Add comprehensive backup and restore infrastructure

- scripts/borg-backup.sh: Complete disaster recovery backup (PostgreSQL, Docker volumes, configs, SSL certs, DKIM keys) - scripts/borg-restore.sh: Automated restore from Borg backups with manual verification steps - scripts/rollback.sh: Quick application rollback using Docker image tags - Enhanced setup.sh with BorgBackup installation and cron job setup - Updated README with detailed backup strategy documentation (2-tier: SQLite + Borg) Backup retention: 7 daily + 4 weekly + 3 monthly Borg archives + 7 days SQLite snapshots
2026-02-15 11:06:42 +00:00 · 2026-02-15 11:06:42 +00:00 · 76c1cc3bfb
commit 76c1cc3bfb
parent 3820d7ea4d
4 changed files with 384 additions and 6 deletions
--- a/infrastructure/README.md
+++ b/infrastructure/README.md
@ -137,12 +137,63 @@ docker-compose up -d

 ### Backup System
 ```bash
-mkdir -p /opt/docfast-backups
+# Install BorgBackup
+apt install -y borgbackup
+
+# Create backup directories
+mkdir -p /opt/docfast-backups /opt/borg-backups
+
+# Copy backup scripts
 cp scripts/docfast-backup.sh /opt/
-chmod +x /opt/docfast-backup.sh
+cp scripts/borg-backup.sh /opt/
+cp scripts/borg-restore.sh /opt/
+cp scripts/rollback.sh /opt/
+chmod +x /opt/docfast-backup.sh /opt/borg-backup.sh /opt/borg-restore.sh /opt/rollback.sh

 # Add to root crontab
 echo "0 */6 * * * /opt/docfast-backup.sh >> /var/log/docfast-backup.log 2>&1" | crontab -
+echo "0 3 * * * /opt/borg-backup.sh >> /var/log/borg-backup.log 2>&1" | crontab -
+```
+
+## Backup Strategy
+
+DocFast uses a two-tier backup strategy for comprehensive data protection:
+
+### 1. SQLite Database Backups (Every 6 hours)
+- **Script**: `/opt/docfast-backup.sh`
+- **Frequency**: Every 6 hours via cron
+- **Retention**: 7 days of backups (28 files), plus 4 weekly copies
+- **Storage**: `/opt/docfast-backups/`
+- **Method**: SQLite `.backup` command with integrity verification
+
+### 2. Complete System Backups (Daily)
+- **Script**: `/opt/borg-backup.sh` 
+- **Frequency**: Daily at 03:00 UTC via cron
+- **Retention**: 7 daily + 4 weekly + 3 monthly
+- **Storage**: `/opt/borg-backups/docfast`
+- **Includes**:
+  - PostgreSQL database dump
+  - Docker volumes (complete application data)
+  - Nginx configuration
+  - SSL certificates (Let's Encrypt)
+  - OpenDKIM keys and configuration
+  - Cron jobs and system configurations
+  - Application files (.env, docker-compose.yml)
+  - System information (packages, services)
+
+### Backup Management Commands
+```bash
+# List available Borg backups
+/opt/borg-restore.sh list
+
+# Restore from latest backup (creates restore directory)
+/opt/borg-restore.sh restore latest
+
+# Restore from specific backup
+/opt/borg-restore.sh restore docfast-2026-02-15_0300
+
+# Quick rollback (Docker image only)
+/opt/rollback.sh
 ```

 ## Disaster Recovery Procedures
--- a/infrastructure/setup.sh
+++ b/infrastructure/setup.sh
@ -151,17 +151,32 @@ sed -i "s/docfast\.dev/$DOMAIN/g" /etc/opendkim.conf 2>/dev/null || true
 # Restart services with new configs
 systemctl restart postfix opendkim

-# Setup backup directory and script
+# Install BorgBackup
+log "Installing BorgBackup..."
+apt install -y borgbackup
+
+# Setup backup directories and scripts
 log "Setting up backup system..."
 mkdir -p "$BACKUP_DIR"
-cp ../scripts/docfast-backup.sh /opt/docfast-backup.sh || warn "Backup script not found"
-chmod +x /opt/docfast-backup.sh
+mkdir -p /opt/borg-backups

-# Add backup cron job
+# Copy backup scripts
+cp ../scripts/docfast-backup.sh /opt/docfast-backup.sh || warn "SQLite backup script not found"
+cp ../scripts/borg-backup.sh /opt/borg-backup.sh || warn "Borg backup script not found"
+cp ../scripts/borg-restore.sh /opt/borg-restore.sh || warn "Borg restore script not found"
+cp ../scripts/rollback.sh /opt/rollback.sh || warn "Rollback script not found"
+
+chmod +x /opt/docfast-backup.sh /opt/borg-backup.sh /opt/borg-restore.sh /opt/rollback.sh
+
+# Add backup cron jobs
 if ! crontab -l 2>/dev/null | grep -q docfast-backup; then
    (crontab -l 2>/dev/null; echo "0 */6 * * * /opt/docfast-backup.sh >> /var/log/docfast-backup.log 2>&1") | crontab -
 fi

+if ! crontab -l 2>/dev/null | grep -q borg-backup; then
+    (crontab -l 2>/dev/null; echo "0 3 * * * /opt/borg-backup.sh >> /var/log/borg-backup.log 2>&1") | crontab -
+fi
+
 # Setup application directory
 log "Setting up application directory..."
 mkdir -p "$INSTALL_DIR"