Goal
Rewrite config/hermes/opt/hermes/scripts/system_restore.sh to restore Docker-format backups produced by the rewritten `system_backup.sh` (#219).
Required changes vs legacy
The legacy script does `cd / && tar -xvzf ` — extracts to the host filesystem root. This must not happen on a Docker host — would clobber unrelated host state with the contents of the tarball (which contained `/etc`, `/var/www/html`, etc.).
| Legacy behavior |
Docker rewrite |
| `cd / && tar -xvzf` |
Extract to a staging area, then `rsync` into the install root and the configured mount points based on backup scope |
| `mysql -u root < db.sql` |
`cat /tmp/db.sql | docker exec -i hermes_db_server mariadb -u root -p... ` for each DB in the backup |
| `chown amavis:amavis /etc/postfix/relay_domains`, etc. |
Permission fixes happen inside containers (`docker exec`) since the user accounts now live there, not on the host |
| Hardcoded paths |
Read both backup's topology (from `backup_manifest.json` inside the tarball) and current install's topology (from `.hermes_install_config`); map between them or refuse if incompatible |
Topology mismatch handling
A backup taken on a system with one mount layout might be restored onto a system with a different layout. Three cases:
| Backup topology |
Target topology |
Behavior |
| Identical |
Identical |
Restore in place |
Subset (backup is system only, target has all 3 tiers) |
|
Restore the system tier, leave vmail/nextcloud as-is on target |
| Different mount paths but same tiers |
|
Map at restore time using target's .hermes_install_config paths; print summary of mappings before applying |
| Tier missing in target (backup has nextcloud, target has no nextcloud volume) |
|
Refuse with clear error — operator needs to set up the missing tier first |
Container restart strategy
After restore:
- Restart
hermes_db_server (so DBs reload cleanly)
- Restart
hermes_postfix_dkim, hermes_dovecot, hermes_mail_filter (config files may have changed)
- Restart
hermes_commandbox (CFML may have changed)
- Skip wholesale
docker compose down/up — leaves nginx/authelia up so admin UI stays reachable during restore
Depends on
Goal
Rewrite config/hermes/opt/hermes/scripts/system_restore.sh to restore Docker-format backups produced by the rewritten `system_backup.sh` (#219).
Required changes vs legacy
The legacy script does `cd / && tar -xvzf ` — extracts to the host filesystem root. This must not happen on a Docker host — would clobber unrelated host state with the contents of the tarball (which contained `/etc`, `/var/www/html`, etc.).
Topology mismatch handling
A backup taken on a system with one mount layout might be restored onto a system with a different layout. Three cases:
systemonly, target has all 3 tiers).hermes_install_configpaths; print summary of mappings before applyingContainer restart strategy
After restore:
hermes_db_server(so DBs reload cleanly)hermes_postfix_dkim,hermes_dovecot,hermes_mail_filter(config files may have changed)hermes_commandbox(CFML may have changed)docker compose down/up— leaves nginx/authelia up so admin UI stays reachable during restoreDepends on