Backups go to an S3 bucket mounted at /mnt/backups via
s3fs, triggered by a systemd timer at 03:00 daily. Two
files per day:
files-YYYY-MM-DD.tar.gz — /home, /root,
/etc, /usr/local, /opt, /var/spool/cron,
plus a /var/lib/ownsona-backup/ metadata bundle (package list,
crontabs, enabled units, OS info).
database-YYYY-MM-DD.gz — pg_dumpall output (every
database and global state: roles, passwords, GRANTs, tablespaces).
Retention: every backup ≤ 30 days old, plus the last day of every month forever.
s3fs ¶Create an IAM user with
s3:GetObject/s3:PutObject/s3:ListBucket on the
bucket. Store its credentials in /etc/passwd-s3fs:
echo "<bucket>:<KEY>:<SECRET>" | sudo tee /etc/passwd-s3fs sudo chmod 600 /etc/passwd-s3fs sudo mkdir -p /mnt/backups
/etc/mount-s3fs (root-owned, mode 0700) is a wrapper that mounts the bucket if it isn’t already mounted:
#!/bin/sh
mountpoint -q /mnt/backups || \
/usr/bin/s3fs <bucket> /mnt/backups \
-o passwd_file=/etc/passwd-s3fs \
-o allow_other \
-o use_path_request_style
sudo chmod 700 /etc/mount-s3fs sudo /etc/mount-s3fs mountpoint /mnt/backups # should print "is a mountpoint"
sudo /home/ownsona/ownsona/sql/install_backup.sh
The installer copies sql/ownsona-backup.sh to
/usr/local/sbin/, installs
ownsona-backup.{service,timer} under
/etc/systemd/system/, and enable --nows the timer.
Run one immediately:
sudo systemctl start ownsona-backup.service sudo tail -f /var/log/ownsona-backup.log sudo ls -lh /mnt/backups/