module Propellor.Property.Restic
( ResticRepo (..)
, installed
, repoExists
, init
, restored
, backup
, backup'
, KeepPolicy (..)
) where
import Propellor.Base hiding (init)
import Prelude hiding (init)
import qualified Propellor.Property.Apt as Apt
import qualified Propellor.Property.Cron as Cron
import qualified Propellor.Property.File as File
import Data.List (intercalate)
type Url = String
type ResticParam = String
data ResticRepo
= Direct FilePath
| SFTP User HostName FilePath
| REST Url
instance ConfigurableValue ResticRepo where
val (Direct fp) = fp
val (SFTP u h fp) = "sftp:" ++ val u ++ "@" ++ val h ++ ":" ++ fp
val (REST url) = "rest:" ++ url
installed :: Property DebianLike
installed = withOS desc $ \w o -> case o of
(Just (System (Debian _ (Stable "jessie")) _)) -> ensureProperty w $
Apt.installedBackport ["restic"]
_ -> ensureProperty w $
Apt.installed ["restic"]
where
desc = "installed restic"
repoExists :: ResticRepo -> IO Bool
repoExists repo = boolSystem "restic"
[ Param "-r"
, File (val repo)
, Param "--password-file"
, File (getPasswordFile repo)
, Param "snapshots"
]
passwordFileDir :: FilePath
passwordFileDir = "/etc/restic-keys"
getPasswordFile :: ResticRepo -> FilePath
getPasswordFile repo = passwordFileDir </> File.configFileName (val repo)
passwordFileConfigured :: ResticRepo -> Property (HasInfo + UnixLike)
passwordFileConfigured repo = propertyList "restic password file" $ props
& File.dirExists passwordFileDir
& File.mode passwordFileDir 0O2700
& getPasswordFile repo `File.hasPrivContent` hostContext
init :: ResticRepo -> Property (HasInfo + DebianLike)
init repo = check (not <$> repoExists repo) (cmdProperty "restic" initargs)
`requires` installed
`requires` passwordFileConfigured repo
where
initargs =
[ "-r"
, val repo
, "--password-file"
, getPasswordFile repo
, "init"
]
restored :: FilePath -> ResticRepo -> Property (HasInfo + DebianLike)
restored dir repo = go
`requires` init repo
where
go :: Property DebianLike
go = property (dir ++ " restored by restic") $ ifM (liftIO needsRestore)
( do
warningMessage $ dir ++ " is empty/missing; restoring from backup ..."
liftIO restore
, noChange
)
needsRestore = null <$> catchDefaultIO [] (dirContents dir)
restore = withTmpDirIn (takeDirectory dir) "restic-restore" $ \tmpdir -> do
ok <- boolSystem "restic"
[ Param "-r"
, File (val repo)
, Param "--password-file"
, File (getPasswordFile repo)
, Param "restore"
, Param "latest"
, Param "--target"
, File tmpdir
]
let restoreddir = tmpdir ++ "/" ++ dir
ifM (pure ok <&&> doesDirectoryExist restoreddir)
( do
void $ tryIO $ removeDirectory dir
renameDirectory restoreddir dir
return MadeChange
, return FailedChange
)
backup :: FilePath -> ResticRepo -> Cron.Times -> [ResticParam] -> [KeepPolicy] -> Property (HasInfo + DebianLike)
backup dir repo crontimes extraargs kp = backup' [dir] repo crontimes extraargs kp
`requires` restored dir repo
backup' :: [FilePath] -> ResticRepo -> Cron.Times -> [ResticParam] -> [KeepPolicy] -> Property (HasInfo + DebianLike)
backup' dirs repo crontimes extraargs kp = cronjob
`describe` desc
`requires` init repo
where
desc = val repo ++ " restic backup"
cronjob = Cron.niceJob ("restic_backup" ++ intercalate "_" dirs) crontimes (User "root") "/" $
"flock " ++ shellEscape lockfile ++ " sh -c " ++ shellEscape backupcmd
lockfile = "/var/lock/propellor-restic.lock"
backupcmd = intercalate " && " $
createCommand
: if null kp then [] else [pruneCommand]
createCommand = unwords $
[ "restic"
, "-r"
, shellEscape (val repo)
, "--password-file"
, shellEscape (getPasswordFile repo)
]
++ map shellEscape extraargs ++
[ "backup" ]
++ map shellEscape dirs
pruneCommand = unwords $
[ "restic"
, "-r"
, shellEscape (val repo)
, "--password-file"
, shellEscape (getPasswordFile repo)
, "forget"
, "--prune"
]
++
map keepParam kp
keepParam :: KeepPolicy -> ResticParam
keepParam (KeepLast n) = "--keep-last=" ++ val n
keepParam (KeepHours n) = "--keep-hourly=" ++ val n
keepParam (KeepDays n) = "--keep-daily=" ++ val n
keepParam (KeepWeeks n) = "--keep-weekly=" ++ val n
keepParam (KeepMonths n) = "--keep-monthly=" ++ val n
keepParam (KeepYears n) = "--keep-yearly=" ++ val n
data KeepPolicy
= KeepLast Int
| KeepHours Int
| KeepDays Int
| KeepWeeks Int
| KeepMonths Int
| KeepYears Int