fix: overhaul backup/restore — full secrets coverage, ordered reapply, optional passphrase encryption
Unit Tests / test (push) Successful in 12m25s
Unit Tests / test (push) Successful in 12m25s
P0 — backups previously omitted peers/keys/vault(CA+fernet)/auth/cell-links/ddns/connectivity
configs (a restore lost everything incl admin login + CA) and included logs/trash; restore did
file-copies only with no reapply.
Changes:
- api/config_manager.py: backup_config now includes auth_users.json, .flask_secret_key,
peers.json, peer_service_credentials.json, WireGuard keys + wg_confs + api/wireguard/keys,
vault/** (incl fernet.key), api/services + service configs, cell_links.json, ddns_token,
caddy/**; new _is_excluded() drops logs/config_backups/.test_admin_pass/.gitkeep/*.tmp/
*.partial/__pycache__; restore_config reordered (vault/fernet → config → wg keys/peers →
cell_links → caddy/dns → service configs → auth/ddns → volumes) + new _reapply_runtime_state()
(regenerate Caddyfile/Corefile, reapply services, connectivity apply_routes, replay cell pushes)
- api/backup_crypto.py (new): optional passphrase encryption via scrypt-derived key + Fernet;
encrypted archives written 0600
- api/routes/config.py: backup/restore accept optional {passphrase}; wrong/missing passphrase
returns 400; backup response warns it contains secrets
- Makefile: backup target applies same excludes + chmod 0600 + secrets warning
- webui/src/services/api.js + webui/src/pages/Settings.jsx: passphrase field on create backup,
restore prompt, "contains secrets" banner
- tests/test_config_backup_overhaul.py (new, 18 tests) + tests/test_config_backup_restore_http.py
(2 assertions updated)
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
@@ -256,14 +256,23 @@ backup:
|
||||
@echo "Creating backup..."
|
||||
@mkdir -p backups
|
||||
@sudo tar -czf backups/cell-backup-$(shell date +%Y%m%d-%H%M%S).tar.gz \
|
||||
--exclude='data/logs' \
|
||||
--exclude='data/api/config_backups' \
|
||||
--exclude='data/api/.test_admin_pass' \
|
||||
--exclude='data/api/.gitkeep' \
|
||||
--exclude='*.tmp' \
|
||||
--exclude='*.partial' \
|
||||
--exclude='__pycache__' \
|
||||
config/ data/ docker-compose.yml Makefile README.md
|
||||
@sudo chown $$(id -u):$$(id -g) backups/cell-backup-*.tar.gz
|
||||
@echo "Backup created in backups/."
|
||||
@chmod 600 backups/cell-backup-*.tar.gz
|
||||
@echo "Backup created in backups/ (mode 0600 — contains secrets/keys)."
|
||||
@echo ""
|
||||
@echo "WARNING: data volumes of installed store services (email, calendar,"
|
||||
@echo "files, ...) are NOT included in this archive. They are only captured"
|
||||
@echo "by API-driven backups (POST /api/config/backup), which dump each"
|
||||
@echo "service's volumes via ConfigManager._backup_service_volumes."
|
||||
@echo "WARNING: this archive contains secrets and key material (WireGuard"
|
||||
@echo "keys, internal CA, vault fernet.key, admin credentials). Store it"
|
||||
@echo "securely. Data volumes of installed store services (email, calendar,"
|
||||
@echo "files, ...) are NOT included here — they are captured by API-driven"
|
||||
@echo "backups (POST /api/config/backup) via _backup_service_volumes."
|
||||
|
||||
restore:
|
||||
@echo "Available backups:"
|
||||
|
||||
Reference in New Issue
Block a user