Compare commits

...

3 commits

Author SHA1 Message Date
a40cd60d60
backup: keep deleted/overwritten versions instead of mirroring them away (#120)
Some checks are pending
Deploy (on merge) / Discover hosts (push) Waiting to run
Deploy (on merge) / deploy (push) Blocked by required conditions
Terraform / Plan (push) Waiting to run
Terraform / Apply (push) Blocked by required conditions
The nightly job runs 'rclone sync', which permanently deletes or overwrites
objects at the B2 destination. That means an accidental deletion or a
ransomware encryption on /hdd propagates straight to the backup on the next
run, leaving no clean copy.

Add --backup-dir so every superseded version is moved into a dated folder
under _versions/ rather than thrown away, and prune that folder after 30
days so it doesn't grow unbounded.
2026-06-05 21:23:04 +01:00
dependabot[bot]
7f2cbd4af1
chore(deps): bump the github-actions group across 1 directory with 2 updates (#117)
Bumps the github-actions group with 2 updates in the / directory: [ansible/ansible-lint](https://github.com/ansible/ansible-lint) and [actions/github-script](https://github.com/actions/github-script).


Updates `ansible/ansible-lint` from 25 to 26
- [Release notes](https://github.com/ansible/ansible-lint/releases)
- [Commits](https://github.com/ansible/ansible-lint/compare/v25...v26)

Updates `actions/github-script` from 7 to 9
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v7...v9)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-version: '9'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: ansible/ansible-lint
  dependency-version: '26'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-05 21:13:03 +01:00
dependabot[bot]
24431466c5
chore(deps): bump the terraform group across 2 directories with 1 update (#116)
Updates the requirements on  and [pagerduty/pagerduty](https://github.com/PagerDuty/terraform-provider-pagerduty) to permit the latest version.

Updates `pagerduty/pagerduty` to 3.32.4
- [Release notes](https://github.com/PagerDuty/terraform-provider-pagerduty/releases)
- [Changelog](https://github.com/PagerDuty/terraform-provider-pagerduty/blob/master/CHANGELOG.md)
- [Commits](https://github.com/PagerDuty/terraform-provider-pagerduty/compare/v2.2.0...v3.32.4)

Updates `pagerduty/pagerduty` to 3.32.4
- [Release notes](https://github.com/PagerDuty/terraform-provider-pagerduty/releases)
- [Changelog](https://github.com/PagerDuty/terraform-provider-pagerduty/blob/master/CHANGELOG.md)
- [Commits](https://github.com/PagerDuty/terraform-provider-pagerduty/compare/v2.2.0...v3.32.4)

---
updated-dependencies:
- dependency-name: pagerduty/pagerduty
  dependency-version: 3.32.4
  dependency-type: direct:production
  dependency-group: terraform
- dependency-name: pagerduty/pagerduty
  dependency-version: 3.32.4
  dependency-type: direct:production
  dependency-group: terraform
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-05 21:12:59 +01:00
5 changed files with 22 additions and 5 deletions

View file

@ -22,6 +22,6 @@ jobs:
- name: Run ansible-lint
if: steps.check.outputs.has_files == 'true'
uses: ansible/ansible-lint@v25
uses: ansible/ansible-lint@v26
with:
working_directory: ansible/

View file

@ -89,7 +89,7 @@ jobs:
- name: Post plan as PR comment
if: github.actor != 'dependabot[bot]'
uses: actions/github-script@v7
uses: actions/github-script@v9
with:
script: |
const fs = require('fs');

View file

@ -7,6 +7,15 @@ DIRS=(archive backups stash syncthing ftp)
EMAIL="pez@pez.sh"
SUBJECT="HDD Backup Report - $(date '+%Y-%m-%d %H:%M')"
# Versioning: a plain `rclone sync` permanently deletes/overwrites objects at
# the destination, so a deletion or ransomware encryption on /hdd would
# propagate to the backup on the next run. Instead, move every superseded
# version into a dated folder under $VERSIONS so it can be recovered, then
# prune anything older than $RETENTION_DAYS to cap storage.
STAMP="$(date '+%Y-%m-%d_%H%M%S')"
VERSIONS="$BUCKET/_versions"
RETENTION_DAYS=30
failures=()
report=""
size_error=""
@ -16,7 +25,7 @@ for dir in "${DIRS[@]}"; do
dst="$BUCKET/$dir"
echo "Syncing $src -> $dst"
if output=$(rclone sync "$src" "$dst" -v 2>&1); then
if output=$(rclone sync "$src" "$dst" --backup-dir "$VERSIONS/$STAMP/$dir" -v 2>&1); then
rc=0
else
rc=$?
@ -28,6 +37,14 @@ for dir in "${DIRS[@]}"; do
report+="=== $dir ===\n$output\n\n"
done
# Prune versioned copies older than the retention window.
if prune_output=$(rclone delete "$VERSIONS" --min-age "${RETENTION_DAYS}d" -v 2>&1); then
:
else
failures+=("version-prune")
report+="=== Version Prune Error ===\n$prune_output\n\n"
fi
# Get bucket storage usage
if bucket_usage=$(rclone size "$BUCKET" 2>&1); then
:

View file

@ -2,7 +2,7 @@ terraform {
required_providers {
pagerduty = {
source = "pagerduty/pagerduty"
version = "~> 2.2"
version = "~> 3.32"
}
}
}

View file

@ -12,7 +12,7 @@ terraform {
}
pagerduty = {
source = "pagerduty/pagerduty"
version = "~> 2.2"
version = "~> 3.32"
}
}