feat: add embedded systemd installer and Prometheus metrics

Systemd Integration: - New 'dbbackup install' command creates service/timer units - Supports single-database and cluster backup modes - Automatic dbbackup user/group creation with proper permissions - Hardened service units with security features - Template units with configurable OnCalendar schedules - 'dbbackup uninstall' for clean removal Prometheus Metrics: - 'dbbackup metrics export' for textfile collector format - 'dbbackup metrics serve' runs HTTP exporter on port 9399 - Metrics: last_success_timestamp, rpo_seconds, backup_total, etc. - Integration with node_exporter textfile collector - --with-metrics flag during install Technical: - Systemd templates embedded with //go:embed - Service units include ReadWritePaths, OOMScoreAdjust - Metrics exporter caches with 30s TTL - Graceful shutdown on SIGTERM
2026-01-07 11:18:09 +01:00
parent 120ee33e3b
commit 7e32a0369d
12 changed files with 1641 additions and 0 deletions
--- a/internal/installer/templates/dbbackup-exporter.service
+++ b/internal/installer/templates/dbbackup-exporter.service
@@ -0,0 +1,37 @@
+[Unit]
+Description=DBBackup Prometheus Metrics Exporter
+Documentation=https://github.com/PlusOne/dbbackup
+After=network-online.target
+
+[Service]
+Type=simple
+User={{.User}}
+Group={{.Group}}
+
+# Security hardening
+NoNewPrivileges=yes
+ProtectSystem=strict
+ProtectHome=yes
+PrivateTmp=yes
+ProtectKernelTunables=yes
+ProtectKernelModules=yes
+ProtectControlGroups=yes
+RestrictSUIDSGID=yes
+RestrictRealtime=yes
+LockPersonality=yes
+RemoveIPC=yes
+
+# Read-only access to catalog and backups
+ReadOnlyPaths=/var/lib/dbbackup
+
+# Network for HTTP server
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+
+# Execution
+ExecStart={{.BinaryPath}} metrics serve --port {{.MetricsPort}} --config {{.ConfigPath}}
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=on-failure
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target