Revert "feat: Backup Secrets #28"

This reverts commit 2838a36d43f44f80aa76095863f463d6aae57403.

backupbot.py

@@ -50,41 +50,6 @@ def export_secrets():
             with open(os.environ[env]) as file:
                 os.environ[env.removesuffix('_FILE')] = file.read()
 
-@cli.command(help='Attach all secrets to the backupbot container, this can result in a container restart')
-def attach_secrets():
-    client = docker.from_env()
-    services = client.services.list()
-    apps = []
-    secrets = []
-    secret_ids = []
-    # Get all Apps that aktivate backups
-    for s in services:
-        labels = s.attrs['Spec']['Labels']
-        if (backup := labels.get('backupbot.backup')) and bool(backup):
-            apps.append(labels['com.docker.stack.namespace'])
-    # Get all Secrets for these Apps
-    for s in services:
-        labels = s.attrs['Spec']['Labels']
-        if labels['com.docker.stack.namespace'] in apps:
-            if app_secs:= s.attrs['Spec']['TaskTemplate']['ContainerSpec'].get('Secrets'):
-                for sec in app_secs:
-                    if sec['SecretID'] not in secret_ids:
-                        # Move Secret Targets to SecretName to avoid conflicts
-                        secret_ids.append(sec['SecretID'])
-                        sec['File']['Name'] = sec['SecretName']
-                        secrets.append(sec)
-    backupbot_service = client.services.get(os.environ['STACK_NAME']+"_app")
-    # Append the backupbot secrets
-    backupbot_secrets = backupbot_service.attrs['Spec']['TaskTemplate']['ContainerSpec']['Secrets']
-    for sec in backupbot_secrets:
-        if os.environ['STACK_NAME'] in sec['SecretName']:
-            secrets.append(sec)
-    new_sec_ids = set(map(lambda s: s['SecretID'], secrets))
-    old_sec_ids = set(map(lambda s: s['SecretID'], backupbot_secrets))
-    if new_sec_ids.difference(old_sec_ids):
-        logging.warning("Backupbot will restart to update the secrets")
-    backupbot_service.update(secrets=secrets)
-
 @cli.command()
 def create():
     pre_commands, post_commands, backup_paths, apps = get_backup_cmds()
@@ -113,12 +78,8 @@ def get_backup_cmds():
                 pre_commands[container] = prehook
             if posthook:= labels.get('backupbot.backup.post-hook'):
                 post_commands[container] = posthook
-            # Backup volumes
             backup_paths = backup_paths.union(
                 Path(VOLUME_PATH).glob(f"{stack_name}_*"))
-            # Backup secrets
-            backup_paths = backup_paths.union(
-                Path('/var/run/secrets').glob(f"{stack_name}_*"))
     return pre_commands, post_commands, list(backup_paths), list(backup_apps)
 
 def run_commands(commands):
@@ -184,7 +145,6 @@ def list_files(snapshot, path):
 @click.option('snapshot', '--snapshot', '-s', envvar='SNAPSHOT', default='latest')
 @click.option('path', '--path', '-p', envvar='INCLUDE_PATH')
 def download(snapshot, path):
-    path = path.removesuffix('/')
     files = list_files(snapshot, path)
     filetype = [f.get('type') for f in files if f.get('path') == path][0]
     cmd = restic.cat.base_command() + ['dump', snapshot, path]

entrypoint.sh

@@ -5,15 +5,13 @@ set -e -o pipefail
 apk add --upgrade --no-cache \
     restic=0.15.2-r3 \
     bash=5.2.15-r5 \
+    restic=0.15.2-r2 \
     python3=3.11.5-r0 \
     py3-pip=23.1.2-r0
 
 # Todo use requirements file with specific versions
 pip install click==8.1.7 docker==6.1.3 resticpy==1.0.2
 
-# Attach secrets to backupbot
-backup attach-secrets
-
 if [ -n "$SSH_HOST_KEY" ]
 then
     echo "$SSH_HOST_KEY" > /root/.ssh/known_hosts