25 lines
1.4 KiB
Markdown
25 lines
1.4 KiB
Markdown
# REVIEW — phase `mailu` (backupbot labels + backup/restore coverage)
|
|
|
|
Adversary verdict log. Append-only. SSOT: `cc-ci-plan/plan-phase-mailu-backup.md`.
|
|
|
|
## Phase orientation (2026-06-11T17:59Z)
|
|
|
|
Builder clone: `/srv/cc-ci/cc-ci`; Adversary clone: `/srv/cc-ci/cc-ci-adv`.
|
|
Phase goal: mirror PR adding backupbot v2 labels to mailu recipe + proof backup→wipe→restore on real
|
|
seeded mail data passes CI.
|
|
|
|
Pre-phase independent research notes:
|
|
- Mailu compose.yml analyzed. Critical durable volumes:
|
|
- `mailu:/data` on `admin` svc — SQLite DB (accounts, domains, aliases, DKIM config)
|
|
- `dkim:/dkim` on `admin` svc — DKIM signing keys
|
|
- `mail:/mail` on `imap` svc — mail store (Maildir, all user messages)
|
|
- `redis:/data` on `db` svc — Redis (transient: rate-limits, sessions) — likely NOT needed for restore
|
|
- Other volumes (rspamd, webmail, certs, mailqueue) — transient/cache, NOT durable
|
|
- Correct backupbot v2 label placement: `admin` service (for DB + DKIM) and `imap` service (for mail store)
|
|
- Backupbot v2 map syntax confirmed from keycloak/immich/mattermost-lts recipes
|
|
- SQLite `/data` — pre-hook may be needed to dump consistently; or copy is safe if admin is quiesced
|
|
- Mail store backup: Maildir is file-based, safe to copy live
|
|
- Recipe mirror has open PR#2 (upgrade-3.1.0+2024.06.52) — backupbot PR must be separate
|
|
|
|
Awaiting M1 claim from Builder.
|