cleanup & unify scripts

infrastrucure/docker/image/resources/backup.sh

@@ -2,9 +2,25 @@
 
 set -o pipefail
 
-# backup database dump
+function main() {
-pg_dump -d $(cat ${POSTGRES_DB_FILE}) -h  $POSTGRES_SERVICE -p $POSTGRES_PORT -U $(cat ${POSTGRES_USER_FILE}) --no-password --serializable-deferrable --clean --no-privileges | \
+    file_env AWS_ACCESS_KEY_ID
-restic -r $RESTIC_REPOSITORY/db backup --stdin
+    file_env AWS_SECRET_ACCESS_KEY
 
-# backup nextcloud filesystem
+    file_env POSTGRES_DB
-restic -r $RESTIC_REPOSITORY/files backup /var/backups/
+    file_env POSTGRES_PASSWORD
+    file_env POSTGRES_USER
+
+    file_env RESTIC_PASSWORD_FILE
+
+    # backup database dump
+    pg_dump -d ${POSTGRES_DB} -h  ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} \
+        -U ${POSTGRES_USER_FILE} --no-password --serializable-deferrable \
+        --clean --no-privileges | \
+        restic -r ${RESTIC_REPOSITORY}/db backup --stdin
+
+    # backup nextcloud filesystem
+    restic -r ${RESTIC_REPOSITORY}/files backup /var/backups/
+}
+
+source /usr/local/lib/funtions.sh
+main

infrastrucure/docker/image/resources/entrypoint.sh

@@ -1,10 +1,19 @@
 #!/bin/bash
 
-echo "${POSTGRES_HOST}:$(cat ${POSTGRES_DB_FILE}):$(cat ${POSTGRES_USER_FILE}):$(cat ${POSTGRES_PASSWORD_FILE})" > /root/.pgpass
+function main() {
-echo "${POSTGRES_HOST}:template1:$(cat ${POSTGRES_USER_FILE}):$(cat ${POSTGRES_PASSWORD_FILE})" >> /root/.pgpass
+    file_env POSTGRES_DB
-chmod 0600 /root/.pgpass
+    file_env POSTGRES_PASSWORD
+    file_env POSTGRES_USER
 
-# Idle process
+    echo "${POSTGRES_HOST}:${POSTGRES_DB}:${POSTGRES_USER}:${POSTGRES_PASSWORD}" > /root/.pgpass
-while true; do 
+	echo "${POSTGRES_HOST}:template1:${POSTGRES_USER}:${POSTGRES_PASSWORD}" >> /root/.pgpass
-	sleep 500000
+	chmod 0600 /root/.pgpass
-done
+
+	# Idle process
+	while true; do 
+		sleep 500000
+	done
+}
+
+source /usr/local/lib/funtions.sh
+main

infrastrucure/docker/image/resources/functions.sh

@@ -0,0 +1,21 @@
+# usage: file_env VAR [DEFAULT]
+#    ie: file_env 'XYZ_DB_PASSWORD' 'example'
+# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
+#  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
+function file_env() {
+  local var="$1"
+  local fileVar="${var}_FILE"
+  local def="${2:-}"
+  if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+    echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
+    exit 1
+  fi
+  local val="$def"
+  if [ "${!var:-}" ]; then
+    val="${!var}"
+  elif [ "${!fileVar:-}" ]; then
+    val="$(< "${!fileVar}")"
+  fi
+  export "$var"="$val"
+  unset "$fileVar"
+}

infrastrucure/docker/image/resources/init.sh

@@ -1,4 +1,14 @@
 #!/bin/bash
 
-restic -r $RESTIC_REPOSITORY/db --verbose init
+function main() {
-restic -r $RESTIC_REPOSITORY/files --verbose init
+    file_env AWS_ACCESS_KEY_ID
+    file_env AWS_SECRET_ACCESS_KEY
+
+    file_env RESTIC_PASSWORD_FILE
+
+    restic -r ${RESTIC_REPOSITORY}/db --verbose init
+    restic -r ${RESTIC_REPOSITORY}/files --verbose init
+}
+
+source /usr/local/lib/funtions.sh
+main

infrastrucure/docker/image/resources/install.sh

@@ -11,6 +11,9 @@ apt-get -qqy install wget postgresql-client-13 restic > /dev/null;
 update-ca-certificates
 
 install -m 0700 /tmp/entrypoint.sh /
+
+install -m 0400 /tmp/functions.sh /usr/local/lib/
+
 install -m 0700 /tmp/init.sh /usr/local/bin/
 install -m 0700 /tmp/backup.sh /usr/local/bin/
 install -m 0700 /tmp/restore.sh /usr/local/bin/

infrastrucure/docker/image/resources/restore.sh

@@ -1,16 +1,30 @@
 #!/bin/bash
 
-# Restore Nextcloud Filesystem
-# TODO: describe input params
 
-# Reads restore snapshot_ID from first CLI Argument
+function main() {
-restic -r $RESTIC_REPOSITORY/files restore latest --target /var/backups/
+    file_env AWS_ACCESS_KEY_ID
+    file_env AWS_SECRET_ACCESS_KEY
+
+    file_env POSTGRES_DB
+    file_env POSTGRES_PASSWORD
+    file_env POSTGRES_USER
+
+    file_env RESTIC_PASSWORD_FILE
+
+    # files
+    restic -r $RESTIC_REPOSITORY/files restore latest --target /var/backups/
+
+    # db
+    psql -d template1 -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} -U ${POSTGRES_USER} \
+        --no-password -c "DROP DATABASE \"${POSTGRES_DB}\";"
+    psql -d template1 -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} -U ${POSTGRES_USER} \
+        --no-password -c "CREATE DATABASE \"${POSTGRES_DB}\";"
+    restic -r ${RESTIC_REPOSITORY}/db restore latest --target test-stdin
+    psql -d ${POSTGRES_DB} -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} -U ${POSTGRES_USER} \
+        --no-password < test-stdin/stdin
+
+}
+
+source /usr/local/lib/funtions.sh
+main
 
-# Delete DB 
-psql -d template1 -h $POSTGRES_SERVICE -p $POSTGRES_PORT -U $(cat ${POSTGRES_USER_FILE}) --no-password -c "DROP DATABASE \"cloud\";"
-# Create DB again
-psql -d template1 -h $POSTGRES_SERVICE -p $POSTGRES_PORT -U $(cat ${POSTGRES_USER_FILE}) --no-password -c "CREATE DATABASE \"cloud\";"
-# create folder from db backup
-restic -r $RESTIC_REPOSITORY/db restore latest --target test-stdin
-# read folder and restore db entries
-psql -d $(cat ${POSTGRES_DB_FILE}) -h $POSTGRES_SERVICE -p $POSTGRES_PORT -U $(cat ${POSTGRES_USER_FILE}) --no-password < test-stdin/stdin

infrastrucure/docker/test/serverspec.edn

@@ -1,6 +1,7 @@
 {:package [{:name "restic"}
            {:name "postgresql-client-13"}]
   :file [{:path "/entrypoint.sh" :mod "700"}
+         {:path "/usr/local/lib/functions.sh" :mod "400"}
          {:path "/usr/local/bin/init.sh" :mod "700"}
          {:path "/usr/local/bin/backup.sh" :mod "700"}
          {:path "/usr/local/bin/restore.sh" :mod "700"}]}