# Backup Methodology

ayb is working on improving persistence and database streaming, which means that this methodology will change in the future.

The current backup system has two parts:
* Daily automatic backups of the hosted databases.
* Monthly manual off-site backups of the ayb database and the hosted databases.

## Automatic backups

A shell script (TODO(sofia): release script) is executed five times a day, this shell script does the following:
* Attempt to recursively backup hosted databases using a command like this: `sqlite3 username/database.db ".timeout 1000" ".backup bak/username/database-$(date +%s).db.bak"`.
* Delete backups older than 7 days.
* Delete backups older than 1 day and whose file size is bigger than 500MB.

## Off-site backups

Off-site backups include all of the hosted databases and the ayb database, which means that ayb needs to be taken down in order to close all of the connections.
A notice will be up three days prior at:
* [status.sofiaritz.com](https://status.sofiaritz.com)
* [ayb.sofiaritz.com](https://ayb.sofiaritz.com)

This notice will contain:
* The reason of the downtime (off-site backup).
* The expected downtime (1 to 2 hours).
* The time of the downtime in UTC.

When the time comes, the following is done:
* The instance is taken down.
* The `ayb_data` folder is tar-gzip-ed.
* The `ayb_data.tar.gz` file is encrypted using a public key.
* The encrypted backup is sent to my local machine.
* The encrypted backup is stored inside an external hard-drive.
    * This hard-drive is stored inside a safe.
    * The private key is stored inside another hard-drive located at another physical location.
* The encrypted backup in my local machine is deleted.
* The encrypted backup in the server is deleted.
* The tar-gzip-ed backup in the server is deleted.
* The instance is started.
* When everything is up and running, the notices are removed.

This will be partially automated in the future, right now this process is completely manual.