diff --git a/infrastructure/backup/image/resources/init-bb.bb b/infrastructure/backup/image/resources/init-bb.bb index af0856c..aa09429 100755 --- a/infrastructure/backup/image/resources/init-bb.bb +++ b/infrastructure/backup/image/resources/init-bb.bb @@ -1,3 +1,42 @@ #!/usr/bin/env bb -(println "initialized") +(require '[babashka.tasks :as tasks] + '[dda.backup.cred-rot :as cr] + '[dda.backup.restic :as rc] + '[dda.backup.postgresql :as pg]) + +(def restic-repo {:password-file "restic-pwd" + :restic-repository "restic-repo"}) + +(def file-config (merge restic-repo {:backup-path "files" + :files ["test-backup"] + :restore-target-directory "test-restore"})) + +(def db-config (merge restic-repo {:backup-path "db" + :pg-db "mydb" + :pg-user "user" + :pg-password "password"})) + +(def cred-config (merge restic-repo {:new-password-file "new-pw-file"})) + +(def dry-run {:dry-run true :debug true}) + +(defn prepare! + [] + (spit "/tmp/file_password" "file-password") + (spit "restic-pwd" "ThePassword") + (tasks/shell "mkdir" "-p" "test-backup") + (spit "test-backup/file" "I was here") + (spit "new-pw-file" "newpassword") + (tasks/shell "mkdir" "-p" "test-restore") + (pg/create-pg-pass! db-config)) + +(defn restic-repo-init! + [] + (rc/init! restic-repo)) + +(prepare!) +(restic-repo-init!) +(cr/list-passwords! cred-config) +(cr/maybe-add-new! cred-config) +(cr/list-passwords! cred-config) \ No newline at end of file diff --git a/infrastructure/backup/image/resources/install.sh b/infrastructure/backup/image/resources/install.sh index 559ad1a..d31a042 100755 --- a/infrastructure/backup/image/resources/install.sh +++ b/infrastructure/backup/image/resources/install.sh @@ -18,12 +18,12 @@ function main() { apt-get install -qqy ca-certificates curl gnupg postgresql-client-16 restic openjdk-21-jre-headless nano curl -Ss --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor | tee /etc/apt/trusted.gpg.d/postgresql-common_pgdg_archive_keyring.gpg sh -c 'echo "deb [signed-by=/etc/apt/trusted.gpg.d/postgresql-common_pgdg_archive_keyring.gpg] https://apt.postgresql.org/pub/repos/apt jammy-pgdg main" > /etc/apt/sources.list.d/pgdg.list' - upgradeSystem babashka_install } > /dev/null update-ca-certificates install -m 0700 -o root -g root /tmp/init-bb.bb /usr/local/bin/ + install -m 0600 -o root -g root /tmp/bb.edn /usr/local/bin/ cleanupDocker } diff --git a/src/dda/backup/cred_rot.clj b/src/dda/backup/cred_rot.clj index 761def0..8f6e6f5 100644 --- a/src/dda/backup/cred_rot.clj +++ b/src/dda/backup/cred_rot.clj @@ -2,7 +2,8 @@ (:require [orchestra.core :refer [defn-spec]] [clojure.spec.alpha :as s] - [dda.backup.cred-rot.domain :as domain])) + [dda.backup.cred-rot.domain :as domain] + [dda.backup.infrastructure :as i])) (s/def ::new-password-file string?) @@ -14,8 +15,13 @@ (defn-spec maybe-add-new! nil? [config ::cred-rot] - (when-let [{:keys [new-password-file]} config] - (domain/add-new-password! new-password-file))) + (let [{:keys [new-password-file]} config] + (if (not (nil? new-password-file)) + (i/execute! (domain/add-password-command config) config)))) + +(defn-spec list-passwords! nil? + [config ::cred-rot] + (i/execute! (domain/list-passwords-command config) config)) (defn-spec replace-old-password! nil? [] diff --git a/src/dda/backup/cred_rot/domain.clj b/src/dda/backup/cred_rot/domain.clj index 631d176..1d92599 100644 --- a/src/dda/backup/cred_rot/domain.clj +++ b/src/dda/backup/cred_rot/domain.clj @@ -57,15 +57,15 @@ (defn-spec list-passwords-command ::cd/command [config ::config] - (base-command config ["key" "list" "--json"])) + [(base-command config ["key" "list" "--json"])]) (defn-spec add-password-command ::cd/command [config ::config] (let [{:keys [new-password-file]} config] - (base-command config ["key" "add" "--new-password-file" new-password-file]))) + [(base-command config ["key" "add" "--new-password-file" new-password-file])])) (defn-spec remove-password-command ::cd/command [config ::config new-id ::id old-id ::id] - (base-command config ["key" "remove" "--key-hint" new-id old-id])) + [(base-command config ["key" "remove" "--key-hint" new-id old-id])])