fix(infra): switch landing backup to shared r2-landing rclone remote
Replace inline LITESTREAM_R2_* credentials in the backup service with the named [r2-landing] rclone remote and R2_LANDING_* env vars, matching the beanflows pattern. Add rclone.conf setup to bootstrap_supervisor.sh so the remote is written from env on each bootstrap run. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Deeman
@@ -54,6 +54,40 @@ chmod 600 "${REPO_DIR}/.env"
|
|||||||
|
|
||||||
sudo -u "${SERVICE_USER}" bash -c "cd ${REPO_DIR} && ${UV} sync --all-packages"
|
sudo -u "${SERVICE_USER}" bash -c "cd ${REPO_DIR} && ${UV} sync --all-packages"
|
||||||
|
|
||||||
|
# ── rclone config (r2-landing remote) ────────────────────────────────────────
|
||||||
|
|
||||||
|
_env_get() { grep -E "^${1}=" "${REPO_DIR}/.env" 2>/dev/null | head -1 | cut -d= -f2- | tr -d '"'"'" || true; }
|
||||||
|
|
||||||
|
R2_LANDING_KEY=$(_env_get R2_LANDING_ACCESS_KEY_ID)
|
||||||
|
R2_LANDING_SECRET=$(_env_get R2_LANDING_SECRET_ACCESS_KEY)
|
||||||
|
R2_ENDPOINT=$(_env_get R2_ENDPOINT)
|
||||||
|
|
||||||
|
if [ -n "${R2_LANDING_KEY}" ] && [ -n "${R2_LANDING_SECRET}" ] && [ -n "${R2_ENDPOINT}" ]; then
|
||||||
|
RCLONE_CONF_DIR="/home/${SERVICE_USER}/.config/rclone"
|
||||||
|
RCLONE_CONF="${RCLONE_CONF_DIR}/rclone.conf"
|
||||||
|
|
||||||
|
sudo -u "${SERVICE_USER}" mkdir -p "${RCLONE_CONF_DIR}"
|
||||||
|
|
||||||
|
grep -v '^\[r2-landing\]' "${RCLONE_CONF}" 2>/dev/null > "${RCLONE_CONF}.tmp" || true
|
||||||
|
cat >> "${RCLONE_CONF}.tmp" <<EOF
|
||||||
|
|
||||||
|
[r2-landing]
|
||||||
|
type = s3
|
||||||
|
provider = Cloudflare
|
||||||
|
access_key_id = ${R2_LANDING_KEY}
|
||||||
|
secret_access_key = ${R2_LANDING_SECRET}
|
||||||
|
endpoint = ${R2_ENDPOINT}
|
||||||
|
acl = private
|
||||||
|
no_check_bucket = true
|
||||||
|
EOF
|
||||||
|
mv "${RCLONE_CONF}.tmp" "${RCLONE_CONF}"
|
||||||
|
chown "${SERVICE_USER}:${SERVICE_USER}" "${RCLONE_CONF}"
|
||||||
|
chmod 600 "${RCLONE_CONF}"
|
||||||
|
echo "$(date '+%H:%M:%S') ==> rclone [r2-landing] remote configured."
|
||||||
|
else
|
||||||
|
echo "$(date '+%H:%M:%S') ==> R2_LANDING_* not set — skipping rclone config."
|
||||||
|
fi
|
||||||
|
|
||||||
# ── Systemd services ──────────────────────────────────────────────────────────
|
# ── Systemd services ──────────────────────────────────────────────────────────
|
||||||
|
|
||||||
cp "${REPO_DIR}/infra/landing-backup/padelnomics-landing-backup.service" /etc/systemd/system/
|
cp "${REPO_DIR}/infra/landing-backup/padelnomics-landing-backup.service" /etc/systemd/system/
|
||||||
|
|||||||
@@ -7,15 +7,5 @@ Wants=network-online.target
|
|||||||
Type=oneshot
|
Type=oneshot
|
||||||
User=padelnomics_service
|
User=padelnomics_service
|
||||||
EnvironmentFile=/opt/padelnomics/.env
|
EnvironmentFile=/opt/padelnomics/.env
|
||||||
Environment=LANDING_DIR=/data/padelnomics/landing
|
ExecStart=/bin/sh -c 'exec /usr/bin/rclone sync /data/padelnomics/landing/ r2-landing:${R2_LANDING_BUCKET}/padelnomics/ --log-level INFO --exclude ".state.sqlite*"'
|
||||||
ExecStart=/usr/bin/rclone sync ${LANDING_DIR} :s3:${LITESTREAM_R2_BUCKET}/padelnomics/landing \
|
TimeoutStartSec=1800
|
||||||
--s3-provider Cloudflare \
|
|
||||||
--s3-access-key-id ${LITESTREAM_R2_ACCESS_KEY_ID} \
|
|
||||||
--s3-secret-access-key ${LITESTREAM_R2_SECRET_ACCESS_KEY} \
|
|
||||||
--s3-endpoint https://${LITESTREAM_R2_ENDPOINT} \
|
|
||||||
--s3-no-check-bucket \
|
|
||||||
--exclude ".state.sqlite*"
|
|
||||||
|
|
||||||
StandardOutput=journal
|
|
||||||
StandardError=journal
|
|
||||||
SyslogIdentifier=padelnomics-landing-backup
|
|
||||||
|
|||||||
Reference in New Issue
Block a user