Novij Backup Agent

Создайте базовый конфиг, импортируйте service-key, проверьте конфигурацию и включите systemd timer.

Create the base config, import the service key, validate configuration, and enable the systemd timer.

sudo novij-backup init --wizard
sudo novij-backup service-key import ./novij-backup-agent.service-key.json
sudo novij-backup config validate
sudo systemctl enable --now novij-backup.timer

Основной файл: /etc/novij-backup/config.yaml. После любых изменений запускайте валидацию.

Main file: /etc/novij-backup/config.yaml. Validate it after every change.

Неинтерактивный старт для простого сайта:

Non-interactive start for a simple site:

sudo novij-backup init   --project main-site   --agent web-01   --path /var/www/main-site   --path /etc/nginx   --postgres app   --postgres-user app   --pgpass-file /root/.pgpass

sudo novij-backup config validate

agent:
  id: "web-01"
  fleet_id: "production"
  project_id: "main-site"
  agent_id: "web-01"
  data_dir: "/var/lib/novij-backup"
  log_dir: "/var/log/novij-backup"
  temp_dir: "/var/tmp/novij-backup"
  compression: "zstd"
  compression_level: 6

novij:
  service_key_path: "/etc/novij-backup/service-key.json"
  relay_url: "from_service_key"
  storage_url: "from_service_key"
  protocol: "v3"
  crypto_profile: "ntp-pq-v1"

zk:
  required: true
  zk_id: "from_service_key_or_config"
  auto_sync: true
  min_days_left: 14
  target_days: 180

security:
  service_key_passphrase_file: "/etc/novij-backup/service-key.pass"
  backup_key_passphrase_file: "/etc/novij-backup/backup-key.pass"
  backup_key_path: "/etc/novij-backup/backup-key.json"
  remote_manifest_encryption: true
  require_encrypted_remote_metadata: true
  allow_plaintext_remote_manifest: false

updates:
  enabled: true
  interval: "1h"
  auto_install: true
  base_url: "https://packages.novij.tech/agents/backup"
  channel: "latest"

В paths добавляйте данные, которые нужны для восстановления: код, uploads, nginx, systemd units, docker compose, env-файлы.

Add data needed for restore to paths: code, uploads, nginx, systemd units, docker compose, env files.

jobs:
  - name: "main"
    enabled: true
    schedule: "daily"
    paths:
      - "/var/www/site"
      - "/etc/nginx/sites-enabled"
      - "/etc/systemd/system/site.service"
    exclude:
      - "node_modules"
      - "vendor"
      - ".git"
      - "*.log"
    databases: []
    docker:
      enabled: false
      volumes: []
      containers: []
    retention:
      strategy: "gfs"
      daily: { keep_last: 7 }
      weekly: { keep_last: 1, anchor: "sunday" }
      monthly: { keep_last: 1, anchor: "last_day" }
      quarterly: { keep_last: 1, anchor: "last_day" }

Пароли храните в root-only файлах, а не в CLI. PostgreSQL обычно читает /root/.pgpass, MySQL/MariaDB - /root/.my.cnf.

Keep passwords in root-only files, not in CLI. PostgreSQL usually reads /root/.pgpass, MySQL/MariaDB reads /root/.my.cnf.

databases:
  - type: "postgres"
    name: "app"
    mode: "host"
    database: "app"
    user: "app"
    command: "pg_dump"
    pgpass_file: "/root/.pgpass"

  - type: "mysql"
    name: "shop"
    mode: "host"
    database: "shop"
    user: "shop"
    command: "mysqldump"
    defaults_file: "/root/.my.cnf"

Для БД в контейнере используйте SQL dump через mode: "docker". Volumes подходят для uploads/storage, но не как основной способ backup живой базы.

For a DB in a container use SQL dump via mode: "docker". Volumes are fine for uploads/storage, not as the main live DB backup method.

jobs:
  - name: "main"
    enabled: true
    schedule: "daily"
    paths:
      - "/root/app.env"
      - "/var/lib/novij-backup/static/docker-compose.yml"
    databases:
      - type: "mariadb"
        name: "app_db"
        mode: "docker"
        container: "db"
        database: "app_db"
        user: "app"
        command: "mariadb-dump"
        env_file: "/etc/novij-backup/mysql.env"
    docker:
      enabled: true
      volumes:
        - "app_uploads"
      containers:
        - name: "app"
          paths:
            - "/app/storage/app/public"

Пакет ставит systemd timer. Для ежедневного запуска в 00:00 переопределите timer и примените daemon-reload.

The package installs a systemd timer. For daily 00:00 runs override the timer and apply daemon-reload.

sudo mkdir -p /etc/systemd/system/novij-backup.timer.d
sudo tee /etc/systemd/system/novij-backup.timer.d/override.conf >/dev/null <<'EOF'
[Timer]
OnCalendar=
OnCalendar=*-*-* 00:00:00
Persistent=true
EOF
sudo systemctl daemon-reload
sudo systemctl enable --now novij-backup.timer

retention:
  strategy: "gfs"
  daily: { keep_last: 7 }
  weekly: { keep_last: 4, anchor: "sunday" }
  monthly: { keep_last: 6, anchor: "last_day" }
  quarterly: { keep_last: 4, anchor: "last_day" }

sudo novij-backup run --job main
novij-backup list --project main-site --agent web-01 --job main
novij-backup show <backup_id> --project main-site --agent web-01
novij-backup verify <backup_id> --project main-site --agent web-01
sudo novij-backup restore <backup_id> --to /restore/path --project main-site --agent web-01 --job main
novij-backup zk status
novij-backup test zk-coverage --repair-zk
novij-backup retention plan --job main
sudo novij-backup retention apply --job main

Важно: потеря backup-key.json или passphrase означает потерю доступа к зашифрованным backup.

Important: losing backup-key.json or its passphrase means losing access to encrypted backups.