Remove Backrest and WD backup references

2026-05-15 16:57:42 +02:00
parent 1e3e019f28
commit 57ea7507a7
14 changed files with 106 additions and 102 deletions
@@ -1,48 +0,0 @@
-services:
-  backrest:
-    image: ghcr.io/garethgeorge/backrest:latest@sha256:f4d34bd6fa985d13bdb6c01c5d8727e07708899afa9567d800808357d77b9fb0
-    container_name: backrest
-    restart: unless-stopped
-    environment:
-      - TZ=Europe/Berlin
-      - BACKREST_DATA=/data
-      - BACKREST_CONFIG=/config/config.json
-      - XDG_CACHE_HOME=/cache
-      - TMPDIR=/tmp
-
-    volumes:
-      - /mnt/user/appdata/backrest/data:/data
-      - /mnt/user/appdata/backrest/config:/config
-      - /mnt/user/appdata/backrest/cache:/cache
-      - /mnt/user/appdata/backrest/tmp:/tmp
-      - /mnt/user/appdata/backrest/ssh:/root/.ssh
-      - /mnt/user/appdata:/source/appdata:ro
-      - /mnt/remotes/192.168.178.86/Public/backrest-repos:/repos/wd
-      - /mnt/user/documents:/source/user/documents:ro
-      - /mnt/user/finance:/source/user/finance:ro
-      - /mnt/user/photos:/source/user/photos:ro
-      - /mnt/user/services:/source/user/services:ro
-
-    dns:
-      - 1.1.1.1
-      - 8.8.8.8
-
-    networks:
-      - backend_net
-      - frontend_net
-
-    labels:
-      - traefik.enable=true
-      - traefik.docker.network=frontend_net
-      - traefik.http.routers.backrest.rule=Host(`backrest.kaleschke.info`)
-      - traefik.http.routers.backrest.entrypoints=websecure
-      - traefik.http.routers.backrest.tls=true
-      - traefik.http.routers.backrest.tls.certresolver=le
-      - traefik.http.routers.backrest.middlewares=authelia@file,secure-headers@file
-      - traefik.http.services.backrest.loadbalancer.server.port=9898
-      
-networks:
-  backend_net:
-    external: true
-  frontend_net:
-    external: true
@@ -45,7 +45,6 @@ The inclusion of `/local/secrets` is intentional: Borg is expected to cover disa
 | Grafana | file data | `/local/appdata/grafana` |
 | InfluxDB 3 Core | file data | `/local/appdata/influxdb3/data`, `/local/appdata/influxdb3/plugins` |
 | Hermes Agent | file data + SSH key | `/local/appdata/hermes-agent/data`, `/local/secrets/hermes_runner_id_ed25519` |
-| Backrest | file data | `/local/appdata/backrest/data`, `/local/appdata/backrest/config` |
 | BentoPDF | rebuildable | no critical persistence in compose |

 ## Open Decisions and Coverage Gaps
@@ -408,18 +408,6 @@
      "first_check": "Borg-Repo-Credentials vorhanden? Backup-Mounts erreichbar? Traefik healthy?",
      "notes": "breite Mounts bewusst dokumentiert; /local/secrets im DR-Scope"
    },
-    "backrest": {
-      "description": "Backup-Admin-Dienst",
-      "tier": 3,
-      "category": "ops",
-      "container_name": "backrest",
-      "dependencies": ["traefik"],
-      "url": "https://backrest.kaleschke.info",
-      "dump_file": null,
-      "data_paths": ["/mnt/user/appdata/backrest"],
-      "first_check": "Repo/SSH-Mounts erreichbar? Traefik healthy?",
-      "notes": "breite Mounts bewusst dokumentiert"
-    },
    "hermes-gateway": {
      "description": "Hermes Agent Gateway / AI Ops Assistant",
      "tier": 3,
@@ -495,20 +495,6 @@ services:
    first_check: "Borg-Repo-Credentials vorhanden? Backup-Mounts erreichbar? Traefik healthy?"
    notes: "breite Mounts bewusst dokumentiert; /local/secrets im DR-Scope"

-  backrest:
-    description: Backup-Admin-Dienst (Legacy-Backup-Ebene)
-    tier: 3
-    category: ops
-    container_name: backrest
-    dependencies:
-      - traefik
-    url: https://backrest.kaleschke.info
-    dump_file: null
-    data_paths:
-      - /mnt/user/appdata/backrest
-    first_check: "Repo/SSH-Mounts erreichbar? Traefik healthy?"
-    notes: "breite Mounts bewusst dokumentiert"
-
  hermes-gateway:
    description: Hermes Agent Gateway / AI Ops Assistant
    tier: 3
@@ -1,9 +1,9 @@
 # Policy Check Report

 ## Summary
- Compose files checked: 30
+- Compose files checked: 29
 - Critical findings: 0
- Warnings: 5
+- Warnings: 4
 - Info findings: 9

 ## Critical
@@ -11,7 +11,6 @@

 ## Warnings
 - [SEC001] infra\ddns-updater\docker-compose.yml :: ddns-updater: Missing security_opt no-new-privileges:true.
- [SEC001] ops\backrest\docker-compose.yml :: backrest: Missing security_opt no-new-privileges:true.
 - [USER001] ops\grafana-influxdb\docker-compose.yml :: grafana: Runs as user 0. Documented exception, keep visible for hardening.
 - [USER001] ops\grafana-influxdb\docker-compose.yml :: influxdb3-core: Runs as user 0. Documented exception, keep visible for hardening.
 - [SEC001] ops\scrutiny\docker-compose.yml :: scrutiny: Missing security_opt no-new-privileges:true.