What's Currently Being Backed Up
Quick reference for everything covered (and not covered) by the backup infrastructure on cajita-elite.
Databasement — Database Backups
Databasement runs scheduled database dumps via SSH tunnels from cajita-elite into LXCs. Each database server is registered in Databasement's web UI with connection details and backup schedule.
Retention: GFS (7 daily, 4 weekly, 12 monthly). Configured per backup job in Databasement.
Notifications: Ntfy webhook on success/failure to the backups topic.
PostgreSQL — Daily at 2:00am
| Source | LXC | Dump method |
|---|---|---|
| Paperless PostgreSQL | 124 | pg_dump via SSH tunnel |
| MediaManager PostgreSQL | 113 | pg_dump via SSH tunnel to mediabot docker postgres (bound on 127.0.0.1:5432) |
MariaDB — Daily at 2:00am
| Source | LXC | Dump method |
|---|---|---|
| all-might MariaDB (Grimmory + RomM) | 116 | mariadb-dump via SSH tunnel |
SQLite — Daily at 2:00am
Databasement copies SQLite files via SFTP. All databases must be on bind-mounted host paths (not Docker named volumes).
| Source | LXC | Host path |
|---|---|---|
| Forgejo | 100 | /var/lib/forgejo/db/forgejo.db |
| Matrix/Synapse | 121 | /opt/matrix/data/homeserver.db |
| PocketID | 123 | Host filesystem |
| N8N | 120 | /opt/n8n/data/database.sqlite |
| Jellyfin | 114 | /opt/jellyfin/config/data/jellyfin.db |
| Open-WebUI | 122 | /opt/open-webui/data/webui.db |
| Shoko | 116 | /opt/shoko/config/Shoko.db |
| Karakeep | 117 | /opt/karakeep/data/*.db |
| ArchiveBox | 128 | /opt/archivebox/data/index.sqlite3 |
Backrest — File/Config/Vault Backups
Backrest runs restic snapshots for files that Databasement doesn't cover: Vault raft snapshots, app configs, and the Databasement dump output itself.
Retention: 7 daily, 4 weekly, 2 monthly. Repo prune runs weekly Sunday 6am. Integrity check runs monthly.
vault-snapshot — Daily at 2:15am
| Source | LXC | Method |
|---|---|---|
| Vault raft storage | 106 | Vault HTTP API from cajita-elite (GET /v1/sys/storage/raft/snapshot) |
Uses the Vault token at /opt/backrest/.vault-token on cajita-elite, deployed by the backrest playbook.
app-configs — Daily at 2:20am
| Source | LXC/Host | What's collected |
|---|---|---|
| Caddy | 105 | /opt/caddy/Caddyfile |
| Forgejo | 100 | /etc/forgejo/app.ini |
| Proxmox | chizuru | /etc/pve/storage.cfg, all LXC configs |
databasement-dumps — Daily at 2:30am
| Source | Host | What's collected |
|---|---|---|
| Databasement data | cajita-elite | /opt/databasement/data (all DB dumps + Databasement's own SQLite DB) |
immich-media — Daily at 3:00am
| Source | Host | What's collected |
|---|---|---|
| Immich photos/videos | chizuru (urahara) | /mnt/pve/urahara/immich/ rsync'd to cajita-elite |
archivebox-archives — Daily at 3:30am
| Source | Host | What's collected |
|---|---|---|
| ArchiveBox archived pages | chizuru (urahara) | /mnt/pve/urahara/archivebox/archive/ rsync'd to cajita-elite |
PBS — Whole LXC Snapshots
PBS takes block-level, deduplicated snapshots of each LXC's rootfs (OS, Docker volumes, configs, databases). Bind-mounted media is not included — it lives on host disks outside the ZFS pools.
Retention: 7 daily, 4 weekly, 2 monthly. Prune runs daily at 5am, GC runs Saturday 3am.
Critical — Nightly at 4:00am
| LXC | Service | What's in the snapshot |
|---|---|---|
| 100 | Forgejo | Git repos, Forgejo DB (sqlite), app config |
| 105 | Caddy | Caddyfile, TLS certs, reverse proxy config |
| 106 | Vault | Raft storage (all secrets), Vault config |
| 108 | Observability | Grafana dashboards, Prometheus TSDB, Loki chunks |
| 119 | Infra-apps | Gatus config/DB, Ntfy cache, Glance config, OAuth2 proxies |
| 120 | Automation | N8N workflows + credentials (sqlite), Docker volumes |
| 123 | Auth | PocketID config + DB (sqlite), OIDC client data |
| 124 | Paperless | Paperless DB (postgres), OCR data, Docker volumes |
Non-critical — Weekly Monday at 4:00am
| LXC | Service | What's in the snapshot |
|---|---|---|
| 101 | Forgejo runner | Runner binary + registration, Ansible, SSH keys |
| 102 | FileDump | FileBrowser config (data is on bind mount, excluded) |
| 104 | Homebridge | Homebridge config + accessories |
| 107 | Ollama | Ollama binary + config (models are on urahara bind mount, excluded) |
| 109 | Minecraft | PaperMC server, world data, plugins |
| 110 | dlbox | Dual Gluetun VPN configs, qBittorrent configs, Samba config |
| 113 | Mediabot | MediaManager app + DB (docker postgres), qBittorrent, Jackett, Prowlarr configs |
| 114 | Jellyfin | Jellyfin DB (sqlite), metadata, config (media excluded) |
| 115 | NetBird | NetBird server config, management DB |
| 116 | all-might | MariaDB data, Grimmory/RomM/Shoko configs (media excluded) |
| 117 | Karakeep | Karakeep config, Meilisearch index |
| 118 | Tools | code-server config, The Lounge data, qbitwebui |
| 121 | Matrix | Synapse DB (sqlite), media store, config |
| 122 | AI | Open WebUI DB (sqlite), config |
Not Backed Up (by design)
These are excluded from PBS, Databasement, and Backrest. They are backed up to the 18TB external drive manually when plugged in.
| Data | Host disk | Mount | Size | Reason |
|---|---|---|---|---|
| unohana (Grimmory, RomM, Shoko media) | sdc (4TB) | /mnt/all-might |
~4TB | Too large for PBS; media is re-obtainable |
| seedbox (torrent downloads) | sdb (2TB) | /mnt/seedbox |
~2TB | Re-downloadable |
| filedump (general storage) | sda (12TB) | /mnt/filedump |
~12TB | Too large for PBS |
| urahara assets (Karakeep, Paperless media, Ollama models) | sdd (2TB) | /mnt/pve/urahara |
~2TB | Bulk data, not critical |
Timeline (daily)
2:00am Databasement: all DB dumps (PostgreSQL, MariaDB, SQLite)
2:15am Backrest: vault-snapshot (Vault API)
2:20am Backrest: app-configs (SSH collection)
2:30am Backrest: databasement-dumps (restic snapshot of dump output)
3:00am PBS: garbage collection (Saturdays only)
4:00am PBS: critical LXC snapshots (nightly)
4:00am PBS: non-critical LXC snapshots (Mondays only)
5:00am PBS: prune (enforce retention)
6:00am Backrest: repo prune (Sundays only)
7:00am Backrest: repo integrity check (1st of month only)