[manage.py] Add borgbackup

This commit is contained in:
Viyurz 2024-10-07 16:57:45 +02:00
parent ea05e38b37
commit fe2f97232c
Signed by: Viyurz
SSH key fingerprint: SHA256:IskOHTmhHSJIvAt04N6aaxd5SZCVWW1Guf9tEcxIMj8
4 changed files with 68 additions and 7 deletions

2
fstab
View file

@ -1,4 +1,4 @@
//USERNAME.your-storagebox.de/backup/backups /mnt/storagebox/backups smb3 uid=0,gid=1000,file_mode=0640,dir_mode=0750,credentials=/etc/storagebox-cifs-credentials.txt,iocharset=utf8,rw,mfsymlinks,vers=3,seal 0 0 //USERNAME.your-storagebox.de/backup/backups /mnt/storagebox/backups smb3 uid=0,gid=1000,file_mode=0660,dir_mode=0770,credentials=/etc/storagebox-cifs-credentials.txt,iocharset=utf8,rw,mfsymlinks,vers=3,seal 0 0
//USERNAME.your-storagebox.de/backup /mnt/storagebox smb3 uid=0,gid=0,file_mode=0640,dir_mode=0755,credentials=/etc/storagebox-cifs-credentials.txt,iocharset=utf8,rw,mfsymlinks,vers=3,seal 0 0 //USERNAME.your-storagebox.de/backup /mnt/storagebox smb3 uid=0,gid=0,file_mode=0640,dir_mode=0755,credentials=/etc/storagebox-cifs-credentials.txt,iocharset=utf8,rw,mfsymlinks,vers=3,seal 0 0
//USERNAME.your-storagebox.de/backup/syncthing /mnt/storagebox/syncthing smb3 uid=101000,gid=101000,file_mode=0640,dir_mode=0750,credentials=/etc/storagebox-cifs-credentials.txt,iocharset=utf8,rw,mfsymlinks,vers=3,seal 0 0 //USERNAME.your-storagebox.de/backup/syncthing /mnt/storagebox/syncthing smb3 uid=101000,gid=101000,file_mode=0640,dir_mode=0750,credentials=/etc/storagebox-cifs-credentials.txt,iocharset=utf8,rw,mfsymlinks,vers=3,seal 0 0
//USERNAME.your-storagebox.de/backup/fireshare /mnt/storagebox/fireshare smb3 uid=101006,gid=101006,file_mode=0644,dir_mode=0755,credentials=/etc/storagebox-cifs-credentials.txt,iocharset=utf8,rw,mfsymlinks,vers=3,seal 0 0 //USERNAME.your-storagebox.de/backup/fireshare /mnt/storagebox/fireshare smb3 uid=101006,gid=101006,file_mode=0644,dir_mode=0755,credentials=/etc/storagebox-cifs-credentials.txt,iocharset=utf8,rw,mfsymlinks,vers=3,seal 0 0

View file

@ -4,6 +4,7 @@ import os, sys, re
import filecmp import filecmp
from glob import glob from glob import glob
from mako.template import Template from mako.template import Template
from pathlib import Path
import subprocess import subprocess
import yaml import yaml
@ -13,6 +14,26 @@ def backupProj(project):
# loop env.volumes & secrets.postgres # loop env.volumes & secrets.postgres
def borgCreate(name, path=None, database=None):
if path is None and database is None:
print(f"Backup failed, you must pass at least one parameter amongst: path, database (archive name = {name}).", file=sys.stderr)
return
if path is not None:
absPath = Path(path).absolute()
print(f"Creating archive '{name}' from path {absPath}.")
parentDir = absPath.parent.absolute()
os.chdir(parentDir)
runBorg(["create", "--compression=lzma", f"{env['borg_repo']}::{name}-" + '{now:%Y-%m-%d_%H-%M-%S}', absPath.relative_to(parentDir)])
runBorg(["prune", "--glob-archives", f"{name}-*"] + env['borg_prune_opts'] + [env['borg_repo']])
os.chdir(os.path.realpath(sys.path[0]))
def getImageId (image): def getImageId (image):
return runPodman("image", ["inspect", "--format", "{{.Id}}", image]).stdout.strip() return runPodman("image", ["inspect", "--format", "{{.Id}}", image]).stdout.strip()
@ -56,6 +77,22 @@ def renderFile(templateFile):
outputFile.close() outputFile.close()
def runBorg(args):
if isinstance(args, str):
args = args.split(' ')
env = {"BORG_PASSPHRASE": secrets['borg']}
child = subprocess.Popen(["borg"] + args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True, env=env)
child.wait()
stderr = child.stderr.read().strip()
if stderr != '':
print(stderr, file=sys.stderr)
return child
def runPodman(cmd, args): def runPodman(cmd, args):
if isinstance(args, str): if isinstance(args, str):
args = args.split(' ') args = args.split(' ')
@ -106,6 +143,7 @@ def setCertPerms(service):
def setNftables(): def setNftables():
print()
renderFile("nftables.conf.mako") renderFile("nftables.conf.mako")
if not filecmp.cmp("nftables.conf.rendered", "/etc/nftables.conf"): if not filecmp.cmp("nftables.conf.rendered", "/etc/nftables.conf"):
print("nftables.conf changed, copying new version.") print("nftables.conf changed, copying new version.")
@ -230,10 +268,10 @@ def main():
target_projects = target_projects.split(' ') target_projects = target_projects.split(' ')
print(f"Target projects: {target_projects}") print(f"Target projects: {target_projects}")
setNftables()
match action: match action:
case '1' | 'S': case '1' | 'S':
setNftables()
for project in target_projects: for project in target_projects:
try: try:
print() print()
@ -251,6 +289,24 @@ def main():
print(e, file=sys.stderr) print(e, file=sys.stderr)
print(f"Failed to update project {project}.", file=sys.stderr) print(f"Failed to update project {project}.", file=sys.stderr)
case '3' | 'B':
print()
if not os.path.exists(env['borg_repo']):
print(f"Creating borg repository {env['borg_repo']}.")
runBorg(["init", "--encryption", "repokey", env['borg_repo']])
borgCreate("secrets", path=secretsFile)
for project in target_projects:
try:
print()
backupProj(project)
except Exception as e:
print(e, file=sys.stderr)
print(f"Failed to backup project {project}.", file=sys.stderr)
runBorg(["compact", env['borg_repo']])
if __name__ == "__main__": if __name__ == "__main__":
main() main()

View file

@ -20,8 +20,13 @@ socket: "/run/podman/podman.sock"
% endif % endif
borg_repodir: /mnt/storagebox/backups/borg borg_repo: /mnt/storagebox/backups/borg2
borg_passphrase_file: /etc/borg-passphrase.txt borg_prune_opts:
- "--keep-within=1d"
- "--keep-daily=7"
- "--keep-weekly=4"
- "--keep-monthly=12"
- "--keep-yearly=86"
certs: certs:

View file

@ -15,14 +15,14 @@ declare -a podman_units=(podman.service podman.socket podman-auto-update.service
if [[ "$podman_mode" == "rootless" ]]; then if [[ "$podman_mode" == "rootless" ]]; then
sudo apt install -y aardvark-dns cifs-utils dbus-user-session nftables passt podman podman-compose python3-mako uidmap sudo apt install -y aardvark-dns borgbackup cifs-utils dbus-user-session nftables passt podman podman-compose python3-mako uidmap
sudo loginctl enable-linger "$USER" sudo loginctl enable-linger "$USER"
sudo systemctl disable --now "${podman_units[@]}" sudo systemctl disable --now "${podman_units[@]}"
systemctl --user enable --now "${podman_units[@]}" systemctl --user enable --now "${podman_units[@]}"
else else
sudo apt install -y aardvark-dns cifs-utils nftables podman podman-compose python3-mako sudo apt install -y aardvark-dns borgbackup cifs-utils nftables podman podman-compose python3-mako
systemctl --user disable --now "${podman_units[@]}" systemctl --user disable --now "${podman_units[@]}"
sudo systemctl enable --now "${podman_units[@]}" sudo systemctl enable --now "${podman_units[@]}"