More progress towards S3/SSH

backup.sh

@@ -4,9 +4,37 @@ server_name="${SERVER_NAME:?SERVER_NAME not set}"
 
 restic_password_file="${RESTIC_PASSWORD_FILE:?RESTIC_PASSWORD_FILE not set}"
 
-restic_sftp_host="${RESTIC_SFTP_HOST:?RESTIC_SFTP_HOST not set}"
+restic_host="${RESTIC_HOST:?RESTIC_HOST not set}"
 
-restic_repo="sftp:$restic_sftp_host:/$server_name"
+ssh_key_file="${SSH_KEY_FILE}"
+s3_key_file="${AWS_SECRET_ACCESS_KEY_FILE}"
+
+restic_repo=
+restic_extra_options=
+
+if [ -n "$ssh_key_file" ] && [ -f "$ssh_key_file" ]; then
+	restic_repo="sftp:$restic_host:/$server_name"
+	restic_extra_options="sftp.command=ssh -i $ssh_key_file $restic_host -s sftp"
+fi
+
+if [ -n "$s3_key_file" ] && [ -f "$s3_key_file" ]; then
+	export "$AWS_SECRET_ACCESS_KEY"="$(cat "${s3_key_file}")"
+	restic_repo="s3:$restic_host:/$server_name"
+fi
+
+if [ -z "$restic_repo" ]; then
+	echo "You must configure either SFTP or S3 storage"
+	exit 1
+fi
+
+# Pre-bake-in some default restic options
+_restic() {
+	# shellcheck disable=SC2068
+	restic -p "$restic_password_file" \
+		--quiet -r "$restic_repo" \
+		"${restic_extra_options:+-o}" "$restic_extra_options" \
+		$@
+}
 
 backup_path="${BACKUP_DEST:?BACKUP_DEST not set}"
 
@@ -54,7 +82,10 @@ for service in "${services[@]}"; do
 	fi
 done
 
-restic -p "$restic_password_file" \
+# Check if restic repo exists
-	backup --quiet -r "$restic_repo" \
+if [ -z "$(_restic cat config)" ] 2>/dev/null; then
-	-o sftp.command="ssh $restic_sftp_host -s sftp" \
+	echo "initializing restic repo"
-	--tag coop-cloud "$backup_path"
+	_restic init
+fi
+
+_restic backup --tag coop-cloud "$backup_path"

compose.yml

@@ -11,6 +11,7 @@ services:
       - RESTIC_REPO
       - RESTIC_PASSWORD_FILE=/run/secrets/restic_password
       - BACKUP_DEST=/backups
+      - RESTIC_HOST
       - SERVER_NAME
     secrets:
       - restic_password