projekte/edgeguard-native
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(backup): Restore-Pfad — POST /backups/:id/restore + UI

Browse Source 
backup.Service.Restore(id) schreibt /var/lib/edgeguard/restore.sh
und dispatcht via `sudo systemd-run --unit=edgeguard-restore.service`.
Skript-Ablauf:
  1. tar -xzf der Backup-Datei → /var/lib/edgeguard/restore-tmp
  2. state-files (setup.json/license/jwt/node.conf/acme-account) per
     cp -a zurück, chown edgeguard
  3. systemctl stop edgeguard-api + scheduler (DB-Connections freigeben)
  4. sudo -u postgres psql -f dump.sql (--clean droppt + recreated)
  5. edgeguard-ctl render-config (haproxy/nft/squid/unbound/chrony)
  6. systemctl start edgeguard-api + scheduler
  7. rm -rf restore-tmp + restore.sh

UI: pro Backup-Row neuer Restore-Button mit Popconfirm. Beim Trigger
zeigt sich das vertraute Fullscreen-Overlay (Klassen .update-modal*
re-used) mit 4 Steps (Extract / DB-Restore / Render / Restart) + Live-
Timer. Health-Poll alle 3s detektiert API-Restart + reload. Safety-
Timeout 3 min für große DB-Dumps.

postinst: sudoers für `systemd-run --unit=edgeguard-restore.service
--description=... --collect bash /var/lib/edgeguard/restore.sh` +
zugehöriges `systemctl reset-failed`. Pfad fix damit kein Wildcard
nötig wird.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Debian
2026-05-12 23:22:55 +02:00
parent 571f51ba9a
commit dbc14a24a4
11 changed files with 273 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
internal/handlers/backup.go
View File

@@ -36,9 +36,33 @@ func (h *BackupHandler) Register(rg *gin.RouterGroup) {
g.POST("", h.Trigger)
g.GET("/:id", h.Get)
g.GET("/:id/download", h.Download)
g.POST("/:id/restore", h.Restore)
g.DELETE("/:id", h.Delete)
}
// Restore startet einen Restore aus einem vorhandenen Backup. Endpoint
// returnt sofort 202 Accepted — der eigentliche Restore läuft in einer
// transient systemd-Unit; die UI pollt /healthz für die Restart-
// Detection. Massive Audit-Trail, weil das ein destruktiver Eingriff
// in den live-DB-State ist.
func (h *BackupHandler) Restore(c *gin.Context) {
id, ok := parseID(c)
if !ok {
return
}
e, err := h.Service.Restore(c.Request.Context(), id)
if err != nil {
response.Err(c, http.StatusInternalServerError, err)
return
}
_ = h.Audit.Log(c.Request.Context(), actorOf(c), "backup.restore",
e.File, gin.H{"id": id, "sha256": e.SHA256}, h.NodeID)
c.JSON(http.StatusAccepted, response.Envelope{
Data: gin.H{"status": "restoring", "file": e.File, "id": id},
Message: "Restore gestartet",
})
}
func (h *BackupHandler) List(c *gin.Context) {
out, err := h.Service.List(c.Request.Context())
if err != nil {