admin/felhom-controller
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
476a97376f6677ed33f6cef08939eea42144ba7c
felhom-controller/controller/internal/appbackup/paths.go
T
admin 70eb521cd0 v0.53.0: Phase 2 capture side — per-app secret-free recovery unit 
Each app's on-drive backup becomes a self-contained, recreatable recovery unit:
compose/ (docker-compose.yml + .felhom.yml + secret-stripped app.yaml) alongside
the existing db-dumps/ + volume-dumps/, plus a secret-free manifest.json (image
pins, secret env-var NAMES, data_key names, checksums). The unit stores no secret
value, no data-key, and not the image — secrets are recovered at restore from the
guest's own app.yaml (live/PBS), never regenerated.

- appbackup: RecoveryUnit* path helpers, RecoveryInfo + GetStackRecoveryInfo,
  ParseComposeImages; AppDBDump/Volume refactored onto RecoveryUnitPath.
- backup: recovery_unit.go (manifest + CaptureRecoveryUnit), wired into RunDBDumps;
  capture test proves secret-free.
- stacks: DeployField.DataKey + Metadata.DataKeyEnvVars(); main.go stackAdapter
  implements GetStackRecoveryInfo (excludes secret-named + encrypted values).
- Restore-from-unit recreate + fail-closed gate + live AdventureLog validation: next.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-13 10:20:37 +02:00

71 lines
3.6 KiB
Go
Raw Blame History

// Package appbackup holds the self-contained app-data backup primitives:
// database dump and Docker-volume archive discovery/execution, plus the
// keep-side storage path helpers. It depends only on stable abstractions
// (the StackDataProvider interface) and has no dependency on the restic,
// cross-drive, or drive-mount code in the backup package.
package appbackup
import "path/filepath"
// FelhomDataDir is the namespace directory on storage drives for all felhom-managed data.
const FelhomDataDir = "felhom-data"
// NamespaceRoot resolves the felhom-data namespace ROOT for a drive path. All the path helpers
// below take this namespace root (the directory that directly contains backups/ and appdata/),
// NOT a bare drive path — they do not append felhom-data themselves.
//
// Model A (slice 10): the host agent binds <drive>/felhom-data onto the guest mountpoint, so an
// enrolled user-data drive's IN-GUEST mount already IS the namespace root (and its basename need
// NOT be "felhom-data" — e.g. /mnt/felhom-usb). For such mounts pass inGuestDrive=true → the path
// is returned as-is, so callers no longer double-nest into .../felhom-data/felhom-data/... .
//
// For a bare drive root that still holds a felhom-data SUBDIR — the SSD-only system-data fallback,
// or any legacy host-side layout — pass inGuestDrive=false → the felhom-data segment is appended.
func NamespaceRoot(drivePath string, inGuestDrive bool) string {
if inGuestDrive {
return filepath.Clean(drivePath)
}
return filepath.Join(drivePath, FelhomDataDir)
}
// PrimaryBackupPath returns the root primary backup directory under a felhom-data namespace root.
func PrimaryBackupPath(nsRoot string) string {
return filepath.Join(nsRoot, "backups", "primary")
}
// RecoveryUnitPath returns the per-app self-contained recovery-unit ROOT under a namespace root.
// It is the existing per-app backup dir (`backups/primary/<stack>/`) — the legacy name is kept so the
// db-dumps/ and volume-dumps/ already written there need no migration; the unit gains compose/ and
// manifest.json as siblings, making the whole dir a complete, recreatable unit (Phase 2). The unit is
// secret-free: secrets/data-keys are recovered from the guest's own app.yaml (live or via PBS), never
// stored here. See backup.recoveryUnit / restore for the capture + restore flow.
func RecoveryUnitPath(nsRoot, stackName string) string {
return filepath.Join(nsRoot, "backups", "primary", stackName)
}
// RecoveryUnitComposePath returns the compose/config capture dir within an app's recovery unit
// (docker-compose.yml + .felhom.yml + secret-stripped app.yaml).
func RecoveryUnitComposePath(nsRoot, stackName string) string {
return filepath.Join(RecoveryUnitPath(nsRoot, stackName), "compose")
}
// RecoveryUnitManifestPath returns the manifest.json path within an app's recovery unit.
func RecoveryUnitManifestPath(nsRoot, stackName string) string {
return filepath.Join(RecoveryUnitPath(nsRoot, stackName), "manifest.json")
}
// AppDBDumpPath returns the DB dump directory for an app under a felhom-data namespace root.
func AppDBDumpPath(nsRoot, stackName string) string {
return filepath.Join(RecoveryUnitPath(nsRoot, stackName), "db-dumps")
}
// AppVolumeDumpPath returns the Docker-volume dump-tar directory for an app under a namespace root.
func AppVolumeDumpPath(nsRoot, stackName string) string {
return filepath.Join(RecoveryUnitPath(nsRoot, stackName), "volume-dumps")
}
// AppDataDir returns the app data directory under a felhom-data namespace root.
func AppDataDir(nsRoot, stackName string) string {
return filepath.Join(nsRoot, "appdata", stackName)
}
Reference in New Issue View Git Blame Copy Permalink