feat(deploy): merge Phase 5a deployment configuration

Complete containerized deployment system with Docker/Podman support. Key features: - Multi-stage Dockerfile with Python 3.11-slim base - Docker Compose configurations for production and development - Nginx reverse proxy with security headers and rate limiting - Systemd service units for Docker, Podman, and docker-compose - Backup/restore scripts with integrity verification - Podman compatibility (ADR-009) All tests pass including Podman verification testing. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-21 19:16:54 -07:00
parent d3c3e8dc6b
commit 01dcaba86b
22 changed files with 6353 additions and 18 deletions
--- a/docker-compose.backup.yml
+++ b/docker-compose.backup.yml
@@ -0,0 +1,62 @@
+version: '3.8'
+
+# Gondulf Backup Service Configuration
+# Usage: podman-compose --profile backup run --rm backup
+# Or:    docker-compose --profile backup run --rm backup
+
+services:
+  # Backup service (run on-demand)
+  backup:
+    image: gondulf:latest
+    container_name: gondulf_backup
+    profiles:
+      - backup
+
+    volumes:
+      - gondulf_data:/data:ro  # Read-only access to data
+      - ./backups:/backups:Z   # Write backups to host
+
+    environment:
+      - BACKUP_DIR=/backups
+      - DATABASE_PATH=/data/gondulf.db
+
+    networks:
+      - gondulf_network
+
+    # Run backup command
+    entrypoint: ["/bin/sh", "-c"]
+    command:
+      - |
+        set -e
+        echo "Starting database backup..."
+        TIMESTAMP=$$(date +%Y%m%d_%H%M%S)
+        BACKUP_FILE="/backups/gondulf_backup_$${TIMESTAMP}.db"
+
+        # Use SQLite VACUUM INTO for safe hot backup
+        sqlite3 /data/gondulf.db "VACUUM INTO '$${BACKUP_FILE}'"
+
+        # Verify backup integrity
+        if sqlite3 "$${BACKUP_FILE}" "PRAGMA integrity_check;" | grep -q "ok"; then
+          echo "Backup created successfully: $${BACKUP_FILE}"
+
+          # Compress backup
+          gzip "$${BACKUP_FILE}"
+          echo "Backup compressed: $${BACKUP_FILE}.gz"
+
+          # Show backup size
+          ls -lh "$${BACKUP_FILE}.gz"
+        else
+          echo "ERROR: Backup integrity check failed"
+          rm -f "$${BACKUP_FILE}"
+          exit 1
+        fi
+
+        echo "Backup complete"
+
+volumes:
+  gondulf_data:
+    external: true  # Use existing volume from main compose
+
+networks:
+  gondulf_network:
+    external: true  # Use existing network from main compose