vps/manage.py

#!/usr/bin/python3

import os, sys, re
import filecmp
from glob import glob
from mako.template import Template
from pathlib import Path
import subprocess
import yaml


def backupProj(project):
    database = None
    paths = []
    sqlite_db = None

    if project == 'postgres':
        database = 'all'
    elif project in secrets['postgres'].keys():
        database = project

    if project in env['backup'].keys():
        for path in env['backup'][project]:
            paths += [path]

    if project in env['backup_sqlite'].keys():
        sqlite_db = env['backup_sqlite'][project]

    if database is not None or sqlite_db is not None or len(paths) > 0:
        print(f"Running backup for project {project}.")

        if len(paths) == 0:
            borgCreate(project, database=database, sqlite_db=sqlite_db)
        else:
            borgCreate(project, path=paths[0], database=database, sqlite_db=sqlite_db)

        for path in paths[1:]:
            archiveName = re.sub('/', '-', path)
            borgCreate(f"{project}-{archiveName}", path=path)


def borgCreate(name, path=None, database=None, sqlite_db=None):
    if path is None and database is None and sqlite_db is None:
        print(f"Cannot create backup, you must pass at least one parameter amongst: path, database, database_path (archive name = {name}).", file=sys.stderr)
        return 1

    borgPaths = []

    if path is not None:
        absPath = Path(path).absolute()

        parentDir = absPath.parent.absolute()
        os.chdir(parentDir)

        borgPaths += [absPath.relative_to(parentDir)]

        borgInput = None

    if database is not None:
        print(f"Dumping database {database}.")

        if database == 'all':
            dumpProc = subprocess.run(["podman", "exec", "postgres", "pg_dumpall"], capture_output=True, text=True)
        else:
            dumpProc = subprocess.run(["podman", "exec", "postgres", "pg_dump", "-c", database], capture_output=True, text=True)

        if dumpProc.returncode != 0:
            print(f"Failed to dump database {database}.", file=sys.stderr)
            return 1

        borgPaths += ["-", "--stdin-name", f"{database}.sql"]

        borgInput = dumpProc.stdout

    if sqlite_db is not None:
        print(f"Dumping SQLite database {sqlite_db}.")

        sqlite_args = ["podman", "run", "--rm", "-v", f"{sqlite_db}:/db.sqlite", "docker.io/library/alpine:latest", "sh", "-c", "apk add sqlite &>/dev/null; sqlite3 /db.sqlite .dump"]
        dumpProc = subprocess.run(sqlite_args, capture_output=True, text=True)

        if dumpProc.returncode != 0:
            print(f"Failed to dump SQLite database {sqlite_db}.", file=sys.stderr)
            return 1

        database = Path(sqlite_db).stem

        borgPaths += ["-", "--stdin-name", f"{database}.sqlite"]

        borgInput = dumpProc.stdout

    if path is None:
        print(f"Creating archive '{name}' from database {database}.")
    elif database is None:
        print(f"Creating archive '{name}' from path {path}.")
    else:
        print(f"Creating archive '{name}' from database {database} and path {absPath}.")

    borgArgs = ["create", "--compression=lzma", f"{env['borg_repo']}::{name}_{{utcnow}}"]
    runBorg(borgArgs + borgPaths, input=borgInput)

    os.chdir(os.path.realpath(sys.path[0]))

    print(f"Pruning archives '{name}_*'.")
    runBorg(["prune", "--glob-archives", f"{name}_*"] + env['borg_prune_opts'] + [env['borg_repo']])


def getImageId (image):
    return runPodman("image", ["inspect", "--format", "{{.Id}}", image]).stdout.strip()


def getUid(service):
    if service in env['users'].keys() and env['users'][service] != 0:
        return env['users'][service] + env['uid_shift']
    else:
        return env['podman_uid']


def pullProj(project):
    print(f"Pulling images for project {project}.")
    
    with open(f"projects/{project}/compose.yaml.rendered", 'r') as composefile:
        images = re.findall('(?<=image:\\s).+', composefile.read())

    pulledImages = []
    for image in images:
        currentId = getImageId(image)
        if re.search('^localhost/', image):
            runPodman("compose", ["-f", f"projects/{project}/compose.yaml.rendered", "build", "--pull"])
        else:
            runPodman("pull", image)
        pulledId = getImageId(image)
        if currentId != pulledId:
            pulledImages += image
            print(f"Pulled new version of image {image}.")
        else:
            print(f"No update available for image {image}.")

    return pulledImages


def renderFile(templateFile):
    print(f"Rendering file {templateFile}.")

    renderedFilename = re.sub('\\.mako$', '.rendered', templateFile)

    template = Template(filename=templateFile)

    outputFile = open(renderedFilename, "w")
    outputFile.write(template.render(env=env, secrets=secrets))
    outputFile.close()


def runBorg(args, input=None):
    if isinstance(args, str):
        args = args.split(' ')

    borgEnv = {"BORG_PASSPHRASE": secrets['borg']}
    proc = subprocess.run(["borg"] + args, input=input, capture_output=True, text=True, env=borgEnv)

    stderr = proc.stderr.strip()
    if stderr != '':
        print(stderr, file=sys.stderr)

    return proc


def runPodman(cmd, args):
    if isinstance(args, str):
        args = args.split(' ')

    if cmd == 'compose':
        runArgs = ["podman-compose"] + args
    else:
        runArgs = ["podman", cmd] + args

    if env['rootless']:
        proc = subprocess.run(runArgs, capture_output=True, text=True)
        stderr = proc.stderr.strip()
    else:
        proc = runSudo(runArgs)
        stderr = proc.stderr.read().strip()

    if stderr != '':
        print(stderr, file=sys.stderr)

    return proc


def runSudo(args):
    if isinstance(args, str):
        args = args.split(' ')

    child = subprocess.Popen(["sudo"] + args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True)

    if re.search('^\\[sudo\\] password for .+', child.stdout.read().strip()):
        child.communicate(input=input().encode())[0]

    child.wait()

    stderr = child.stderr.read().strip()
    if stderr != '':
        print(stderr, file=sys.stderr)

    return child


def setCertPerms(service):
    dirs = ["/etc/letsencrypt", "/etc/letsencrypt/live", "/etc/letsencrypt/archive"]

    pkeyFile = env['certs'][service]['pkey']   

    domain_dir = re.search('.+(?=\\/.+$)', pkeyFile).group(0)
    dirs += [domain_dir, re.sub('live', 'archive', domain_dir)]

    for path in dirs:
        setOwner(path, 0, env['podman_uid'])
        setPerms(path, 711)

    setOwner(pkeyFile, 0, getUid(service))
    setPerms(pkeyFile, 640)


def setNftables():
    print()
    renderFile("nftables.conf.mako")
    if not filecmp.cmp("nftables.conf.rendered", "/etc/nftables.conf"):
        print("nftables.conf changed, copying new version.")
        runSudo(["cp", "nftables.conf.rendered", "/etc/nftables.conf"])
        runSudo(["systemctl", "restart", "nftables"])
    else:
        print("nftables.conf unchanged.")


def setOwner(path, uid=None, gid=None):
    stat = os.stat(path)
    if uid is None:
        uid = stat.st_uid
    if gid is None:
        gid = stat.st_gid    

    if stat.st_uid != uid or stat.st_gid != gid:
        print(f"Changing ownership of {path} to {uid}:{gid} from {stat.st_uid}:{stat.st_gid}.")
        runSudo(["chown", f"{uid}:{gid}", path])
    else:
        print(f"Ownership of {path} already set to {uid}:{gid}.")


def setPerms(path, mode):
    mode = str(mode)
    stat = os.stat(path)
    curMode = oct(stat.st_mode)[-3:]
    if mode != curMode:
        print(f"Changing permissions of {path} to {mode} from {curMode}.")
        if stat.st_uid == os.getuid():
            subprocess.run(["chmod", mode, path])
        else:
            runSudo(["chmod", mode, path])
    else:
        print(f"Permissions of {path} already set to {mode}.")


def setupProj(project):
    print(f"Running setup for project {project}.")

    if os.path.isfile(f"projects/{project}/compose.yaml.rendered"):
        backupProj(project)

    if project == 'diun':
        if not os.path.isfile(env['socket']):
            if env['rootless']:
                subprocess.run(["systemctl", "--user", "restart", "podman.socket"])
            else:
                runSudo("systemctl restart podman.socket")
        setPerms(env['socket'], 660)
        setOwner(env['socket'], env['podman_uid'], getUid('diun'))

    if project in env['certs'].keys():
        setCertPerms(project)
        
    for templateFile in glob(f"projects/{project}/*.mako", include_hidden=True):
        renderFile(templateFile)
        renderedFilename = re.sub('\\.mako$', '.rendered', templateFile)
        setPerms(renderedFilename, 640)
        setOwner(renderedFilename, os.getuid(), getUid(project))

    if project in env['volumes']:
        for volume in env['volumes'][project].values():
            if not os.path.exists(volume):
                os.makedirs(volume)
            setPerms(volume, 750)
            setOwner(volume, getUid(project), env['podman_uid'])

    upProj(project)


def upProj(project):
    if runPodman("pod", ["exists", f"pod_{project}"]).returncode == 0:
        print(f"Tearing down stack for project {project}.")
        runPodman("compose", ["-f", f"projects/{project}/compose.yaml.rendered", "down"])

    print(f"Creating & starting stack for project {project}.")
    runPodman("compose", ["-f", f"projects/{project}/compose.yaml.rendered", "up", "-d"])


def updateProj(project):
    if not os.path.isfile(f"projects/{project}/compose.yaml.rendered"):
        setupProj(project)
            
    print(f"Running update for project {project}.")
    
    if len(pullProj(project)) > 0:
        backupProj(project)
        upProj(project)


def main():
    envFile = "pyenv.yml"
    secretsFile = "pysecrets.yml"
    
    os.chdir(os.path.realpath(sys.path[0]))

    with open(envFile, 'r') as envfile, open(secretsFile, 'r') as secretsfile:
        global env, secrets
        env = yaml.safe_load(Template(filename=envFile).render())
        secrets = yaml.safe_load(secretsfile)

    setOwner(secretsFile, os.getuid(), os.getgid())
    setPerms(secretsFile, 600)

    print("\nUsing socket " + env['socket'] + ".")


    action = ''
    if len(sys.argv) > 1:
        action = sys.argv[1]
    else:
        print("\nChoose action:")
        print("[1/S] Setup project")
        print("[2/U] Update project")
        print("[3/B] Backup project")

    while action == '':
        action = input("Action: ")


    projects = os.listdir("projects")
    print(f"\nProjects list: {projects}")
    if len(sys.argv) > 2:
        target_projects = sys.argv[2]
    else:
        target_projects = input("Target compose project(s), space separated, leave empty to target all: ")

    if target_projects.strip() == '':
        target_projects = projects
    else:
        target_projects = re.split(' ?, ?| ', target_projects.strip())

    print(f"Target projects: {target_projects}")


    match action.casefold():
        case '1' | 's' | 'setup':
            setNftables()

            for project in target_projects:
                try:
                    print()
                    setupProj(project)
                except Exception as e:
                    print(e, file=sys.stderr)
                    print(f"Failed to setup project {project}.", file=sys.stderr)

        case '2' | 'u' | 'update':
            for project in target_projects:
                try:
                    print()
                    updateProj(project)
                except Exception as e:
                    print(e, file=sys.stderr)
                    print(f"Failed to update project {project}.", file=sys.stderr)

        case '3' | 'b' | 'backup':
            print()
            if not os.path.exists(env['borg_repo']):
                print(f"Creating borg repository {env['borg_repo']}.")
                runBorg(["init", "--encryption", "repokey", env['borg_repo']])

            borgCreate("secrets", path=secretsFile)

            for project in target_projects:
                try:
                    print()
                    backupProj(project)
                except Exception as e:
                    print(e, file=sys.stderr)
                    print(f"Failed to backup project {project}.", file=sys.stderr)

            runBorg(["compact", env['borg_repo']])


if __name__ == "__main__":
    main()
Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00			`#!/usr/bin/python3`

			`import os, sys, re`
[manage.py] Add setNftables() & sudoRun() 2024-10-01 13:44:53 +02:00			`import filecmp`
Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00			`from glob import glob`
			`from mako.template import Template`
[manage.py] Add borgbackup 2024-10-07 16:57:45 +02:00			`from pathlib import Path`
Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00			`import subprocess`
			`import yaml`


			`def backupProj(project):`
[manage.py] Add vaultwarden + complete backup support 2024-10-08 20:19:36 +02:00			`database = None`
			`paths = []`
Migrate Stump to Podman 2024-10-15 09:41:51 +02:00			`sqlite_db = None`
[manage.py] Add vaultwarden + complete backup support 2024-10-08 20:19:36 +02:00
Migrate PostgreSQL to Podman 2024-10-14 17:38:10 +02:00			`if project == 'postgres':`
			`database = 'all'`
			`elif project in secrets['postgres'].keys():`
[manage.py] Add vaultwarden + complete backup support 2024-10-08 20:19:36 +02:00			`database = project`

			`if project in env['backup'].keys():`
			`for path in env['backup'][project]:`
			`paths += [path]`

Migrate Stump to Podman 2024-10-15 09:41:51 +02:00			`if project in env['backup_sqlite'].keys():`
			`sqlite_db = env['backup_sqlite'][project]`

			`if database is not None or sqlite_db is not None or len(paths) > 0:`
[manage.py] Add vaultwarden + complete backup support 2024-10-08 20:19:36 +02:00			`print(f"Running backup for project {project}.")`

			`if len(paths) == 0:`
Migrate Stump to Podman 2024-10-15 09:41:51 +02:00			`borgCreate(project, database=database, sqlite_db=sqlite_db)`
[manage.py] Add vaultwarden + complete backup support 2024-10-08 20:19:36 +02:00			`else:`
Migrate Stump to Podman 2024-10-15 09:41:51 +02:00			`borgCreate(project, path=paths[0], database=database, sqlite_db=sqlite_db)`
[manage.py] Add vaultwarden + complete backup support 2024-10-08 20:19:36 +02:00
			`for path in paths[1:]:`
			`archiveName = re.sub('/', '-', path)`
			`borgCreate(f"{project}-{archiveName}", path=path)`
Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00

Migrate Stump to Podman 2024-10-15 09:41:51 +02:00			`def borgCreate(name, path=None, database=None, sqlite_db=None):`
			`if path is None and database is None and sqlite_db is None:`
			`print(f"Cannot create backup, you must pass at least one parameter amongst: path, database, database_path (archive name = {name}).", file=sys.stderr)`
[manage.py] Add vaultwarden + complete backup support 2024-10-08 20:19:36 +02:00			`return 1`

			`borgPaths = []`
[manage.py] Add borgbackup 2024-10-07 16:57:45 +02:00
			`if path is not None:`
			`absPath = Path(path).absolute()`

			`parentDir = absPath.parent.absolute()`
			`os.chdir(parentDir)`

[manage.py] Add vaultwarden + complete backup support 2024-10-08 20:19:36 +02:00			`borgPaths += [absPath.relative_to(parentDir)]`

			`borgInput = None`

			`if database is not None:`
			`print(f"Dumping database {database}.")`
[manage.py] Add borgbackup 2024-10-07 16:57:45 +02:00
Migrate PostgreSQL to Podman 2024-10-14 17:38:10 +02:00			`if database == 'all':`
			`dumpProc = subprocess.run(["podman", "exec", "postgres", "pg_dumpall"], capture_output=True, text=True)`
			`else:`
			`dumpProc = subprocess.run(["podman", "exec", "postgres", "pg_dump", "-c", database], capture_output=True, text=True)`

[manage.py] Add vaultwarden + complete backup support 2024-10-08 20:19:36 +02:00			`if dumpProc.returncode != 0:`
			`print(f"Failed to dump database {database}.", file=sys.stderr)`
			`return 1`

			`borgPaths += ["-", "--stdin-name", f"{database}.sql"]`

			`borgInput = dumpProc.stdout`

Migrate Stump to Podman 2024-10-15 09:41:51 +02:00			`if sqlite_db is not None:`
			`print(f"Dumping SQLite database {sqlite_db}.")`

			`sqlite_args = ["podman", "run", "--rm", "-v", f"{sqlite_db}:/db.sqlite", "docker.io/library/alpine:latest", "sh", "-c", "apk add sqlite &>/dev/null; sqlite3 /db.sqlite .dump"]`
			`dumpProc = subprocess.run(sqlite_args, capture_output=True, text=True)`

			`if dumpProc.returncode != 0:`
			`print(f"Failed to dump SQLite database {sqlite_db}.", file=sys.stderr)`
			`return 1`

			`database = Path(sqlite_db).stem`

			`borgPaths += ["-", "--stdin-name", f"{database}.sqlite"]`

			`borgInput = dumpProc.stdout`

[manage.py] Add vaultwarden + complete backup support 2024-10-08 20:19:36 +02:00			`if path is None:`
			`print(f"Creating archive '{name}' from database {database}.")`
			`elif database is None:`
			`print(f"Creating archive '{name}' from path {path}.")`
			`else:`
			`print(f"Creating archive '{name}' from database {database} and path {absPath}.")`

			`borgArgs = ["create", "--compression=lzma", f"{env['borg_repo']}::{name}_{{utcnow}}"]`
			`runBorg(borgArgs + borgPaths, input=borgInput)`
[manage.py] Add borgbackup 2024-10-07 16:57:45 +02:00
			`os.chdir(os.path.realpath(sys.path[0]))`

[manage.py] Add vaultwarden + complete backup support 2024-10-08 20:19:36 +02:00			`print(f"Pruning archives '{name}_*'.")`
			`runBorg(["prune", "--glob-archives", f"{name}_*"] + env['borg_prune_opts'] + [env['borg_repo']])`

[manage.py] Add borgbackup 2024-10-07 16:57:45 +02:00
Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00			`def getImageId (image):`
E (add rootful podman) 2024-10-07 11:37:52 +02:00			`return runPodman("image", ["inspect", "--format", "{{.Id}}", image]).stdout.strip()`
Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00

			`def getUid(service):`
[diun] Fix socket permissions 2024-10-15 10:23:53 +02:00			`if service in env['users'].keys() and env['users'][service] != 0:`
E (add rootful podman) 2024-10-07 11:37:52 +02:00			`return env['users'][service] + env['uid_shift']`
[manage.py] getUid(): Add support for containers running as host user 2024-10-01 10:40:53 +02:00			`else:`
E (add rootful podman) 2024-10-07 11:37:52 +02:00			`return env['podman_uid']`
Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00

			`def pullProj(project):`
			`print(f"Pulling images for project {project}.")`

			`with open(f"projects/{project}/compose.yaml.rendered", 'r') as composefile:`
			`images = re.findall('(?<=image:\\s).+', composefile.read())`

			`pulledImages = []`
			`for image in images:`
			`currentId = getImageId(image)`
Migrate Keycloak to Podman 2024-10-15 11:22:12 +02:00			`if re.search('^localhost/', image):`
			`runPodman("compose", ["-f", f"projects/{project}/compose.yaml.rendered", "build", "--pull"])`
			`else:`
			`runPodman("pull", image)`
Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00			`pulledId = getImageId(image)`
			`if currentId != pulledId:`
			`pulledImages += image`
			`print(f"Pulled new version of image {image}.")`
			`else:`
			`print(f"No update available for image {image}.")`

			`return pulledImages`


			`def renderFile(templateFile):`
			`print(f"Rendering file {templateFile}.")`

[manage.py] Fix (?) templates rendering issue 2024-10-01 14:06:30 +02:00			`renderedFilename = re.sub('\\.mako$', '.rendered', templateFile)`
Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00
			`template = Template(filename=templateFile)`

[manage.py] Fix (?) templates rendering issue 2024-10-01 14:06:30 +02:00			`outputFile = open(renderedFilename, "w")`
Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00			`outputFile.write(template.render(env=env, secrets=secrets))`
			`outputFile.close()`


[manage.py] Add vaultwarden + complete backup support 2024-10-08 20:19:36 +02:00			`def runBorg(args, input=None):`
[manage.py] Add borgbackup 2024-10-07 16:57:45 +02:00			`if isinstance(args, str):`
			`args = args.split(' ')`

[manage.py] Add vaultwarden + complete backup support 2024-10-08 20:19:36 +02:00			`borgEnv = {"BORG_PASSPHRASE": secrets['borg']}`
			`proc = subprocess.run(["borg"] + args, input=input, capture_output=True, text=True, env=borgEnv)`
[manage.py] Add borgbackup 2024-10-07 16:57:45 +02:00
[manage.py] Add vaultwarden + complete backup support 2024-10-08 20:19:36 +02:00			`stderr = proc.stderr.strip()`
[manage.py] Add borgbackup 2024-10-07 16:57:45 +02:00			`if stderr != '':`
			`print(stderr, file=sys.stderr)`

[manage.py] Add vaultwarden + complete backup support 2024-10-08 20:19:36 +02:00			`return proc`
[manage.py] Add borgbackup 2024-10-07 16:57:45 +02:00

E (add rootful podman) 2024-10-07 11:37:52 +02:00			`def runPodman(cmd, args):`
			`if isinstance(args, str):`
			`args = args.split(' ')`

			`if cmd == 'compose':`
			`runArgs = ["podman-compose"] + args`
			`else:`
			`runArgs = ["podman", cmd] + args`

			`if env['rootless']:`
[manage.py] Add vaultwarden + complete backup support 2024-10-08 20:19:36 +02:00			`proc = subprocess.run(runArgs, capture_output=True, text=True)`
			`stderr = proc.stderr.strip()`
E (add rootful podman) 2024-10-07 11:37:52 +02:00			`else:`
[manage.py] Add vaultwarden + complete backup support 2024-10-08 20:19:36 +02:00			`proc = runSudo(runArgs)`
			`stderr = proc.stderr.read().strip()`

			`if stderr != '':`
			`print(stderr, file=sys.stderr)`

			`return proc`
E (add rootful podman) 2024-10-07 11:37:52 +02:00

			`def runSudo(args):`
			`if isinstance(args, str):`
			`args = args.split(' ')`

			`child = subprocess.Popen(["sudo"] + args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True)`

			`if re.search('^\\[sudo\\] password for .+', child.stdout.read().strip()):`
			`child.communicate(input=input().encode())[0]`

			`child.wait()`

			`stderr = child.stderr.read().strip()`
			`if stderr != '':`
			`print(stderr, file=sys.stderr)`

			`return child`


Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00			`def setCertPerms(service):`
E (add rootful podman) 2024-10-07 11:37:52 +02:00			`dirs = ["/etc/letsencrypt", "/etc/letsencrypt/live", "/etc/letsencrypt/archive"]`
Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00
			`pkeyFile = env['certs'][service]['pkey']`
E (add rootful podman) 2024-10-07 11:37:52 +02:00
Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00			`domain_dir = re.search('.+(?=\\/.+$)', pkeyFile).group(0)`
E (add rootful podman) 2024-10-07 11:37:52 +02:00			`dirs += [domain_dir, re.sub('live', 'archive', domain_dir)]`

			`for path in dirs:`
			`setOwner(path, 0, env['podman_uid'])`
			`setPerms(path, 711)`
Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00
			`setOwner(pkeyFile, 0, getUid(service))`
			`setPerms(pkeyFile, 640)`


[manage.py] Add setNftables() & sudoRun() 2024-10-01 13:44:53 +02:00			`def setNftables():`
[manage.py] Add borgbackup 2024-10-07 16:57:45 +02:00			`print()`
[manage.py] Add setNftables() & sudoRun() 2024-10-01 13:44:53 +02:00			`renderFile("nftables.conf.mako")`
			`if not filecmp.cmp("nftables.conf.rendered", "/etc/nftables.conf"):`
			`print("nftables.conf changed, copying new version.")`
E (add rootful podman) 2024-10-07 11:37:52 +02:00			`runSudo(["cp", "nftables.conf.rendered", "/etc/nftables.conf"])`
			`runSudo(["systemctl", "restart", "nftables"])`
[manage.py] Add setNftables() & sudoRun() 2024-10-01 13:44:53 +02:00			`else:`
			`print("nftables.conf unchanged.")`


Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00			`def setOwner(path, uid=None, gid=None):`
			`stat = os.stat(path)`
[manage.py] getUid() oopsie 2024-10-01 13:57:43 +02:00			`if uid is None:`
Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00			`uid = stat.st_uid`
[manage.py] getUid() oopsie 2024-10-01 13:57:43 +02:00			`if gid is None:`
Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00			`gid = stat.st_gid`

			`if stat.st_uid != uid or stat.st_gid != gid:`
			`print(f"Changing ownership of {path} to {uid}:{gid} from {stat.st_uid}:{stat.st_gid}.")`
E (add rootful podman) 2024-10-07 11:37:52 +02:00			`runSudo(["chown", f"{uid}:{gid}", path])`
Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00			`else:`
			`print(f"Ownership of {path} already set to {uid}:{gid}.")`


			`def setPerms(path, mode):`
			`mode = str(mode)`
			`stat = os.stat(path)`
			`curMode = oct(stat.st_mode)[-3:]`
			`if mode != curMode:`
			`print(f"Changing permissions of {path} to {mode} from {curMode}.")`
E (add rootful podman) 2024-10-07 11:37:52 +02:00			`if stat.st_uid == os.getuid():`
Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00			`subprocess.run(["chmod", mode, path])`
			`else:`
E (add rootful podman) 2024-10-07 11:37:52 +02:00			`runSudo(["chmod", mode, path])`
Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00			`else:`
			`print(f"Permissions of {path} already set to {mode}.")`


			`def setupProj(project):`
			`print(f"Running setup for project {project}.")`

[manage.py] Add vaultwarden + complete backup support 2024-10-08 20:19:36 +02:00			`if os.path.isfile(f"projects/{project}/compose.yaml.rendered"):`
			`backupProj(project)`
Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00
E (add rootful podman) 2024-10-07 11:37:52 +02:00			`if project == 'diun':`
			`if not os.path.isfile(env['socket']):`
			`if env['rootless']:`
			`subprocess.run(["systemctl", "--user", "restart", "podman.socket"])`
			`else:`
			`runSudo("systemctl restart podman.socket")`
[manage.py] Fix diun socket permissions 2024-10-07 13:14:40 +02:00			`setPerms(env['socket'], 660)`
			`setOwner(env['socket'], env['podman_uid'], getUid('diun'))`
E (add rootful podman) 2024-10-07 11:37:52 +02:00
Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00			`if project in env['certs'].keys():`
			`setCertPerms(project)`

[manage.py] setupProj(): Render hidden files 2024-10-01 10:49:40 +02:00			`for templateFile in glob(f"projects/{project}/*.mako", include_hidden=True):`
Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00			`renderFile(templateFile)`
[manage.py] Fix (?) templates rendering issue 2024-10-01 14:06:30 +02:00			`renderedFilename = re.sub('\\.mako$', '.rendered', templateFile)`
			`setPerms(renderedFilename, 640)`
E (add rootful podman) 2024-10-07 11:37:52 +02:00			`setOwner(renderedFilename, os.getuid(), getUid(project))`
Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00
[podman] Add Syncthing 2024-10-07 14:42:58 +02:00			`if project in env['volumes']:`
			`for volume in env['volumes'][project].values():`
[manage.py] Add vaultwarden + complete backup support 2024-10-08 20:19:36 +02:00			`if not os.path.exists(volume):`
			`os.makedirs(volume)`
[podman] Add Syncthing 2024-10-07 14:42:58 +02:00			`setPerms(volume, 750)`
[manage.py] Add vaultwarden + complete backup support 2024-10-08 20:19:36 +02:00			`setOwner(volume, getUid(project), env['podman_uid'])`
[podman] Add Syncthing 2024-10-07 14:42:58 +02:00
Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00			`upProj(project)`


			`def upProj(project):`
[manage.py] Add vaultwarden + complete backup support 2024-10-08 20:19:36 +02:00			`if runPodman("pod", ["exists", f"pod_{project}"]).returncode == 0:`
E (add rootful podman) 2024-10-07 11:37:52 +02:00			`print(f"Tearing down stack for project {project}.")`
			`runPodman("compose", ["-f", f"projects/{project}/compose.yaml.rendered", "down"])`

Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00			`print(f"Creating & starting stack for project {project}.")`
E (add rootful podman) 2024-10-07 11:37:52 +02:00			`runPodman("compose", ["-f", f"projects/{project}/compose.yaml.rendered", "up", "-d"])`
Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00

			`def updateProj(project):`
			`if not os.path.isfile(f"projects/{project}/compose.yaml.rendered"):`
			`setupProj(project)`

			`print(f"Running update for project {project}.")`

			`if len(pullProj(project)) > 0:`
			`backupProj(project)`
			`upProj(project)`


			`def main():`
			`envFile = "pyenv.yml"`
			`secretsFile = "pysecrets.yml"`

			`os.chdir(os.path.realpath(sys.path[0]))`

			`with open(envFile, 'r') as envfile, open(secretsFile, 'r') as secretsfile:`
			`global env, secrets`
E (add rootful podman) 2024-10-07 11:37:52 +02:00			`env = yaml.safe_load(Template(filename=envFile).render())`
Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00			`secrets = yaml.safe_load(secretsfile)`
E (add rootful podman) 2024-10-07 11:37:52 +02:00
			`setOwner(secretsFile, os.getuid(), os.getgid())`
Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00			`setPerms(secretsFile, 600)`

E (add rootful podman) 2024-10-07 11:37:52 +02:00			`print("\nUsing socket " + env['socket'] + ".")`

Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00
			`action = ''`
[manage.py] Add command arguments for action & target projects 2024-10-08 20:38:06 +02:00			`if len(sys.argv) > 1:`
			`action = sys.argv[1]`
			`else:`
			`print("\nChoose action:")`
			`print("[1/S] Setup project")`
			`print("[2/U] Update project")`
			`print("[3/B] Backup project")`

Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00			`while action == '':`
			`action = input("Action: ")`

[manage.py] Add command arguments for action & target projects 2024-10-08 20:38:06 +02:00
Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00			`projects = os.listdir("projects")`
			`print(f"\nProjects list: {projects}")`
[manage.py] Add command arguments for action & target projects 2024-10-08 20:38:06 +02:00			`if len(sys.argv) > 2:`
			`target_projects = sys.argv[2]`
			`else:`
			`target_projects = input("Target compose project(s), space separated, leave empty to target all: ")`
Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00
[manage.py] backup: Add DOCKER_HOST env var 2024-10-08 20:56:01 +02:00			`if target_projects.strip() == '':`
Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00			`target_projects = projects`
			`else:`
[manage.py] Add command arguments for action & target projects 2024-10-08 20:38:06 +02:00			`target_projects = re.split(' ?, ?\| ', target_projects.strip())`

Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00			`print(f"Target projects: {target_projects}")`

[manage.py] Add command arguments for action & target projects 2024-10-08 20:38:06 +02:00
			`match action.casefold():`
			`case '1' \| 's' \| 'setup':`
[manage.py] Add borgbackup 2024-10-07 16:57:45 +02:00			`setNftables()`

Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00			`for project in target_projects:`
			`try:`
			`print()`
			`setupProj(project)`
			`except Exception as e:`
			`print(e, file=sys.stderr)`
			`print(f"Failed to setup project {project}.", file=sys.stderr)`

[manage.py] Add command arguments for action & target projects 2024-10-08 20:38:06 +02:00			`case '2' \| 'u' \| 'update':`
Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00			`for project in target_projects:`
			`try:`
			`print()`
			`updateProj(project)`
			`except Exception as e:`
			`print(e, file=sys.stderr)`
			`print(f"Failed to update project {project}.", file=sys.stderr)`

[manage.py] Add command arguments for action & target projects 2024-10-08 20:38:06 +02:00			`case '3' \| 'b' \| 'backup':`
[manage.py] Add borgbackup 2024-10-07 16:57:45 +02:00			`print()`
			`if not os.path.exists(env['borg_repo']):`
			`print(f"Creating borg repository {env['borg_repo']}.")`
			`runBorg(["init", "--encryption", "repokey", env['borg_repo']])`

			`borgCreate("secrets", path=secretsFile)`

			`for project in target_projects:`
			`try:`
			`print()`
			`backupProj(project)`
			`except Exception as e:`
			`print(e, file=sys.stderr)`
			`print(f"Failed to backup project {project}.", file=sys.stderr)`

			`runBorg(["compact", env['borg_repo']])`

Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00
			`if __name__ == "__main__":`
			`main()`