added support for local certificate
This commit is contained in:
parent
739abde77a
commit
657ea56d3d
2 changed files with 122 additions and 34 deletions
|
@ -1,34 +1,72 @@
|
|||
#! /bin/bash
|
||||
|
||||
function init-file-repo() {
|
||||
restic -r ${RESTIC_REPOSITORY}/files -v init
|
||||
local command="restic -r ${RESTIC_REPOSITORY}/files -v init"
|
||||
|
||||
if [ -z ${CERTIFICATE_FILE} ];
|
||||
then
|
||||
${command} --cacert ${CERTIFICATE_FILE}
|
||||
else
|
||||
${command}
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
# First arg is the directory, second is optional for the path to a certificate file
|
||||
function backup-directory() {
|
||||
local directory="$1"; shift
|
||||
|
||||
restic -v -r ${RESTIC_REPOSITORY}/files unlock --cleanup-cache
|
||||
local command-unlock="restic -v -r ${RESTIC_REPOSITORY}/files unlock --cleanup-cache"
|
||||
local command-backup="cd ${directory} && restic -v -r ${RESTIC_REPOSITORY}/files backup ."
|
||||
local command-forget="restic -v -r ${RESTIC_REPOSITORY}/files forget --keep-last 1 --keep-within ${RESTIC_DAYS_TO_KEEP}d --prune"
|
||||
|
||||
cd ${directory} && restic -v -r ${RESTIC_REPOSITORY}/files backup .
|
||||
|
||||
restic -v -r ${RESTIC_REPOSITORY}/files forget --keep-last 1 --keep-within ${RESTIC_DAYS_TO_KEEP}d --prune
|
||||
if [ -z ${CERTIFICATE_FILE} ];
|
||||
then
|
||||
${command-unlock} --cacert ${CERTIFICATE_FILE}
|
||||
${command-backup} --cacert ${CERTIFICATE_FILE}
|
||||
${command-forget} --cacert ${CERTIFICATE_FILE}
|
||||
else
|
||||
${command-unlock}
|
||||
${command-backup}
|
||||
${command-forget}
|
||||
fi
|
||||
}
|
||||
|
||||
# First arg is the directory, the remaining args are the sub-directories (relative to the first directory) to backup.
|
||||
function backup-fs-from-directory() {
|
||||
local directory="$1"; shift
|
||||
|
||||
restic -v -r ${RESTIC_REPOSITORY}/files unlock --cleanup-cache
|
||||
|
||||
cd ${directory} && restic -v -r ${RESTIC_REPOSITORY}/files backup $@
|
||||
|
||||
restic -v -r ${RESTIC_REPOSITORY}/files forget --keep-last 1 --keep-within ${RESTIC_DAYS_TO_KEEP}d --prune
|
||||
local command-unlock="restic -v -r ${RESTIC_REPOSITORY}/files unlock --cleanup-cache"
|
||||
local command-backup="cd ${directory} && restic -v -r ${RESTIC_REPOSITORY}/files backup $@"
|
||||
local command-forget="restic -v -r ${RESTIC_REPOSITORY}/files forget --keep-last 1 --keep-within ${RESTIC_DAYS_TO_KEEP}d --prune"
|
||||
|
||||
if [ -z ${CERTIFICATE_FILE} ];
|
||||
then
|
||||
${command-unlock} --cacert ${CERTIFICATE_FILE}
|
||||
${command-backup} --cacert ${CERTIFICATE_FILE}
|
||||
${command-forget} --cacert ${CERTIFICATE_FILE}
|
||||
else
|
||||
${command-unlock}
|
||||
${command-backup}
|
||||
${command-forget}
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
function restore-directory() {
|
||||
local directory="$1"; shift
|
||||
|
||||
restic -v -r ${RESTIC_REPOSITORY}/files unlock --cleanup-cache
|
||||
local command-unlock="restic -v -r ${RESTIC_REPOSITORY}/files unlock --cleanup-cache"
|
||||
local command-restore="restic -v -r $RESTIC_REPOSITORY/files restore latest --target ${directory}"
|
||||
|
||||
rm -rf ${directory}*
|
||||
restic -v -r $RESTIC_REPOSITORY/files restore latest --target ${directory}
|
||||
if [ -z ${CERTIFICATE_FILE} ];
|
||||
then
|
||||
${command-unlock} --cacert ${CERTIFICATE_FILE}
|
||||
rm -rf ${directory}*
|
||||
${command-restore} --cacert ${CERTIFICATE_FILE}
|
||||
else
|
||||
${command-unlock}
|
||||
rm -rf ${directory}*
|
||||
${command-restore}
|
||||
fi
|
||||
|
||||
}
|
|
@ -1,9 +1,25 @@
|
|||
function init-role-repo() {
|
||||
restic -r ${RESTIC_REPOSITORY}/pg-role -v init
|
||||
|
||||
local command="restic -r ${RESTIC_REPOSITORY}/pg-role -v init"
|
||||
|
||||
if [ -z ${CERTIFICATE_FILE} ];
|
||||
then
|
||||
${command} --cacert ${CERTIFICATE_FILE}
|
||||
else
|
||||
${command}
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
function init-database-repo() {
|
||||
restic -r ${RESTIC_REPOSITORY}/pg-database -v init
|
||||
local command="restic -r ${RESTIC_REPOSITORY}/pg-database -v init"
|
||||
|
||||
if [ -z ${CERTIFICATE_FILE} ];
|
||||
then
|
||||
${command} --cacert ${CERTIFICATE_FILE}
|
||||
else
|
||||
${command}
|
||||
fi
|
||||
}
|
||||
|
||||
function drop-create-db() {
|
||||
|
@ -24,37 +40,71 @@ function create-pg-pass() {
|
|||
function backup-roles() {
|
||||
local role_prefix="$1"; shift
|
||||
|
||||
restic -v -r ${RESTIC_REPOSITORY}/pg-role unlock --cleanup-cache
|
||||
|
||||
pg_dumpall -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} -U${POSTGRES_USER} --no-password --roles-only | \
|
||||
local command-unlock="restic -v -r ${RESTIC_REPOSITORY}/pg-role unlock --cleanup-cache"
|
||||
local command-pg-dump="pg_dumpall -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} -U${POSTGRES_USER} --no-password --roles-only | \
|
||||
grep "${role_prefix}" | \
|
||||
restic -r ${RESTIC_REPOSITORY}/pg-role backup --stdin
|
||||
restic -r ${RESTIC_REPOSITORY}/pg-role backup --stdin"
|
||||
local command-forget="restic -v -r ${RESTIC_REPOSITORY}/pg-role forget --keep-last 1 --keep-within ${RESTIC_DAYS_TO_KEEP}d --prune"
|
||||
|
||||
restic -v -r ${RESTIC_REPOSITORY}/pg-role forget --keep-last 1 --keep-within ${RESTIC_DAYS_TO_KEEP}d --prune
|
||||
if [ -z ${CERTIFICATE_FILE} ];
|
||||
then
|
||||
${command-unlock} --cacert ${CERTIFICATE_FILE}
|
||||
${command-pg-dump} --cacert ${CERTIFICATE_FILE}
|
||||
${command-forget} --cacert ${CERTIFICATE_FILE}
|
||||
else
|
||||
${command-unlock}
|
||||
${command-pg-dump}
|
||||
${command-forget}
|
||||
fi
|
||||
}
|
||||
|
||||
function backup-db-dump() {
|
||||
restic -v -r ${RESTIC_REPOSITORY}/pg-database unlock --cleanup-cache
|
||||
|
||||
pg_dump -d ${POSTGRES_DB} -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} \
|
||||
local command-unlock="restic -v -r ${RESTIC_REPOSITORY}/pg-database unlock --cleanup-cache"
|
||||
local command-pg-dump="pg_dump -d ${POSTGRES_DB} -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} \
|
||||
-U ${POSTGRES_USER} --no-password --serializable-deferrable | \
|
||||
restic -r ${RESTIC_REPOSITORY}/pg-database backup --stdin
|
||||
restic -r ${RESTIC_REPOSITORY}/pg-database backup --stdin"
|
||||
local command-forget="restic -v -r ${RESTIC_REPOSITORY}/pg-database forget --keep-last 1 --keep-within ${RESTIC_DAYS_TO_KEEP}d --prune"
|
||||
|
||||
restic -v -r ${RESTIC_REPOSITORY}/pg-database forget --keep-last 1 --keep-within ${RESTIC_DAYS_TO_KEEP}d --prune
|
||||
if [ -z ${CERTIFICATE_FILE} ];
|
||||
then
|
||||
${command-unlock} --cacert ${CERTIFICATE_FILE}
|
||||
${command-pg-dump} --cacert ${CERTIFICATE_FILE}
|
||||
${command-forget} --cacert ${CERTIFICATE_FILE}
|
||||
else
|
||||
${command-unlock}
|
||||
${command-pg-dump}
|
||||
${command-forget}
|
||||
fi
|
||||
}
|
||||
|
||||
function restore-roles() {
|
||||
restic -v -r ${RESTIC_REPOSITORY}/pg-role unlock --cleanup-cache
|
||||
|
||||
restic -r ${RESTIC_REPOSITORY}/pg-role dump latest stdin | \
|
||||
local command-unlock="restic -v -r ${RESTIC_REPOSITORY}/pg-role unlock --cleanup-cache"
|
||||
local command-pg-dump="restic -r ${RESTIC_REPOSITORY}/pg-role dump latest stdin | \
|
||||
psql -d template1 -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} -U ${POSTGRES_USER} \
|
||||
--no-password
|
||||
--no-password"
|
||||
|
||||
if [ -z ${CERTIFICATE_FILE} ];
|
||||
then
|
||||
${command-unlock} --cacert ${CERTIFICATE_FILE}
|
||||
${command-pg-dump} --cacert ${CERTIFICATE_FILE}
|
||||
else
|
||||
${command-unlock}
|
||||
${command-pg-dump}
|
||||
fi
|
||||
}
|
||||
|
||||
function restore-db() {
|
||||
restic -v -r ${RESTIC_REPOSITORY}/pg-database unlock --cleanup-cache
|
||||
|
||||
restic -r ${RESTIC_REPOSITORY}/pg-database dump latest stdin | \
|
||||
local command-unlock="restic -v -r ${RESTIC_REPOSITORY}/pg-database unlock --cleanup-cache"
|
||||
local command-pg-dump="restic -r ${RESTIC_REPOSITORY}/pg-database dump latest stdin | \
|
||||
psql -d ${POSTGRES_DB} -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} -U ${POSTGRES_USER} \
|
||||
--no-password
|
||||
--no-password"
|
||||
|
||||
if [ -z ${CERTIFICATE_FILE} ];
|
||||
then
|
||||
${command-unlock} --cacert ${CERTIFICATE_FILE}
|
||||
${command-pg-dump} --cacert ${CERTIFICATE_FILE}
|
||||
else
|
||||
${command-unlock}
|
||||
${command-pg-dump}
|
||||
fi
|
||||
}
|
Loading…
Reference in a new issue