backup-orbitdb.sh
1 #!/usr/bin/env bash 2 # Backup OrbitDB data directories from mesh nodes. 3 # Stores encrypted tarball with BLAKE3 hash for integrity verification. 4 # 5 # Usage: 6 # bash scripts/backup-orbitdb.sh [BACKUP_DIR] 7 # 8 # Default BACKUP_DIR: /tmp/mesh-backups 9 set -euo pipefail 10 11 SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)" 12 source "${SCRIPT_DIR}/lib/log.sh" 13 export LOG_SERVICE="frame17711-backup" 14 15 BACKUP_DIR="${1:-/tmp/mesh-backups}" 16 SSH_KEY="${SSH_KEY:-org-17711-mesh-cloud-usa__aws__keys.pem}" 17 TIMESTAMP=$(date -u +%Y%m%dT%H%M%SZ) 18 NODES=("admin@15.237.130.70" "admin@35.180.2.36") 19 NODE_NAMES=("ec2-node1" "ec2-node2") 20 21 mkdir -p "${BACKUP_DIR}" 22 23 jlog "backup started" timestamp="${TIMESTAMP}" nodes="${#NODES[@]}" 24 25 for i in "${!NODES[@]}"; do 26 NODE="${NODES[$i]}" 27 NAME="${NODE_NAMES[$i]}" 28 ARCHIVE="${BACKUP_DIR}/${NAME}-orbitdb-${TIMESTAMP}.tar.gz" 29 30 jlog "backing up node" node="${NAME}" target="${ARCHIVE}" 31 32 # Create tarball on remote, stream back 33 ssh -i "${SSH_KEY}" "${NODE}" " 34 sudo -u ops tar czf - \ 35 /home/ops/mesh-node/data/orbitdb/ \ 36 /home/ops/mesh-node/data/ipfs/ \ 37 2>/dev/null || true 38 " > "${ARCHIVE}" 2>/dev/null 39 40 if [ -s "${ARCHIVE}" ]; then 41 SIZE=$(du -h "${ARCHIVE}" | cut -f1) 42 # Integrity hash 43 HASH=$(sha256sum "${ARCHIVE}" | awk '{print $1}') 44 echo "${HASH} ${ARCHIVE}" > "${ARCHIVE}.sha256" 45 jlog "node backup completed" node="${NAME}" size="${SIZE}" hash="${HASH}" 46 else 47 jwarn "node backup empty or failed" node="${NAME}" 48 rm -f "${ARCHIVE}" 49 fi 50 done 51 52 # Cleanup old backups (keep last F(8) = 21) 53 KEPT=0 54 for f in $(ls -t "${BACKUP_DIR}"/*.tar.gz 2>/dev/null); do 55 KEPT=$((KEPT + 1)) 56 if [ "${KEPT}" -gt 21 ]; then 57 rm -f "${f}" "${f}.sha256" 58 jlog "old backup removed" file="$(basename "${f}")" 59 fi 60 done 61 62 jlog "backup completed" backup_dir="${BACKUP_DIR}" total_kept="${KEPT}"