From ed76e6164bc3e23e155f95b6006482073e1f13fd Mon Sep 17 00:00:00 2001 From: 3wc <3wc@doesthisthing.work> Date: Tue, 9 Nov 2021 12:37:56 +0200 Subject: [PATCH] Work-in-progress: split S3 & SSH storage --- .env.sample | 13 +++++++++++++ Dockerfile | 9 +++++---- backup.sh | 3 +++ compose.s3.yml | 14 ++++++++++++++ compose.ssh.yml | 13 +++++++++++++ compose.yml | 12 +++++++++--- 6 files changed, 57 insertions(+), 7 deletions(-) create mode 100644 .env.sample create mode 100644 compose.s3.yml create mode 100644 compose.ssh.yml diff --git a/.env.sample b/.env.sample new file mode 100644 index 0000000..dc90698 --- /dev/null +++ b/.env.sample @@ -0,0 +1,13 @@ +TYPE=backup-bot-two + +SECRET_RESTIC_PASSWORD_VERSION=v1 + +COMPOSE_FILE=compose.yml + +# SSH storage +#SECRET_SSH_KEY_VERSION=v1 +#COMPOSE_FILE="$COMPOSE_FILE:compose.ssh.yml" + +# S3 storage +#SECRET_AWS_SECRET_ACCESS_KEY_VERSION=v1 +#COMPOSE_FILE="$COMPOSE_FILE:compose.s3.yml" diff --git a/Dockerfile b/Dockerfile index 8e76a61..10e10ae 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,12 +3,13 @@ FROM docker:19.03.13-dind RUN apk add --upgrade --no-cache \ bash \ curl \ + jq \ restic -RUN curl -L https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 --output /usr/bin/jq -RUN chmod +x /usr/bin/jq - COPY backup.sh /usr/bin/backup.sh RUN chmod +x /usr/bin/backup.sh -ENTRYPOINT ["/usr/bin/backup.sh"] +RUN echo "* * * * * /usr/bin/backup.sh" | crontab - +RUN crontab -l + +ENTRYPOINT ["crond", "-f", "-L", "/dev/stdout"] diff --git a/backup.sh b/backup.sh index 246e47d..db675e6 100755 --- a/backup.sh +++ b/backup.sh @@ -11,6 +11,9 @@ restic_repo="sftp:$restic_sftp_host:/$server_name" backup_path="${BACKUP_DEST:?BACKUP_DEST not set}" if [ -n "$SERVICES_OVERRIDE" ]; then + # this is fine because docker service names should never include spaces or + # glob characters + # shellcheck disable=SC2206 services=($SERVICES_OVERRIDE) else mapfile -t services < <(docker service ls --format '{{ .Name }}') diff --git a/compose.s3.yml b/compose.s3.yml new file mode 100644 index 0000000..25a8bfb --- /dev/null +++ b/compose.s3.yml @@ -0,0 +1,14 @@ +--- +version: "3.8" +services: + app: + environment: + - AWS_ACCESS_KEY_ID + - AWS_SECRET_ACCESS_KEY_FILE=/run/secrets/aws_secret_access_key + secrets: + - aws_secret_access_key + +secrets: + aws_secret_access_key: + external: true + name: ${STACK_NAME}_aws_secret_access_key_${SECRET_AWS_SECRET_ACCESS_KEY_VERSION} diff --git a/compose.ssh.yml b/compose.ssh.yml new file mode 100644 index 0000000..9667101 --- /dev/null +++ b/compose.ssh.yml @@ -0,0 +1,13 @@ +--- +version: "3.8" +services: + app: + environment: + - SSH_KEY_FILE=/run/secrets/ssh_key + secrets: + - ssh_key + +secrets: + ssh_key: + external: true + name: ${STACK_NAME}_ssh_key_${SECRET_SSH_KEY_VERSION} diff --git a/compose.yml b/compose.yml index b45a723..21b0c5e 100644 --- a/compose.yml +++ b/compose.yml @@ -3,6 +3,7 @@ version: "3.8" services: app: image: thecoopcloud/backup-bot-two:latest + build: . volumes: - "/var/run/docker.sock:/var/run/docker.sock" - "backups:/backups" @@ -19,12 +20,17 @@ services: replicas: 0 labels: - "swarm.cronjob.enable=true" - # Note(3wc): every minute, testing + # Note(3wc): every 5m, testing - "swarm.cronjob.schedule=*/5 * * * *" - # - "swarm.cronjob.schedule=0 9 * * 1-5" # office hours - - coop-cloud.${STACK_NAME}.app.version=24.98.9-slim-d3db1c25 + # Note(3wc): blank label to be picked up by `abra recipe sync` + - coop-cloud.${STACK_NAME}.app.version= restart_policy: condition: none volumes: backups: + +secrets: + restic_password: + external: true + name: ${STACK_NAME}_restic_password_${SECRET_RESTIC_PASSWORD_VERSION}