From 1f6cf968f013a43e5f8b95a713415f2401008cd4 Mon Sep 17 00:00:00 2001
From: jem <michael.jerger@meissa-gmbh.de>
Date: Sat, 12 Dec 2020 16:02:24 +0100
Subject: [PATCH] cleanup & unify scripts

---
 .../docker/image/resources/backup.sh          | 26 ++++++++++---
 .../docker/image/resources/entrypoint.sh      | 23 +++++++----
 .../docker/image/resources/functions.sh       | 21 ++++++++++
 infrastrucure/docker/image/resources/init.sh  | 14 ++++++-
 .../docker/image/resources/install.sh         |  3 ++
 .../docker/image/resources/restore.sh         | 38 +++++++++++++------
 infrastrucure/docker/test/serverspec.edn      |  1 +
 7 files changed, 100 insertions(+), 26 deletions(-)
 create mode 100644 infrastrucure/docker/image/resources/functions.sh

diff --git a/infrastrucure/docker/image/resources/backup.sh b/infrastrucure/docker/image/resources/backup.sh
index 4db63cc..04bfc80 100755
--- a/infrastrucure/docker/image/resources/backup.sh
+++ b/infrastrucure/docker/image/resources/backup.sh
@@ -2,9 +2,25 @@
 
 set -o pipefail
 
-# backup database dump
-pg_dump -d $(cat ${POSTGRES_DB_FILE}) -h  $POSTGRES_SERVICE -p $POSTGRES_PORT -U $(cat ${POSTGRES_USER_FILE}) --no-password --serializable-deferrable --clean --no-privileges | \
-restic -r $RESTIC_REPOSITORY/db backup --stdin
+function main() {
+    file_env AWS_ACCESS_KEY_ID
+    file_env AWS_SECRET_ACCESS_KEY
 
-# backup nextcloud filesystem
-restic -r $RESTIC_REPOSITORY/files backup /var/backups/
+    file_env POSTGRES_DB
+    file_env POSTGRES_PASSWORD
+    file_env POSTGRES_USER
+
+    file_env RESTIC_PASSWORD_FILE
+
+    # backup database dump
+    pg_dump -d ${POSTGRES_DB} -h  ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} \
+        -U ${POSTGRES_USER_FILE} --no-password --serializable-deferrable \
+        --clean --no-privileges | \
+        restic -r ${RESTIC_REPOSITORY}/db backup --stdin
+
+    # backup nextcloud filesystem
+    restic -r ${RESTIC_REPOSITORY}/files backup /var/backups/
+}
+
+source /usr/local/lib/funtions.sh
+main
diff --git a/infrastrucure/docker/image/resources/entrypoint.sh b/infrastrucure/docker/image/resources/entrypoint.sh
index 5473fec..eef6915 100755
--- a/infrastrucure/docker/image/resources/entrypoint.sh
+++ b/infrastrucure/docker/image/resources/entrypoint.sh
@@ -1,10 +1,19 @@
 #!/bin/bash
 
-echo "${POSTGRES_HOST}:$(cat ${POSTGRES_DB_FILE}):$(cat ${POSTGRES_USER_FILE}):$(cat ${POSTGRES_PASSWORD_FILE})" > /root/.pgpass
-echo "${POSTGRES_HOST}:template1:$(cat ${POSTGRES_USER_FILE}):$(cat ${POSTGRES_PASSWORD_FILE})" >> /root/.pgpass
-chmod 0600 /root/.pgpass
+function main() {
+    file_env POSTGRES_DB
+    file_env POSTGRES_PASSWORD
+    file_env POSTGRES_USER
 
-# Idle process
-while true; do 
-	sleep 500000
-done
\ No newline at end of file
+    echo "${POSTGRES_HOST}:${POSTGRES_DB}:${POSTGRES_USER}:${POSTGRES_PASSWORD}" > /root/.pgpass
+	echo "${POSTGRES_HOST}:template1:${POSTGRES_USER}:${POSTGRES_PASSWORD}" >> /root/.pgpass
+	chmod 0600 /root/.pgpass
+
+	# Idle process
+	while true; do 
+		sleep 500000
+	done
+}
+
+source /usr/local/lib/funtions.sh
+main
diff --git a/infrastrucure/docker/image/resources/functions.sh b/infrastrucure/docker/image/resources/functions.sh
new file mode 100644
index 0000000..a55b674
--- /dev/null
+++ b/infrastrucure/docker/image/resources/functions.sh
@@ -0,0 +1,21 @@
+# usage: file_env VAR [DEFAULT]
+#    ie: file_env 'XYZ_DB_PASSWORD' 'example'
+# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
+#  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
+function file_env() {
+  local var="$1"
+  local fileVar="${var}_FILE"
+  local def="${2:-}"
+  if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+    echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
+    exit 1
+  fi
+  local val="$def"
+  if [ "${!var:-}" ]; then
+    val="${!var}"
+  elif [ "${!fileVar:-}" ]; then
+    val="$(< "${!fileVar}")"
+  fi
+  export "$var"="$val"
+  unset "$fileVar"
+}
diff --git a/infrastrucure/docker/image/resources/init.sh b/infrastrucure/docker/image/resources/init.sh
index 8f619eb..ab51dc9 100755
--- a/infrastrucure/docker/image/resources/init.sh
+++ b/infrastrucure/docker/image/resources/init.sh
@@ -1,4 +1,14 @@
 #!/bin/bash
 
-restic -r $RESTIC_REPOSITORY/db --verbose init
-restic -r $RESTIC_REPOSITORY/files --verbose init
+function main() {
+    file_env AWS_ACCESS_KEY_ID
+    file_env AWS_SECRET_ACCESS_KEY
+
+    file_env RESTIC_PASSWORD_FILE
+
+    restic -r ${RESTIC_REPOSITORY}/db --verbose init
+    restic -r ${RESTIC_REPOSITORY}/files --verbose init
+}
+
+source /usr/local/lib/funtions.sh
+main
diff --git a/infrastrucure/docker/image/resources/install.sh b/infrastrucure/docker/image/resources/install.sh
index 83424e8..1256d3b 100755
--- a/infrastrucure/docker/image/resources/install.sh
+++ b/infrastrucure/docker/image/resources/install.sh
@@ -11,6 +11,9 @@ apt-get -qqy install wget postgresql-client-13 restic > /dev/null;
 update-ca-certificates
 
 install -m 0700 /tmp/entrypoint.sh /
+
+install -m 0400 /tmp/functions.sh /usr/local/lib/
+
 install -m 0700 /tmp/init.sh /usr/local/bin/
 install -m 0700 /tmp/backup.sh /usr/local/bin/
 install -m 0700 /tmp/restore.sh /usr/local/bin/
diff --git a/infrastrucure/docker/image/resources/restore.sh b/infrastrucure/docker/image/resources/restore.sh
index 94b20b0..9589219 100755
--- a/infrastrucure/docker/image/resources/restore.sh
+++ b/infrastrucure/docker/image/resources/restore.sh
@@ -1,16 +1,30 @@
 #!/bin/bash
 
-# Restore Nextcloud Filesystem
-# TODO: describe input params
 
-# Reads restore snapshot_ID from first CLI Argument
-restic -r $RESTIC_REPOSITORY/files restore latest --target /var/backups/
+function main() {
+    file_env AWS_ACCESS_KEY_ID
+    file_env AWS_SECRET_ACCESS_KEY
+
+    file_env POSTGRES_DB
+    file_env POSTGRES_PASSWORD
+    file_env POSTGRES_USER
+
+    file_env RESTIC_PASSWORD_FILE
+
+    # files
+    restic -r $RESTIC_REPOSITORY/files restore latest --target /var/backups/
+
+    # db
+    psql -d template1 -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} -U ${POSTGRES_USER} \
+        --no-password -c "DROP DATABASE \"${POSTGRES_DB}\";"
+    psql -d template1 -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} -U ${POSTGRES_USER} \
+        --no-password -c "CREATE DATABASE \"${POSTGRES_DB}\";"
+    restic -r ${RESTIC_REPOSITORY}/db restore latest --target test-stdin
+    psql -d ${POSTGRES_DB} -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} -U ${POSTGRES_USER} \
+        --no-password < test-stdin/stdin
+
+}
+
+source /usr/local/lib/funtions.sh
+main
 
-# Delete DB 
-psql -d template1 -h $POSTGRES_SERVICE -p $POSTGRES_PORT -U $(cat ${POSTGRES_USER_FILE}) --no-password -c "DROP DATABASE \"cloud\";"
-# Create DB again
-psql -d template1 -h $POSTGRES_SERVICE -p $POSTGRES_PORT -U $(cat ${POSTGRES_USER_FILE}) --no-password -c "CREATE DATABASE \"cloud\";"
-# create folder from db backup
-restic -r $RESTIC_REPOSITORY/db restore latest --target test-stdin
-# read folder and restore db entries
-psql -d $(cat ${POSTGRES_DB_FILE}) -h $POSTGRES_SERVICE -p $POSTGRES_PORT -U $(cat ${POSTGRES_USER_FILE}) --no-password < test-stdin/stdin
diff --git a/infrastrucure/docker/test/serverspec.edn b/infrastrucure/docker/test/serverspec.edn
index 81d4329..34f3270 100644
--- a/infrastrucure/docker/test/serverspec.edn
+++ b/infrastrucure/docker/test/serverspec.edn
@@ -1,6 +1,7 @@
 {:package [{:name "restic"}
            {:name "postgresql-client-13"}]
   :file [{:path "/entrypoint.sh" :mod "700"}
+         {:path "/usr/local/lib/functions.sh" :mod "400"}
          {:path "/usr/local/bin/init.sh" :mod "700"}
          {:path "/usr/local/bin/backup.sh" :mod "700"}
          {:path "/usr/local/bin/restore.sh" :mod "700"}]}