Add backup tasks for forgejo

roles/forgejo/files/forgejo-backup.cron

@@ -0,0 +1 @@
+0 5 * * * git USER=git /usr/local/bin/forgejo_backup.sh backup && USER=git /usr/local/bin/forgejo_backup.sh prune 2

roles/forgejo/tasks/backup.yml

@@ -0,0 +1,25 @@
+---
+- name: Copy forgejo_backup.sh script
+  become: true
+  ansible.builtin.template:
+    src: forgejo_backup.sh.j2
+    dest: /usr/local/bin/forgejo_backup.sh
+    owner: git
+    group: git
+    mode: 0775
+
+- name: Create forgejo-dumps directory
+  become: true
+  ansible.builtin.file:
+    path: "{{ forgejo_run_dir }}/forgejo-dumps"
+    state: directory
+    owner: git
+    group: git
+    mode: 0755
+
+- name: Setup forgejo-backup crontab
+  become: true
+  ansible.builtin.copy:
+    src: forgejo-backup.cron
+    dest: /etc/cron.d/forgejo-backup
+    mode: 0644

roles/forgejo/tasks/main.yml

@@ -13,3 +13,6 @@
 
 - name: Include binary tasks
   ansible.builtin.include_tasks: binary.yml
+
+- name: Include backup tasks
+  ansible.builtin.include_tasks: backup.yml

roles/forgejo/templates/forgejo_backup.sh.j2

@@ -0,0 +1,137 @@
+#!/bin/bash
+
+# Use forgejo dump to make a backup of Forgejo
+# Also restore from a previously made backup
+# https://docs.gitea.io/en-us/backup-and-restore/
+
+set -eu
+set -o pipefail
+IFS="$(printf '\n\t')"
+
+PROGRAM="${0##*/}"
+INSTALL_DIR=/usr/local/bin
+TMP_DIR={{ forgejo_run_dir }}/tmp
+WORK_DIR={{ forgejo_run_dir }}
+DATA_DIR={{ forgejo_data_dir }}
+LOG_DIR={{ forgejo_log_dir }}
+REPO_DIR={{ forgejo_run_dir }}/forgejo-repositories/
+CONFIG_FILE={{ forgejo_conf_dir }}/app.ini
+DUMP_DIR={{ forgejo_run_dir }}/forgejo-dumps
+MYSQL_USER={{ db_user }}
+MYSQL_DB={{ db_name }}
+MYSQL_PW={{ db_pass }}
+SCRIPT_LOGFILE={{ forgejo_log_dir }}/forgejo_backup.log
+
+{% raw %}
+if [ "$USER" != git ]; then
+  echo "You must run this as user 'git'" && exit 1
+fi
+
+print_help() {
+cat <<-_EOF
+
+$PROGRAM
+
+Usage:
+  $PROGRAM {backup|restore <forgejo_dump_file>|prune <int>}
+
+Commands:
+  backup    Create a backup. Will save to $DUMP_DIR.
+  restore   Restore a previously created backup, given on the command line:
+            <forgejo_dump_file>, absolute path or relative to $PWD.
+  prune     Remove previously dumped backups and keep <int> backups.
+
+Options:
+  -h        Print this help message and quit.
+_EOF
+}
+
+do_backup() {
+  echo "Backing up Forgejo..."
+  stop_service
+  output_dump_file="$DUMP_DIR/forgejo-dump-$(date +'%Y%m%d').zip"
+  cd "$INSTALL_DIR" || exit 1
+  ./forgejo dump -V -f "$output_dump_file" -c "$CONFIG_FILE" -t "$TMP_DIR" --skip-attachment-data --skip-lfs-data -w "$WORK_DIR"
+  chmod 640 "$output_dump_file" # Make the file readable by group for scp to different host by different user
+  restart_service
+  echo "Done."
+}
+
+do_restore() {
+  echo "Restoring Forgejo backup..."
+  zip_file="$1"
+  zip_dir="${zip_file%.*}" # Remove file extension
+  chmod 600 "$zip_file" # Backup has changed permissions, restore them here
+  echo "Unzipping $zip_file..." && unzip "$zip_file" -d "$zip_dir" && echo "  OK."
+  cd "$zip_dir" || exit 1
+  echo -n "Restoring $CONFIG_FILE..." && mv -f app.ini "$CONFIG_FILE" && echo "  OK."
+  echo -n "Restoring $DATA_DIR..." && rsync -avz --delete data/ "$DATA_DIR" && rm -rf data && echo "  OK."
+  echo -n "Restoring $LOG_DIR..." && rsync -avz log/ "$LOG_DIR" && rm -rf log && echo "  OK."
+  echo -n "Restoring $REPO_DIR..." && mkdir -p "$REPO_DIR" && rsync -avz --delete repos/ "$REPO_DIR" && rm -rf repos && echo "  OK."
+  echo -n "Changing ownership..." && chown -R git:git "$CONFIG_FILE" "$WORK_DIR" && echo "  OK."
+  echo -n "Restoring MySQL database..." && mysql --default-character-set=utf8mb4 -u"$MYSQL_USER" -p"$MYSQL_PW" "$MYSQL_DB" < gitea-db.sql && rm gitea-db.sql && echo "  OK."
+  rmdir "$zip_dir"
+  restart_service
+  regenerate_hooks
+  echo "Done."
+}
+
+do_prune() {
+  echo "Pruning Forgejo backups and keeping $1 of them..."
+  dumps=("$DUMP_DIR"/forgejo-dump-*.zip)
+  nb_of_dumps="${#dumps[@]}"
+  nb_to_keep="$1"
+  nb_to_prune=$((nb_of_dumps - nb_to_keep))
+  if [ "$nb_to_prune" -gt "$nb_of_dumps" ]; then
+    echo "There are only $nb_of_dumps backups, quitting." && exit 1
+  fi
+  if [ "$nb_to_prune" -le 0 ]; then
+    echo "Nothing to do" && exit 1
+  else
+    for ((i=0; i < nb_to_prune; i++)); do
+      echo -n "Removing ${dumps[$i]}..." && rm "${dumps[$i]}" && echo "  OK."
+    done
+  fi
+}
+
+regenerate_hooks() {
+  echo "Regenerating hooks..."
+  cd "$INSTALL_DIR" || exit 1
+  ./forgejo admin regenerate hooks --config "$CONFIG_FILE" && echo "Done."
+}
+
+stop_service() {
+  echo -n "Stopping service..." && sudo systemctl stop forgejo.service && echo "  OK."
+}
+
+restart_service() {
+  echo -n "Restarting service..." && sudo systemctl restart forgejo.service && echo "  OK."
+}
+
+[ "$#" = 0 ] || [ "$1" = '-h' ] && print_help && exit 1
+
+if [ "$#" = 2 ]; then
+  if [ "$1" = restore ]; then
+    echo "STARTING restore" >> "$SCRIPT_LOGFILE"
+    do_restore "$2" >> "$SCRIPT_LOGFILE" 2>&1
+    echo "DONE restore" >> "$SCRIPT_LOGFILE"
+  elif [ "$1" = prune ]; then
+    echo "STARTING prune" >> "$SCRIPT_LOGFILE"
+    do_prune "$2" >> "$SCRIPT_LOGFILE" 2>&1
+    echo "DONE prune" >> "$SCRIPT_LOGFILE"
+  else
+    print_help && exit 1
+  fi
+elif [ "$#" = 1 ]; then
+  if [ "$1" != backup ]; then
+    print_help && exit 1
+  fi
+  echo "STARTING backup" >> "$SCRIPT_LOGFILE"
+  do_backup >> "$SCRIPT_LOGFILE" 2>&1
+  echo "DONE backup" >> "$SCRIPT_LOGFILE"
+else
+  print_help && exit 1
+fi
+
+exit 0
+{% endraw %}