cleanup & unify scripts

This commit is contained in:
jem 2020-12-12 16:02:24 +01:00
parent ad3977a95a
commit 1f6cf968f0
7 changed files with 100 additions and 26 deletions

View file

@ -2,9 +2,25 @@
set -o pipefail
# backup database dump
pg_dump -d $(cat ${POSTGRES_DB_FILE}) -h $POSTGRES_SERVICE -p $POSTGRES_PORT -U $(cat ${POSTGRES_USER_FILE}) --no-password --serializable-deferrable --clean --no-privileges | \
restic -r $RESTIC_REPOSITORY/db backup --stdin
function main() {
file_env AWS_ACCESS_KEY_ID
file_env AWS_SECRET_ACCESS_KEY
# backup nextcloud filesystem
restic -r $RESTIC_REPOSITORY/files backup /var/backups/
file_env POSTGRES_DB
file_env POSTGRES_PASSWORD
file_env POSTGRES_USER
file_env RESTIC_PASSWORD_FILE
# backup database dump
pg_dump -d ${POSTGRES_DB} -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} \
-U ${POSTGRES_USER_FILE} --no-password --serializable-deferrable \
--clean --no-privileges | \
restic -r ${RESTIC_REPOSITORY}/db backup --stdin
# backup nextcloud filesystem
restic -r ${RESTIC_REPOSITORY}/files backup /var/backups/
}
source /usr/local/lib/funtions.sh
main

View file

@ -1,10 +1,19 @@
#!/bin/bash
echo "${POSTGRES_HOST}:$(cat ${POSTGRES_DB_FILE}):$(cat ${POSTGRES_USER_FILE}):$(cat ${POSTGRES_PASSWORD_FILE})" > /root/.pgpass
echo "${POSTGRES_HOST}:template1:$(cat ${POSTGRES_USER_FILE}):$(cat ${POSTGRES_PASSWORD_FILE})" >> /root/.pgpass
chmod 0600 /root/.pgpass
function main() {
file_env POSTGRES_DB
file_env POSTGRES_PASSWORD
file_env POSTGRES_USER
# Idle process
while true; do
sleep 500000
done
echo "${POSTGRES_HOST}:${POSTGRES_DB}:${POSTGRES_USER}:${POSTGRES_PASSWORD}" > /root/.pgpass
echo "${POSTGRES_HOST}:template1:${POSTGRES_USER}:${POSTGRES_PASSWORD}" >> /root/.pgpass
chmod 0600 /root/.pgpass
# Idle process
while true; do
sleep 500000
done
}
source /usr/local/lib/funtions.sh
main

View file

@ -0,0 +1,21 @@
# usage: file_env VAR [DEFAULT]
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
function file_env() {
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
exit 1
fi
local val="$def"
if [ "${!var:-}" ]; then
val="${!var}"
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
export "$var"="$val"
unset "$fileVar"
}

View file

@ -1,4 +1,14 @@
#!/bin/bash
restic -r $RESTIC_REPOSITORY/db --verbose init
restic -r $RESTIC_REPOSITORY/files --verbose init
function main() {
file_env AWS_ACCESS_KEY_ID
file_env AWS_SECRET_ACCESS_KEY
file_env RESTIC_PASSWORD_FILE
restic -r ${RESTIC_REPOSITORY}/db --verbose init
restic -r ${RESTIC_REPOSITORY}/files --verbose init
}
source /usr/local/lib/funtions.sh
main

View file

@ -11,6 +11,9 @@ apt-get -qqy install wget postgresql-client-13 restic > /dev/null;
update-ca-certificates
install -m 0700 /tmp/entrypoint.sh /
install -m 0400 /tmp/functions.sh /usr/local/lib/
install -m 0700 /tmp/init.sh /usr/local/bin/
install -m 0700 /tmp/backup.sh /usr/local/bin/
install -m 0700 /tmp/restore.sh /usr/local/bin/

View file

@ -1,16 +1,30 @@
#!/bin/bash
# Restore Nextcloud Filesystem
# TODO: describe input params
# Reads restore snapshot_ID from first CLI Argument
restic -r $RESTIC_REPOSITORY/files restore latest --target /var/backups/
function main() {
file_env AWS_ACCESS_KEY_ID
file_env AWS_SECRET_ACCESS_KEY
file_env POSTGRES_DB
file_env POSTGRES_PASSWORD
file_env POSTGRES_USER
file_env RESTIC_PASSWORD_FILE
# files
restic -r $RESTIC_REPOSITORY/files restore latest --target /var/backups/
# db
psql -d template1 -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} -U ${POSTGRES_USER} \
--no-password -c "DROP DATABASE \"${POSTGRES_DB}\";"
psql -d template1 -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} -U ${POSTGRES_USER} \
--no-password -c "CREATE DATABASE \"${POSTGRES_DB}\";"
restic -r ${RESTIC_REPOSITORY}/db restore latest --target test-stdin
psql -d ${POSTGRES_DB} -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} -U ${POSTGRES_USER} \
--no-password < test-stdin/stdin
}
source /usr/local/lib/funtions.sh
main
# Delete DB
psql -d template1 -h $POSTGRES_SERVICE -p $POSTGRES_PORT -U $(cat ${POSTGRES_USER_FILE}) --no-password -c "DROP DATABASE \"cloud\";"
# Create DB again
psql -d template1 -h $POSTGRES_SERVICE -p $POSTGRES_PORT -U $(cat ${POSTGRES_USER_FILE}) --no-password -c "CREATE DATABASE \"cloud\";"
# create folder from db backup
restic -r $RESTIC_REPOSITORY/db restore latest --target test-stdin
# read folder and restore db entries
psql -d $(cat ${POSTGRES_DB_FILE}) -h $POSTGRES_SERVICE -p $POSTGRES_PORT -U $(cat ${POSTGRES_USER_FILE}) --no-password < test-stdin/stdin

View file

@ -1,6 +1,7 @@
{:package [{:name "restic"}
{:name "postgresql-client-13"}]
:file [{:path "/entrypoint.sh" :mod "700"}
{:path "/usr/local/lib/functions.sh" :mod "400"}
{:path "/usr/local/bin/init.sh" :mod "700"}
{:path "/usr/local/bin/backup.sh" :mod "700"}
{:path "/usr/local/bin/restore.sh" :mod "700"}]}