chore: publish 2.4.0+2.4.0 release

Reviewed-on: #81

.drone.yml

@@ -5,9 +5,9 @@ steps:
   - name: publish image
     image: plugins/docker
     settings:
-      username: 3wordchant
+      username: abra-bot
       password:
-        from_secret: git_coopcloud_tech_token_3wc
+        from_secret: git_coopcloud_tech_token_abra_bot
       repo: git.coopcloud.tech/coop-cloud/backup-bot-two
       tags: ${DRONE_SEMVER_BUILD}
       registry: git.coopcloud.tech

.env.sample

@@ -4,6 +4,8 @@ SECRET_RESTIC_PASSWORD_VERSION=v1
 
 COMPOSE_FILE=compose.yml
 
+#TIMEOUT=
+
 RESTIC_REPOSITORY=/backups/restic
 
 CRON_SCHEDULE='30 3 * * *'
@@ -38,10 +40,3 @@ CRON_SCHEDULE='30 3 * * *'
 # it overwrites the RESTIC_REPOSITORY variable
 #SECRET_RESTIC_REPO_VERSION=v1
 #COMPOSE_FILE="$COMPOSE_FILE:compose.secret.yml"
-
-# Restic exporter - prometheus metrics
-#COMPOSE_FILE="$COMPOSE_FILE:compose.exporter.yml"
-#LETS_ENCRYPT_ENV=production
-#REFRESH_INTERVAL=86400 # once per day, be cautious with small numbers, as this can create traffic
-#METRICS_DOMAIN=backup.example.com
-#TIMEZONE=Europe/Berlin

Dockerfile

@@ -1,11 +1,10 @@
-FROM docker:24.0.7-dind
+FROM docker:29.3.1-dind
 
 RUN apk add --upgrade --no-cache restic bash python3 py3-pip py3-click py3-docker-py py3-json-logger curl
 
-# Todo use requirements file with specific versions
-RUN pip install --break-system-packages resticpy==1.0.2
+RUN pip install --break-system-packages resticpy==1.3.0
 
 COPY backupbot.py /usr/bin/backup
 COPY entrypoint.sh /entrypoint.sh
 
-ENTRYPOINT /entrypoint.sh
+ENTRYPOINT ["/entrypoint.sh"]

README.md

@@ -79,10 +79,8 @@ Add the key to your `authorized_keys`:
 `ssh-copy-id -i backupkey <user>@<hostname>`
 Add your `SSH_KEY` as docker secret:
 ```
-abra app secret insert <backupbot_name> ssh_key v1 """$(cat backupkey)
-"""
+cat backupkey | abra app secret insert <backupbot_name> ssh_key v1
 ```
-> Attention: This command needs to be executed exactly as stated above, because it places a trailing newline at the end, if this is missing you will get the following error: `Load key "/run/secrets/ssh_key": error in libcrypto`
 
 ### Restic REST server Storage
 

abra.sh

@@ -1,6 +1,6 @@
 export SSH_CONFIG_VERSION=v1
 export ENTRYPOINT_VERSION=v17
-export CRONJOB_VERSION=v2
+export CRONJOB_VERSION=v3
 
 run_cron () {
     schedule="$(crontab -l | tr -s " " | cut -d ' ' -f-5)"

compose.exporter.yml

@@ -1,48 +0,0 @@
----
-version: "3.8"
-
-services:
-  restic-exporter:
-    image: ngosang/restic-exporter:2.0.2
-    environment:
-      - TZ=${TIMEZONE}
-      - RESTIC_REPOSITORY
-      - RESTIC_PASSWORD_FILE=/run/secrets/restic_password
-      - REFRESH_INTERVAL
-      - METRICS_DOMAIN
-    volumes:
-      - data:/data
-      - cache:/root/.cache/restic
-    secrets:
-      - restic_password
-    configs:
-      - source: entrypoint
-        target: /entrypoint.sh
-        mode: 666
-    entrypoint: /entrypoint.sh
-    command: /usr/local/bin/python -u /app/exporter.py
-    networks:
-      - proxy
-    deploy:
-      labels:
-        - "traefik.enable=true"
-        - "traefik.http.services.${STACK_NAME}-metrics.loadbalancer.server.port=8001"
-        - "traefik.http.routers.${STACK_NAME}-metrics.rule=Host(`${METRICS_DOMAIN}`)"
-        - "traefik.http.routers.${STACK_NAME}-metrics.entrypoints=web-secure"
-        - "traefik.http.routers.${STACK_NAME}-metrics.tls=true"
-        - "traefik.http.routers.${STACK_NAME}-metrics.tls.certresolver=${LETS_ENCRYPT_ENV}"
-        - "traefik.http.routers.${STACK_NAME}-metrics.middlewares=basicauth@file"
-    healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost:8001/metrics"]
-      interval: 1m
-      timeout: 10s
-      retries: 60
-      start_period: 1m
-
-volumes:
-  cache:
-  data:
-
-networks:
-  proxy:
-    external: true

compose.ssh.yml

@@ -1,34 +1,16 @@
 ---
 version: "3.8"
-
-x-ssh_env: &ssh_env
-  - SSH_KEY_FILE=/run/secrets/ssh_key
-  - SSH_HOST_KEY
-
-x-ssh_secrets: &ssh_secrets
-  - source: ssh_key
-    mode: 0400
-
-x-ssh_configs: &ssh_configs
-  - source: ssh_config
-    target: /root/.ssh/config
-
 services:
   app:
     environment:
-      *ssh_env
+      - SSH_KEY_FILE=/run/secrets/ssh_key
+      - SSH_HOST_KEY
     secrets:
-      *ssh_secrets
+      - source: ssh_key
+        mode: 0400
     configs:
-      *ssh_configs
-
-  restic-exporter:
-    environment:
-      *ssh_env
-    secrets:
-      *ssh_secrets
-    configs:
-      *ssh_configs
+      - source: ssh_config
+        target: /root/.ssh/config
 
 secrets:
   ssh_key:

compose.yml

@@ -2,7 +2,7 @@
 version: "3.8"
 services:
   app:
-    image: git.coopcloud.tech/coop-cloud/backup-bot-two:2.3.0-beta
+    image: git.coopcloud.tech/coop-cloud/backup-bot-two:2.4.0
     volumes:
       - "/var/run/docker.sock:/var/run/docker.sock"
       - "/var/lib/docker/volumes/:/var/lib/docker/volumes/"
@@ -23,8 +23,8 @@ services:
         mode: 666
     deploy:
       labels:
-        - coop-cloud.${STACK_NAME}.version=2.3.0+2.3.0-beta
-        - coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-300}
+        - coop-cloud.${STACK_NAME}.version=2.4.0+2.4.0
+        - coop-cloud.${STACK_NAME}.timeout=${TIMEOUT}
         - coop-cloud.backupbot.enabled=true
     #entrypoint: ['tail', '-f','/dev/null']
     healthcheck:

cronjob.sh

@@ -4,7 +4,7 @@ set -e
 
 CURL_OPTS="-s"
 # Check for basic auth
-if [ -n "$(cat /run/secrets/push_basicauth)" ]
+if [ -s /run/secrets/push_basicauth ]
 then
     CURL_OPTS="$CURL_OPTS -u $(cat /run/secrets/push_basicauth)"
 fi
@@ -32,7 +32,8 @@ else
 fi
 
 eval "$push_start_notification"
-if [ "$(backup --machine-logs create  2>&1 | tee /tmp/backup.log && (grep -q 'backup finished' /tmp/backup.log))" ]
+backup --machine-logs create 2>&1 | tee /tmp/backup.log
+if grep -q 'backup finished' /tmp/backup.log
 then
     eval "$push_success_notification"
 else

entrypoint.sh

@@ -2,25 +2,14 @@
 
 set -e
 
-echo "executing entrypoint.sh..."
-
 if [ -n "$SSH_HOST_KEY" ]
 then
-    echo "setting ssh known hosts"
     echo "$SSH_HOST_KEY" > /root/.ssh/known_hosts
 fi
 
-if [ -n "$CRON_SCHEDULE" ]
-then
-    echo "setting up cronjob..."
-    cron_schedule="${CRON_SCHEDULE:?CRON_SCHEDULE not set}"
+cron_schedule="${CRON_SCHEDULE:?CRON_SCHEDULE not set}"
 
-    echo "$cron_schedule /cronjob.sh" | crontab -
-    crontab -l
+echo "$cron_schedule /cronjob.sh" | crontab -
+crontab -l
 
-    crond -f -d8 -L /dev/stdout
-else
-    # startup for exporter
-    apk --no-cache add curl
-    exec /sbin/tini -- "$@"
-fi
+crond -f -d8 -L /dev/stdout