backups and refactor

.gitmodules

@@ -9,3 +9,6 @@
 [submodule "repos/main-site"]
 	path = repos/main-site
 	url = git@git.faulty.nl:didier/site
+[submodule "repos/backups"]
+	path = repos/backups
+	url = git@git.faulty.nl:infra/backups

docker-compose.utils.yml

@@ -46,3 +46,17 @@ services:
     restart: unless-stopped
     networks:
       - proxy
+
+  backups:
+    build:
+      context: ./repos/backups
+      dockerfile: Containerfile
+    user: backups
+    environment:
+      - PYTHONUNBUFFERED=1
+      - IMMEDIATE=1
+    volumes:
+      - /docker/files/backups:/config:ro # an exception to keep stuff up to date.
+      - /srv:/services:ro
+      - /srv/backups/data:/local:rw
+      - /mnt/backups/neo:/remote:rw

files/backups/global.json

@@ -0,0 +1,4 @@
+{
+    "remote_dir": "/remote",
+    "tasks_dir": "/config/tasks"
+}

files/backups/tasks/generic_services.json

@@ -0,0 +1,17 @@
+{
+    "name": "GenericServices",
+    "interval": 86400,
+    "base": "/services",
+    "paths": [
+        ".webcers",
+        "proxy",
+        "jellyfin",
+        "ghost",
+        "gitlab",
+        "searx",
+        "wireguard"
+    ],
+    "local_days_of_retention": 1,
+    "remote_days_of_retention": 30,
+    "backup_dir": "/local"
+}

files/backups/tasks/smpxmc.json

@@ -0,0 +1,11 @@
+{
+  "name": "SMPXMC",
+  "interval": 86400,
+  "base": "/services/smpxmc",
+  "paths": [
+    "data"
+  ],
+  "local_days_of_retention": 7,
+  "remote_days_of_retention": 30,
+  "backup_dir": "/local"
+}

repos/backups

@@ -0,0 +1 @@
+Subproject commit 39b8411aa6e2f568a4c86bbc619ab5dc58d784a4

tools/manager/main.py

@@ -9,13 +9,6 @@ PROJECT_NAME = os.environ.get("PROJECT_NAME", "neo")
 
 files = glob.glob("docker-compose.*.yml")
 
-def setup_handler(what: str):
-    types = {
-        "def": lambda: os.system("sh ./utils/setup.sh"),
-        "ports": lambda: os.system("sh ./utils/setup-ports.sh ./utils/rulelist.rules")
-    }.get(what, lambda: print("Invalid setup type"))
-
-
 def dc(cmd: str):
     fopts = ""
     for f in files:
@@ -99,7 +92,6 @@ def main():
         "upr": lambda: dc(f"up -d --build {' '.join(args.args)}"),
         "logs": lambda: dc(f"logs --tail=20 -f {' '.join(args.args)}"),
         "default": lambda: dc(f"{' '.join(args.args)}"),
-        "setup": lambda: setup_handler(args.args[0]),
         "delete-project-files": lambda: os.system(f"sudo rm -rf /srv/{args.args[0]}"),
         "pull": lambda: update(),
         "_dump": lambda: dump_data(),

utils/rulelist.rules

@@ -1,24 +0,0 @@
-# HTTP(s)
-INPUT -p tcp --dport 80 -j ACCEPT
-INPUT -p tcp --dport 443 -j ACCEPT
-
-# SSH
-INPUT -p tcp --dport 8240 -j ACCEPT
-
-# WIREGUARD
-INPUT -p udp --dport 51820 -j ACCEPT
-
-# MINECRAFT (25565 && 280**)
-INPUT -p tcp --dport 25565 -j ACCEPT
-
-# RUST (281**)
-INPUT -p tcp --dport 28115 -j ACCEPT
-INPUT -p udp --dport 28115 -j ACCEPT
-INPUT -p tcp --dport 28116 -j ACCEPT
-INPUT -p udp --dport 28116 -j ACCEPT
-INPUT -p tcp --dport 28182 -j ACCEPT
-INPUT -p udp --dport 28182 -j ACCEPT
-
-# ALLOW ALL TRAFFIC FROM xxx.xxx.xxx.xxx
-INPUT -s 87.210.9.220 -j ACCEPT
-

utils/setup-ports.sh

@@ -1,42 +0,0 @@
-#!/bin/sh
-
-run() {
-  echo "$@"
-  "$@"
-}
-
-up() {
-  while read -r line; do
-    [ -z "$line" ] && continue
-    if [ "$(echo "$line" | cut -c1)" = "#" ]; then
-      echo "$line"
-    else
-      # shellcheck disable=SC2086
-      run iptables -A $line
-    fi
-  done < "$1"
-}
-
-down() {
-  while read -r line; do
-    [ -z "$line" ] && continue
-    if [ "$(echo "$line" | cut -c1)" = "#" ]; then
-      echo "$line"
-    else
-      # shellcheck disable=SC2086
-      run iptables -D $line
-    fi
-  done < "$1"
-}
-
-case "$1" in
-  up)
-    up "$2"
-    ;;
-  down)
-    down "$2"
-    ;;
-  *)
-    echo "Usage: $0 {up|down}"
-    exit 1
-esac