From 4fbba5b432d0e19e8c3466ec9dbf63e8a86de148 Mon Sep 17 00:00:00 2001 From: MorganOnCode <87934408+MorganOnCode@users.noreply.github.com> Date: Mon, 1 Jun 2026 07:47:15 +0000 Subject: [PATCH] backup: also capture shared Cloudflare tunnel config + cron schedules Stage /etc/cloudflared (incl. the root-only tunnel credential json) and the /etc/cron.d/*-backup files into the nightly restic snapshot, so a fresh-machine restore can bring back public ingress for all three sites (cardano402.com, thehosksaid.com, tubechat.video) without recreating the shared tunnel f54b9704. Verified: latest snapshot contains infra/cloudflared/* incl. the tunnel credential; restic check passed. Co-Authored-By: Claude Opus 4.8 (1M context) --- scripts/backup.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/scripts/backup.sh b/scripts/backup.sh index 7180b5a..056da89 100755 --- a/scripts/backup.sh +++ b/scripts/backup.sh @@ -77,6 +77,18 @@ cp -p "$REPO_ROOT/config/config.json" "$STAGE_DIR/sensitive/config.json" cp -p "$REPO_ROOT/.env" "$STAGE_DIR/sensitive/dotenv" log "Staged: sensitive config ($(du -sh "$STAGE_DIR/sensitive" | cut -f1))" +# 1b. Shared VPS infrastructure: the Cloudflare tunnel config + its credential +# (root-only 0400 file — readable here because this job runs as root) and the +# three /etc/cron.d backup schedules. Lets a fresh box restore public ingress +# for all three sites (cardano402.com, thehosksaid.com, tubechat.video) without +# re-creating the shared tunnel. Tiny; restic dedups. +mkdir -p "$STAGE_DIR/infra" +[ -d /etc/cloudflared ] && cp -a /etc/cloudflared "$STAGE_DIR/infra/cloudflared" +for c in /etc/cron.d/cardano402-backup /etc/cron.d/tubechat-backup /etc/cron.d/hosksaid-backup; do + [ -f "$c" ] && cp -p "$c" "$STAGE_DIR/infra/" +done +log "Staged: infra ($(du -sh "$STAGE_DIR/infra" 2>/dev/null | cut -f1))" + # 2. Redis AOF volume. AOF is append-only; copying the on-disk state while # redis is running yields a valid replica that may be slightly behind # the in-memory state. Restic deduplicates so growing AOFs are cheap.