viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

backup: stop offsite-copying regenerable data; shrink nextcloud backup; pin nextcloud image

Browse source 
The offsite Synology hit 97% — the Backup share grew +670G in a week, traced
to the 2026-05-26 change that began mirroring large regenerable services
offsite, plus an unbounded nextcloud.log bloating its backups to 87G.

- nfs-mirror: re-exclude ollama, prometheus-backup, audiblez, ebook2audiobook
  (regenerable; live-only on sdc). Keep *-backup DB dumps (real safety copies).
- offsite-sync Step 2: nfs-ssd leg is now immich-only; ollama/llamacpp on the
  SSD no longer ship offsite (re-pullable models).
- daily-backup: skip nextcloud/nextcloud-data-proxmox (orphaned pre-encryption
  PV, still backed up weekly).
- nextcloud: cap+rotate the log (log_rotate_size=10MB); the dedicated backup
  now excludes html/ (app code, from image), logs, and preview cache and keeps
  only the latest copy (pvc-data holds version history) → <5G (was 87G).
- nextcloud: pin image to 32.0.9 in chart_values. A 2026-05-26 Keel bump moved
  the live pod to 32.0.9 (data migrated to 32.0.9.2) but TF still defaulted to
  32.0.3; reconciling that drift this session rolled a 32.0.3 pod that
  CrashLooped on the downgrade. Pinning eliminates the drift.

Docs: backup-dr.md + infra CLAUDE.md updated (add nfs-mirror, new exclusions).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Viktor Barzin 2026-06-01 14:01:21 +00:00
parent 0dd4a31eff
commit ddd582a28c
7 changed files with 122 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

11
scripts/daily-backup.sh
View file

@ -215,6 +215,17 @@ else
continue
fi
# Skip-list: PVCs we deliberately don't keep offsite copies of.
# nextcloud-data-proxmox — orphaned pre-encryption PV (Released,
# Retain). Nextcloud moved to nextcloud-data-encrypted on 2026-04-13;
# this old unencrypted PV lingers (Retain) and was still being backed
# up weekly, filling the offsite Synology. Stop copying it (2026-06-01).
case "${ns_pvc}" in
nextcloud/nextcloud-data-proxmox)
log " skip ${ns_pvc} (orphaned pre-encryption PVC)"
continue ;;
esac
# Detect LUKS-encrypted volumes and set up mount device
LUKS_NAME=""
MOUNT_DEV="/dev/pve/${snap}"