo "Setup complete. backup-volumes.sh will use ${KEY_PATH}"
|
||||
else
|
||||
echo ""
|
||||
echo "ERROR: passwordless login failed. On Windows, ensure:"
|
||||
echo " 1. OpenSSH Server is running (sc query sshd)"
|
||||
echo " 2. C:\\ProgramData\\ssh\\administrators_authorized_keys contains the key"
|
||||
echo " (for admin accounts, Windows ignores ~/.ssh/authorized_keys)"
|
||||
echo ""
|
||||
echo " Run in PowerShell as admin:"
|
||||
echo ' Add-Content -Force "$env:ProgramData\ssh\administrators_authorized_keys" (Get-Content "$env:USERPROFILE\.ssh\authorized_keys")'
|
||||
fi
|
||||
Loading…
Add table
Add a link
Reference in a new issue