feat(backup): backup stacklet v1: append-only sync to attached APFS disk#17
Merged
Conversation
arthware-dev
changed the title
arthware-dev
changed the title
Append-only backup of stacklet data to an attached APFS disk. Photos (Immich originals) and documents (Paperless archived PDFs) sync nightly via cron; every file is locked with the kernel uchg flag once on the vault, so accidents and ransomware cannot reach back through. Stacklet: * host-type stacklet, opt-in via 'stack up backup' * interactive on_configure prompts for disk, encryption, nightly time * on_install plants the canary tripwire, generates an FDA-granted .app wrapper, installs the cron entry * on_stop / on_destroy remove the cron defensively; vault data and the Keychain entry are preserved External-disk engine: * rsync --ignore-existing for append-only writes * chflags uchg on every new file (kernel-enforced immutability) * canary + preflight refuse to sync a wiped source * filesystem probe refuses non-APFS targets at runtime * per-run JSON appended to history.jsonl (append-only audit trail) Orchestrator: * discovers [[backup.archive]] across enabled stacklets * posts summary to #famstack via stacker-bot Reserved for follow-up: [[backup.snapshot]] for DB dumps, 'stack backup restore' + per-stacklet on_restore hooks, encrypted offsite via restic. Tests: 153 unit + 9 E2E against a real APFS sparse image.
arthware-dev
force-pushed
the
feat/backup-cli-only
branch
from
58df414 to
18704d2
Compare
Dry-run previously reported "0 total, 0 new" because the engine skipped file counting when no files were written. Now parses rsync --stats output for the transferred count and displays "N files would be written to backup archive" per source. Adds bold "Dry run, nothing synced!" footer.
…ications Cron's minimal PATH finds the system Python (3.9), which is too old. Prepend /opt/homebrew/bin so the nightly sync finds Homebrew Python. Also switch notification source lines from em-dashes to colons.
- Treat a failed chflags lock as a source FAILURE instead of reporting a successful, but unprotected, backup. The lock is the append-only guarantee; if it can't be applied the run says so. - Quote the paths in the nightly cron command so an install or data directory containing a space no longer breaks the scheduled run. - Match cron entries by their full marker token so removing target "vault" can't also strip "vault-2". - Share the cron command builder between on_install and on_start so the entry stays identical across reinstalls. - Drop stale ".app wrapper" wording left over from the cron-only switch.
Replaces the scaffold that raised NotImplementedError. Reports, per configured target: the last run and whether it succeeded, per-source file counts as of that run, whether the canary is intact, whether the cron entry is wired, and whether the disk is mounted. Human-readable when run in a terminal, JSON when piped. Counts come from the recorded run in history.jsonl rather than a live file walk, so the command stays fast on large libraries. Runs are now filterable by disk so one target's status can't borrow another's last result.
The cron command now prepends the Homebrew PATH (your fix) and quotes its paths (mine), so the absolute-path assertion skips the PATH= token and a new test pins the prepend. Notification source lines use colons, so the failed-source assertion matches "Documents: FAILED".
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
backupstacklet: append-only sync of photos (Immich originals) and documents (Paperless PDFs) to an attached APFS disk. Files are locked with the kerneluchgflag once on the disk, so accidents and ransomware cannot reach back through.stack backup sync/stack backup statusship as the user-facing CLI.stack up backupwalks setup (disk, encryption, nightly time), plants the canary, installs a cron entry, and points the user at the one-time/usr/sbin/cronFull Disk Access grant in System Settings.[[backup.archive]]declared byphotosanddocs. Reserved for follow-up:[[backup.snapshot]]for DB dumps,stack backup restore+ per-stackleton_restorehooks, encrypted offsite via restic.