[manage.py] Add borgbackup

2024-10-07 16:57:45 +02:00 · 2024-10-07 16:57:45 +02:00 · fe2f97232c
commit fe2f97232c
parent ea05e38b37
4 changed files with 68 additions and 7 deletions
--- a/2
+++ b/2
@ -1,4 +1,4 @@
-//USERNAME.your-storagebox.de/backup/backups /mnt/storagebox/backups smb3 uid=0,gid=1000,file_mode=0640,dir_mode=0750,credentials=/etc/storagebox-cifs-credentials.txt,iocharset=utf8,rw,mfsymlinks,vers=3,seal 0 0
+//USERNAME.your-storagebox.de/backup/backups /mnt/storagebox/backups smb3 uid=0,gid=1000,file_mode=0660,dir_mode=0770,credentials=/etc/storagebox-cifs-credentials.txt,iocharset=utf8,rw,mfsymlinks,vers=3,seal 0 0
 //USERNAME.your-storagebox.de/backup /mnt/storagebox smb3 uid=0,gid=0,file_mode=0640,dir_mode=0755,credentials=/etc/storagebox-cifs-credentials.txt,iocharset=utf8,rw,mfsymlinks,vers=3,seal 0 0
 //USERNAME.your-storagebox.de/backup/syncthing /mnt/storagebox/syncthing smb3 uid=101000,gid=101000,file_mode=0640,dir_mode=0750,credentials=/etc/storagebox-cifs-credentials.txt,iocharset=utf8,rw,mfsymlinks,vers=3,seal 0 0
 //USERNAME.your-storagebox.de/backup/fireshare /mnt/storagebox/fireshare smb3 uid=101006,gid=101006,file_mode=0644,dir_mode=0755,credentials=/etc/storagebox-cifs-credentials.txt,iocharset=utf8,rw,mfsymlinks,vers=3,seal 0 0
--- a/manage.py
+++ b/manage.py
@ -4,6 +4,7 @@ import os, sys, re
 import filecmp
 from glob import glob
 from mako.template import Template
+from pathlib import Path
 import subprocess
 import yaml

@ -13,6 +14,26 @@ def backupProj(project):
    # loop env.volumes & secrets.postgres


+def borgCreate(name, path=None, database=None):
+    if path is None and database is None:
+        print(f"Backup failed, you must pass at least one parameter amongst: path, database (archive name = {name}).", file=sys.stderr)
+        return
+
+    if path is not None:
+        absPath = Path(path).absolute()
+
+        print(f"Creating archive '{name}' from path {absPath}.")
+
+        parentDir = absPath.parent.absolute()
+        os.chdir(parentDir)
+
+        runBorg(["create", "--compression=lzma", f"{env['borg_repo']}::{name}-" + '{now:%Y-%m-%d_%H-%M-%S}', absPath.relative_to(parentDir)])
+
+    runBorg(["prune", "--glob-archives", f"{name}-*"] + env['borg_prune_opts'] + [env['borg_repo']])
+
+    os.chdir(os.path.realpath(sys.path[0]))
+
+
 def getImageId (image):
    return runPodman("image", ["inspect", "--format", "{{.Id}}", image]).stdout.strip()

@ -56,6 +77,22 @@ def renderFile(templateFile):
    outputFile.close()


+def runBorg(args):
+    if isinstance(args, str):
+        args = args.split(' ')
+
+    env = {"BORG_PASSPHRASE": secrets['borg']}
+    child = subprocess.Popen(["borg"] + args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True, env=env)
+
+    child.wait()
+
+    stderr = child.stderr.read().strip()
+    if stderr != '':
+        print(stderr, file=sys.stderr)
+
+    return child
+
+
 def runPodman(cmd, args):
    if isinstance(args, str):
        args = args.split(' ')
@ -106,6 +143,7 @@ def setCertPerms(service):


 def setNftables():
+    print()
    renderFile("nftables.conf.mako")
    if not filecmp.cmp("nftables.conf.rendered", "/etc/nftables.conf"):
        print("nftables.conf changed, copying new version.")
@ -230,10 +268,10 @@ def main():
        target_projects = target_projects.split(' ')
    print(f"Target projects: {target_projects}")

-    setNftables()
-
    match action:
        case '1' | 'S':
+            setNftables()
+
            for project in target_projects:
                try:
                    print()
@ -251,6 +289,24 @@ def main():
                    print(e, file=sys.stderr)
                    print(f"Failed to update project {project}.", file=sys.stderr)

+        case '3' | 'B':
+            print()
+            if not os.path.exists(env['borg_repo']):
+                print(f"Creating borg repository {env['borg_repo']}.")
+                runBorg(["init", "--encryption", "repokey", env['borg_repo']])
+
+            borgCreate("secrets", path=secretsFile)
+
+            for project in target_projects:
+                try:
+                    print()
+                    backupProj(project)
+                except Exception as e:
+                    print(e, file=sys.stderr)
+                    print(f"Failed to backup project {project}.", file=sys.stderr)
+
+            runBorg(["compact", env['borg_repo']])
+

 if __name__ == "__main__":
    main()
--- a/pyenv.yml
+++ b/pyenv.yml
@ -20,8 +20,13 @@ socket: "/run/podman/podman.sock"
 % endif


-borg_repodir: /mnt/storagebox/backups/borg
-borg_passphrase_file: /etc/borg-passphrase.txt
+borg_repo: /mnt/storagebox/backups/borg2
+borg_prune_opts:
+  - "--keep-within=1d"
+  - "--keep-daily=7"
+  - "--keep-weekly=4"
+  - "--keep-monthly=12"
+  - "--keep-yearly=86"


 certs:
--- a/setup.sh
+++ b/setup.sh
@ -15,14 +15,14 @@ declare -a podman_units=(podman.service podman.socket podman-auto-update.service


 if [[ "$podman_mode" == "rootless" ]]; then
-	sudo apt install -y aardvark-dns cifs-utils dbus-user-session nftables passt podman podman-compose python3-mako uidmap
+	sudo apt install -y aardvark-dns borgbackup cifs-utils dbus-user-session nftables passt podman podman-compose python3-mako uidmap

 	sudo loginctl enable-linger "$USER"

 	sudo systemctl disable --now "${podman_units[@]}"
 	systemctl --user enable --now "${podman_units[@]}"
 else
-	sudo apt install -y aardvark-dns cifs-utils nftables podman podman-compose python3-mako
+	sudo apt install -y aardvark-dns borgbackup cifs-utils nftables podman podman-compose python3-mako

 	systemctl --user disable --now "${podman_units[@]}"
 	sudo systemctl enable --now "${podman_units[@]}"