From 8873e441c29bb844afb24463575383d2fe1f7232 Mon Sep 17 00:00:00 2001
From: Alvis <alvis@logins.net>
Date: Sun, 8 Mar 2026 13:44:11 +0000
Subject: [PATCH] Add Vaultwarden backup script with Zabbix monitoring

- backup.sh: runs every 3 days via root crontab, uses built-in container
  backup command, copies db/config/rsa_key to /mnt/backups/vaultwarden,
  keeps last 5 backups, notifies Zabbix item vaultwarden.backup.ts (id 70368)
- Zabbix trigger fires if no backup received in 4 days

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 vaultwarden/backup.sh | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100755 vaultwarden/backup.sh

diff --git a/vaultwarden/backup.sh b/vaultwarden/backup.sh
new file mode 100755
index 0000000..9111132
--- /dev/null
+++ b/vaultwarden/backup.sh
@@ -0,0 +1,41 @@
+#!/bin/bash
+# Vaultwarden backup — uses built-in container backup command (safe with live DB).
+# Runs every 3 days via root crontab. Keeps last 5 backups.
+# Notifies Zabbix (item vaultwarden.backup.ts, id 70368 on AgapHost) after success.
+
+set -euo pipefail
+
+BACKUP_DIR="/mnt/backups/vaultwarden"
+DATA_DIR="/mnt/ssd/dbs/vw-data"
+DATE=$(date '+%Y%m%d-%H%M')
+DEST="$BACKUP_DIR/$DATE"
+
+mkdir -p "$DEST"
+
+# Run built-in backup inside container — writes db_<timestamp>.sqlite3 to /data/ on the host
+docker exec vaultwarden /vaultwarden backup 2>&1
+
+# Move the newly created sqlite3 backup file out of the data dir
+find "$DATA_DIR" -maxdepth 1 -name 'db_*.sqlite3' -newer "$DATA_DIR/db.sqlite3" | xargs -r mv -t "$DEST/"
+
+# Copy config and RSA keys
+cp "$DATA_DIR/config.json" "$DEST/"
+cp "$DATA_DIR"/rsa_key* "$DEST/"
+[ -d "$DATA_DIR/attachments" ] && cp -r "$DATA_DIR/attachments" "$DEST/"
+[ -d "$DATA_DIR/sends" ]       && cp -r "$DATA_DIR/sends"       "$DEST/"
+
+echo "$(date): Backup complete: $DEST"
+ls "$DEST/"
+
+# Notify Zabbix (token stored in /root/.zabbix_token)
+if [[ -f /root/.zabbix_token ]]; then
+  ZABBIX_TOKEN=$(cat /root/.zabbix_token)
+  curl -s -X POST http://localhost:81/api_jsonrpc.php \
+    -H "Content-Type: application/json" \
+    -H "Authorization: Bearer $ZABBIX_TOKEN" \
+    -d "{\"jsonrpc\":\"2.0\",\"method\":\"history.push\",\"id\":1,\"params\":{\"itemid\":\"70368\",\"value\":\"$(date '+%Y-%m-%d %H:%M')\"}}" > /dev/null \
+    && echo "Zabbix notified."
+fi
+
+# Rotate: keep last 5 backups
+ls -1dt "$BACKUP_DIR"/[0-9]*-[0-9]* 2>/dev/null | tail -n +6 | xargs -r rm -rf