v0.55.0: Phase 3 — auto off-drive Tier 2 (rootfs-headroom guard)

Tier 2 rsync-mirrors each HDD app's recovery unit + appdata to a DIFFERENT physical disk (the only off-drive protection bind-mounted userdata can get; PBS can't reach it). Auto-enabled, auto-target: prefer another registered drive (different physical disk via system.SamePhysicalDevice), else the internal SSD for SMALL units only — with a size-aware headroom guard that REFUSES rather than fill the ~8G guest rootfs, recording an honest "needs 2nd HDD" status. Status persisted via the surviving CrossDriveBackup; "2. mentés" UI card now populated. Daily tier2-backup job + POST /api/backup/tier2. - backup/tier2.go (engine+selection+headroom), tier2_test.go (headroom arithmetic) - system.SamePhysicalDevice (linux Stat_t.Dev + stub) - handlers.go Tier2 UI population + tier2DestLabel; backups.html honest no-target reason - fixed stale TestBackupCopiesOnPath (old felhom-data layout -> in-guest layout) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-13 13:24:49 +02:00
parent d8fe8f5ead
commit d2071430ea
12 changed files with 446 additions and 5 deletions
@@ -53,6 +53,11 @@ func (m *Manager) SetVersion(v string) {
 	m.mu.Unlock()
 }

+// SetTier2Notifier wires the notification callback invoked after each Tier 2 copy.
+func (m *Manager) SetTier2Notifier(fn func(stackName, destLabel string, dur time.Duration, err error)) {
+	m.tier2Notify = fn
+}
+
 // CaptureRecoveryUnit writes/refreshes an app's secret-free recovery unit: it captures the
 // compose + metadata + a secret-stripped app.yaml into compose/, enumerates the DB/volume dumps
 // already present, and writes manifest.json. It NEVER writes a secret value or the Docker image.