diff --git a/type/__borg/manifest b/type/__borg/manifest new file mode 100644 index 0000000..82e4d5a --- /dev/null +++ b/type/__borg/manifest @@ -0,0 +1,29 @@ +#!/bin/sh + +os=$(cat "${__global:?}/explorer/os") +case "$os" in + alpine|ubuntu|debian) + __package borgbackup + __package borgbackup + ;; + *) + echo "This type does not support $os. Exiting." >&2 + exit 1 + ;; +esac + +repository=$(cat "$__object/parameter/repository") +if [ -f "$__object/parameter/exclude" ]; then + excludes=$(cat "$__object/parameter/exclude") +else + excludes="/sys /proc /dev /run" +fi + +for path in $excludes; do + exclude_fragment="$exclude_fragment --exclude $path" +done +unknown_repo_warning_fragment="BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=yes" + +borg_command="sh -c \"$unknown_repo_warning_fragment borg create $exclude_fragment --stats $repository::daily-\\\$(date -I) /\"" + +require="__package/borgbackup" __cron daily-backup --user root --command "$borg_command" --hour 2 diff --git a/type/__borg/parameter/optional b/type/__borg/parameter/optional new file mode 100644 index 0000000..9ba870e --- /dev/null +++ b/type/__borg/parameter/optional @@ -0,0 +1 @@ +exclude diff --git a/type/__borg/parameter/required b/type/__borg/parameter/required new file mode 100644 index 0000000..09d06c8 --- /dev/null +++ b/type/__borg/parameter/required @@ -0,0 +1 @@ +repository diff --git a/type/__borg/singleton b/type/__borg/singleton new file mode 100644 index 0000000..e69de29 diff --git a/type/__borg_repo/gencode-remote b/type/__borg_repo/gencode-remote new file mode 100644 index 0000000..0993322 --- /dev/null +++ b/type/__borg_repo/gencode-remote @@ -0,0 +1,41 @@ +#!/bin/sh + +passphrase= +appendonly= + +case "$(cat "${__object:?}/parameter/encryption")" in + none) + enc=none + ;; + repokey) + enc=repokey + if [ -f "${__object:?}/parameter/passphrase" ]; + then + passphrase="$(cat "${__object:?}/parameter/passphrase")" + else + echo "__borg_repo cannot use repokey encryption with no passphrase. Aborting." >&2; + exit 1; + fi + ;; + *) + echo "$enc is not a known encryption mode for __borg_repo. Aborting." >&2 + exit 1; +esac + +if [ -f "${__object:?}/parameter/append-only" ]; +then + appendonly='--append-only' +fi + +if [ -f "${__object:?}/parameter/owner" ]; +then + doas="sudo -u '$(cat "${__object:?}/parameter/owner")'" +fi + +cat <<- EOF +set -x + if [ ! -d "/${__object_id:?}" ]; then + $doas BORG_NEW_PASSPHRASE=$passphrase borg init -e ${enc:?} $appendonly /${__object_id:?} + fi +EOF + diff --git a/type/__borg_repo/man.rst b/type/__borg_repo/man.rst new file mode 100644 index 0000000..dce3660 --- /dev/null +++ b/type/__borg_repo/man.rst @@ -0,0 +1,46 @@ +cdist-type__borg_repo(7) +======================== + +NAME +---- +cdist-type__borg_repo - Configure a borg repository on host + + +DESCRIPTION +----------- + +Initializes a borg repository at the location specified in the +`${__object_id}`. Nothing is done if the repository already exists. + +Currently, only `none` and `repokey` are supported as encryption modes; +`repokey` requires the `passphrase` argument to be given. The default is +`none`. + +REQUIRED PARAMETERS +------------------- +encryption + The encryption to use. + +OPTIONAL PARAMETERS +------------------- +passphrase + The passphrase to encrypt the keyfile with. + +owner + Remote user owning the repository. + +BOOLEAN PARAMETERS +------------------ +append-only + If the repository is append-only + +AUTHORS +------- +Joachim Desroches + +COPYING +------- +Copyright \(C) 2020 Joachim Desroches. You can redistribute it +and/or modify it under the terms of the GNU General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. diff --git a/type/__borg_repo/manifest b/type/__borg_repo/manifest new file mode 100644 index 0000000..968066d --- /dev/null +++ b/type/__borg_repo/manifest @@ -0,0 +1,19 @@ +#!/bin/sh + +os="$(cat "${__global:?}"/explorer/os)" + +case "$os" in + "alpine") + borg_package=borgbackup + ;; + *) + echo "__borg_repo is not yet implemented for os $os. Aborting." >&2; + exit 1; +esac + +__package "$borg_package" + +if [ -f "${__object:?}/parameter/owner" ]; +then + __package sudo +fi diff --git a/type/__borg_repo/parameter/boolean b/type/__borg_repo/parameter/boolean new file mode 100644 index 0000000..f8ee7c6 --- /dev/null +++ b/type/__borg_repo/parameter/boolean @@ -0,0 +1 @@ +append-only diff --git a/type/__borg_repo/parameter/default/encryption b/type/__borg_repo/parameter/default/encryption new file mode 100644 index 0000000..621e94f --- /dev/null +++ b/type/__borg_repo/parameter/default/encryption @@ -0,0 +1 @@ +none diff --git a/type/__borg_repo/parameter/optional b/type/__borg_repo/parameter/optional new file mode 100644 index 0000000..8e1ddfd --- /dev/null +++ b/type/__borg_repo/parameter/optional @@ -0,0 +1,2 @@ +passphrase +owner diff --git a/type/__borg_repo/parameter/required b/type/__borg_repo/parameter/required new file mode 100644 index 0000000..a5465f8 --- /dev/null +++ b/type/__borg_repo/parameter/required @@ -0,0 +1 @@ +encryption