Micha/homelab-infra
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
600 Commits 2 Branches 1 Tag
master
Commit Graph

22 Commits

Author SHA1 Message Date
Micha 9ffcb4e92e fix: dump active grafana database 2026-05-31 21:41:23 +02:00
Micha 268df30a13 chore: finish postgres redis stateful migrations 2026-05-31 20:32:25 +02:00
Micha 24d0d90670 Make dump output 0644 by default, exclude flash config from H pull 
pre-backup-dumps.sh: atomic_write nimmt jetzt einen optionalen
mode-Parameter (Default 0644). Damit sind alle DB-/SQLite-/BoltDB-
/Mongo-Dumps konsistent 0644 und vom Nearline-Pull lesbar. Die
sensible unraid-flash-config-Familie (.tar.gz, .sha256, .manifest)
ruft explizit mit mode 600 auf und bleibt damit Operator-only.
Loest das Permission-Problem fuer filebrowser.bolt.dump (Source
ist 0640) im naechsten regulaeren Dump-Lauf.

pull-critical-backups.ps1: Jobs koennen ExcludeFiles ueber /XF
mitliefern. borg-dumps-latest schliesst die unraid-flash-config-
Artefakte aus, weil sie bewusst 0600 bleiben sollen und sonst den
Lauf abbrechen lassen. Restore-Quelle fuer Flash-Config bleibt
das Hetzner-Borg-Repo.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-27 20:44:50 +02:00
Micha 0ae44bd797 Write Prometheus textfile and Gitea bundles world-readable 
node-exporter runs as nobody:65534 inside its container and was
hitting node_textfile_scrape_error 1 on homelab.prom, because the
file was 0600 root:root (mktemp default). Set it to 0644 right
before the atomic mv. Bundle inhaltsidentisch zum Git-Repo, ohne
Secrets (.gitignore-abgedeckt) und nicht sensibler als die
uebrigen /mnt/user/backups/borg/dumps/latest/*.dump-Files, die
ebenfalls 0644 sind. So funktioniert auch der Nearline-Pull-Workflow
ueber SMB (docs/H_DRIVE_NEARLINE_PULL.md).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-27 20:41:07 +02:00
Micha 5c5ca2fcec Fix Gitea bundle mirror host run 2026-05-26 20:16:19 +02:00
Micha 5936a4d9c1 Add Gitea bundle recovery script 2026-05-26 19:50:50 +02:00
Micha 9353a9fc44 Fix Borg preflight freshness dump path 2026-05-25 19:44:22 +02:00
Micha d50b11784d Add Unraid flash config to Borg preflight 2026-05-25 19:36:16 +02:00
Micha b6bbca43ad Replace Uptime Kuma with monitoring checks 2026-05-25 16:37:46 +02:00
Micha 29eaf8001f Normalize ntfy alert routing 2026-05-17 14:57:45 +02:00
Micha 6ca829ec45 Document Unraid automation schedules 2026-05-16 20:11:19 +02:00
Micha 5ada1ad153 Treat Filebrowser state as file-backed dump 2026-05-16 13:16:01 +02:00
Micha ead7e1e17d Fallback SQLite dumps to host paths 2026-05-16 13:14:10 +02:00
Micha 14e9c0963d Allow posture warnings before Borg 2026-05-16 13:12:47 +02:00
Micha 878ad2d5f1 Harden backup and posture checks 2026-05-16 13:04:22 +02:00
Micha 12a87ad342 Clean up SQLite dump temp files on failure 2026-05-16 12:03:10 +02:00
Micha 0e7e639df4 Correct Filebrowser backup state 2026-05-16 11:59:57 +02:00
Micha 18df2d155d Add consistent Borg database dumps 2026-05-16 11:49:36 +02:00
Micha 4eea231d24 Remove Firefly and Semaphore from homelab 2026-04-15 10:24:42 +02:00
Micha 8b8e96e32f Move borg dump staging to backup share 2026-04-15 09:43:20 +02:00
Micha c7f0962ba0 Use shared postgres admin for borg dumps 2026-04-13 19:12:53 +02:00
Micha be479407fe Add borg backup scope and database dump workflow 2026-04-12 19:03:47 +02:00