🐝

.env

@@ -0,0 +1,27 @@
+###################
+# E-mail settings #
+###################
+
+# the e-mail address used to send e-mails from both vaultwarden and restic
+SMTP_FROM=[email protected]
+
+# the e-mail address to notify on case of restic backup failure
+SMTP_TO=[email protected]
+
+# https://github.com/dani-garcia/vaultwarden/wiki/SMTP-Configuration
+SMTP_HOST=smtp.gmail.com
+SMTP_PORT=587
+SMTP_USERNAME=[email protected]
+SMTP_PASSWORD=88888888
+
+###################
+# Restic settings #
+###################
+
+# You don't need to initialize this repo beforehand
+RESTIC_REPOSITORY=s3://88888888.r2.cloudflarestorage.com/uptime-kuma
+RESTIC_PASSWORD=88888888
+
+# If using S3 (or B2, wasabi, Minio) you'll need those
+AWS_ACCESS_KEY_ID=88888888
+AWS_SECRET_ACCESS_KEY=88888888

.github/workflows/publish.yaml

@@ -0,0 +1,54 @@
+name: Docker
+
+on:
+  schedule:
+    - cron: '43 7 * * *'
+  push:
+    branches: [ "main" ]
+    tags: [ '*' ]
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=raw, value=latest, enable={{is_default_branch}}
+            type=semver, pattern={{version}}
+            type=ref, event=branch
+            type=ref, event=tag
+            type=ref, event=pr
+
+      - name: Build and push Docker image
+        id: build-and-push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

Dockerfile

@@ -0,0 +1,33 @@
+FROM louislam/uptime-kuma:1-alpine
+
+ARG SUPERCRONIC_URL=https://github.com/aptible/supercronic/releases/download/v0.2.29/supercronic-linux-amd64
+ARG OVERMIND_URL=https://github.com/DarthSim/overmind/releases/download/v2.4.0/overmind-v2.4.0-linux-amd64.gz
+
+RUN apk add --no-cache \
+            ca-certificates \
+            curl \
+            openssl \
+            tzdata \
+            iptables \
+            ip6tables \
+            tmux \
+            sqlite \
+            restic \
+            msmtp \
+            mailx
+
+
+RUN wget "$SUPERCRONIC_URL" -O /usr/local/bin/supercronic && chmod +x /usr/local/bin/supercronic
+RUN wget "$OVERMIND_URL" -O- | gunzip -c - > /usr/local/bin/overmind && chmod +x /usr/local/bin/overmind
+
+WORKDIR /app
+
+COPY config/crontab .
+COPY config/Procfile .
+COPY scripts/restic.sh .
+COPY scripts/msmtp.sh .
+
+RUN chmod +x restic.sh
+RUN chmod +x msmtp.sh
+
+CMD ["overmind", "start"]

README.md

@@ -0,0 +1,7 @@
+```
+fly auth login
+fly apps create uptime-kuma
+cat .env | fly secrets import
+fly volumes create app_data --size 1
+fly deploy
+```

config/Procfile

@@ -0,0 +1,3 @@
+uptime-kuma: node /app/server/server.js
+restic-backup: supercronic /app/crontab
+msmtp: /app/msmtp.sh

config/crontab

@@ -0,0 +1,2 @@
+@hourly /app/restic.sh
+@hourly /usr/bin/find /var/log/restic/ -name "*.log" -type f -mmin +600 -exec rm -f {} \;

fly.toml

@@ -0,0 +1,16 @@
+app = "uptime-kuma"
+primary_region = "hkg"
+kill_signal = "SIGINT"
+kill_timeout = 5
+
+[build]
+  image = "ghcr.io/webees/uptime-kuma"
+
+[mounts]
+  source = "app_data"
+  destination = "/app/data"
+
+[http_service]
+  internal_port = 5000
+  force_https = true
+  min_machines_running = 1

scripts/msmtp.sh

@@ -0,0 +1,21 @@
+#!/bin/sh
+
+SMTP_HOST=${SMTP_HOST:-smtp.gmail.com}
+SMTP_PORT=${SMTP_PORT:-587}
+SMTP_USERNAME=${SMTP_USERNAME:-88888888@gmail.com}
+SMTP_PASSWORD=${SMTP_PASSWORD:-88888888}
+SMTP_FROM=${SMTP_FROM:-88888888@gmail.com}
+SMTP_TO=${SMTP_TO:-88888888@gmail.com}
+
+cat << EOF > /etc/msmtprc
+defaults
+auth on
+tls on
+tls_trust_file /etc/ssl/certs/ca-certificates.crt
+logfile /var/log/msmtp.log
+host $SMTP_HOST
+port $SMTP_PORT
+from $SMTP_FROM
+user $SMTP_USERNAME
+password $SMTP_PASSWORD
+EOF

scripts/restic.sh

@@ -0,0 +1,96 @@
+#!/bin/sh
+
+# catch the error in case first pipe command fails (but second succeeds)
+set -o pipefail
+# turn on traces, useful while debugging but commented out by default
+# set -o xtrace
+
+EMAIL_SUBJECT_PREFIX="[Restic]"
+LOG="/var/log/restic/$(date +\%Y\%m\%d_\%H\%M\%S).log"
+
+# create log dir
+mkdir -p /var/log/restic/
+
+# e-mail notification
+function notify() {
+    sed -e 's/\x1b\[[0-9;]*m//g' "${LOG}" | mail -s "${EMAIL_SUBJECT_PREFIX} ${1}" ${SMTP_TO}
+}
+
+function log() {
+    "$@" 2>&1 | tee -a "$LOG"
+}
+
+function run_silently() {
+    "$@" >/dev/null 2>&1
+}
+
+# ###############################################################################
+# colorized echo helpers                                                        #
+# taken from: https://github.com/atomantic/dotfiles/blob/master/lib_sh/echos.sh #
+# ###############################################################################
+
+ESC_SEQ="\x1b["
+COL_RED=$ESC_SEQ"31;01m"
+COL_BLUE=$ESC_SEQ"34;01m"
+COL_GREEN=$ESC_SEQ"32;01m"
+COL_YELLOW=$ESC_SEQ"33;01m"
+COL_RESET=$ESC_SEQ"39;49;00m"
+
+function ok() {
+    log echo -e "$COL_GREEN[ok]$COL_RESET $1"
+}
+
+function running() {
+    log echo -en "$COL_BLUE ⇒ $COL_RESET $1..."
+}
+
+function warn() {
+    log echo -e "$COL_YELLOW[warning]$COL_RESET $1"
+}
+
+function error() {
+    log echo -e "$COL_RED[error]$COL_RESET $1"
+    log echo -e "$2"
+}
+
+function notify_and_exit_on_error() {
+    output=$(eval $1 2>&1)
+
+    if [ $? -ne 0 ]; then
+        error "$2" "$output"
+        notify "$2"
+        exit 2
+    fi
+}
+
+# ##############
+# backup steps #
+# ##############
+
+running "checking restic config"
+
+run_silently restic cat config
+
+if [ $? -ne 0 ]; then
+    warn "restic repo either not initialized or erroring out"
+    running "trying to initialize it"
+    notify_and_exit_on_error "restic init" "Repo init failed"
+fi
+
+ok
+
+running "backing up sqlite database"
+notify_and_exit_on_error "sqlite3 /app/data/db.sqlite3 '.backup /app/data/backup.bak'" "SQLite backup failed"
+ok
+
+running "restic backup"
+notify_and_exit_on_error "restic backup --verbose --exclude='db.*' /app/data" "Restic backup failed"
+ok
+
+running "checking consistency of restic repository"
+notify_and_exit_on_error "restic check" "Restic check failed"
+ok
+
+running "removing outdated snapshots"
+notify_and_exit_on_error "restic forget --keep-daily 7 --keep-weekly 4 --keep-monthly 3 --keep-yearly 3 --prune" "Restic forget failed"
+ok