From 099f0568b8cd5eb623495665f98210933cd93791 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Sat, 25 May 2024 09:34:34 +0200 Subject: [PATCH 01/32] Manifest v2 --- conf/check-restic.j2 | 6 +- conf/sudoer | 1 + conf/systemd_check.service | 2 +- conf/systemd_check_read_data.service | 2 +- doc/POST_INSTALL.md | 16 +++ manifest.json | 160 --------------------- manifest.toml | 133 +++++++++++++++++ scripts/_common.sh | 192 ++++++++++--------------- scripts/backup | 52 +++---- scripts/install | 208 +++++++-------------------- scripts/remove | 68 +++------ scripts/restore | 60 ++++---- scripts/upgrade | 59 +++----- tests.toml | 38 +++++ 14 files changed, 400 insertions(+), 597 deletions(-) create mode 100644 conf/sudoer create mode 100644 doc/POST_INSTALL.md delete mode 100644 manifest.json create mode 100644 manifest.toml create mode 100644 tests.toml diff --git a/conf/check-restic.j2 b/conf/check-restic.j2 index 0dc1551..ad67eea 100644 --- a/conf/check-restic.j2 +++ b/conf/check-restic.j2 @@ -20,13 +20,13 @@ CHECK_READ_DATA=${1:-0} # Check system part conf conf=$(sudo yunohost app setting {{ app }} conf) if [ $conf -eq 1 ];then - sudo {{final_path}}/check_method_{{ app }} auto_conf ${CHECK_READ_DATA} + sudo {{install_dir}}/check_method_{{ app }} auto_conf ${CHECK_READ_DATA} fi # Check system data data=$(sudo yunohost app setting {{ app }} data) if [ $data -eq 1 ];then - sudo {{final_path}}/check_method_{{ app }} auto_data ${CHECK_READ_DATA} + sudo {{install_dir}}/check_method_{{ app }} auto_data ${CHECK_READ_DATA} fi # Check all apps independently @@ -40,7 +40,7 @@ for app in $(sudo /usr/bin/find /etc/yunohost/apps -name backup | cut -d / -f 5) fi done if [ "$check_app" == "true" ];then - sudo {{final_path}}/check_method_{{ app }} auto_${app} ${CHECK_READ_DATA} + sudo {{install_dir}}/check_method_{{ app }} auto_${app} ${CHECK_READ_DATA} fi done rm "$LOCK_FILE" diff --git a/conf/sudoer b/conf/sudoer new file mode 100644 index 0000000..041b40d --- /dev/null +++ b/conf/sudoer @@ -0,0 +1 @@ +__APP__ ALL=(root) NOPASSWD: /usr/bin/yunohost*, /bin/journalctl*, /usr/bin/find /etc/yunohost/apps -name backup, __INSTALL_DIR__/check_method___APP__ diff --git a/conf/systemd_check.service b/conf/systemd_check.service index 0b21ab5..41652bc 100644 --- a/conf/systemd_check.service +++ b/conf/systemd_check.service @@ -4,7 +4,7 @@ After=network.target [Service] Type=oneshot -ExecStart=__FINALPATH__/check-__APP__ +ExecStart=__INSTALL_DIR__/check-__APP__ ExecStartPost=/opt/yunohost/__APP__/restic_check_log___APP__ 0 User=__APP__ Group=__APP__ diff --git a/conf/systemd_check_read_data.service b/conf/systemd_check_read_data.service index 7cad957..0fb4135 100644 --- a/conf/systemd_check_read_data.service +++ b/conf/systemd_check_read_data.service @@ -4,7 +4,7 @@ After=network.target [Service] Type=oneshot -ExecStart=__FINALPATH__/check-__APP__ "1" +ExecStart=__INSTALL_DIR__/check-__APP__ "1" ExecStartPost=/opt/yunohost/__APP__/restic_check_log___APP__ 1 User=__APP__ Group=__APP__ diff --git a/doc/POST_INSTALL.md b/doc/POST_INSTALL.md new file mode 100644 index 0000000..d2225ab --- /dev/null +++ b/doc/POST_INSTALL.md @@ -0,0 +1,16 @@ +You should now allow the following public key for user __SSH_USER__ on server __SERVER__: + +__PUBLIC_KEY__ + +Do so by running those commands on __SERVER__ with user __SSH_USER__: + +mkdir ~/.ssh 2>/dev/null +touch ~/.ssh/authorized_keys +chmod u=rw,go= ~/.ssh/authorized_keys +cat << EOPKEY >> ~/.ssh/authorized_keys +__PUBLIC_KEY__ +EOPKEY + +Also make sure __BACKUP_PATH__ exists and is writable by __SSH_USER__ + +If you're facing an issue or want to improve this app, please open a new issue in this project: diff --git a/manifest.json b/manifest.json deleted file mode 100644 index 41e28c8..0000000 --- a/manifest.json +++ /dev/null @@ -1,160 +0,0 @@ -{ - "name": "Restic", - "id": "restic", - "packaging_format": 1, - "description": { - "en": "Backup your server with Restic", - "fr": "Sauvegardez votre serveur avec Restic" - }, - "version": "0.12.0~ynh9", - "url": "https://restic.net/", - "upstream": { - "license": "BSD-2-Clause", - "website": "https://restic.net", - "admindoc": "https://restic.readthedocs.io/en/latest/", - "code": "https://github.com/restic/restic" - }, - "license": "BSD-2-Clause", - "maintainer": { - "name": "Lionel Coupouchetty-Ramouchetty", - "email": "restic-ynh@coupouchetty-ramouchetty.fr", - "url": "https://gnoobix.net" - }, - "requirements": { - "yunohost": ">= 11.2" - }, - "multi_instance": true, - "services": [], - "arguments": { - "install" : [ - { - "name": "server", - "type": "string", - "ask": { - "en": "Indicate the server where you want put your backups", - "fr": "Indiquez le serveur où vous voulez faire vos sauvegardes" - }, - "help":{ - "en": "IP address or resolvable hostname of your destination server", - "fr": "Adresse IP ou nom résolvable de votre serveur de destination" - }, - "example": "example.com" - }, - { - "name": "port", - "type": "string", - "ask": { - "en": "sftp port of your server", - "fr": "Le port sftp de votre serveur" - }, - "help":{ - "en": "Listening port of your sftp or ssh server. The default value is 22", - "fr": "Le port d'écoute de votre serveur sftp ou ssh. La valeur par défaut est 22" - }, - "example": "22", - "default": "22" - }, - { - "name": "backup_path", - "type": "string", - "ask": { - "en": "The directory where you want your backup repositories to be created in", - "fr": "Le répertoire dans lequel les dépôts restic seront créés" - }, - "help":{ - "en": "A complete or relative path to an existing directory on the remote server writable by the remote backup user. Defaults to the login directory", - "fr": "Un chemin complet ou relatif vers un répertoire existant sur le serveur distant et accessible en écriture au compte utilisé pour la sauvegarde. Répertoire d'accueil par défaut" - }, - "example": "./backups", - "default": "." - }, - { - "name": "ssh_user", - "type": "string", - "ask": { - "en": "Indicate the ssh user to use to connect on this server", - "fr": "Indiquez l'utilisateur ssh à utiliser pour se connecter au serveur" - }, - "example": "john" - }, - { - "name": "passphrase", - "type": "password", - "ask": { - "en": "Indicate a strong passphrase, that you will keep preciously if you want to be able to use your backups", - "fr": "Indiquez une phrase de passe forte que vous garderez précieusement si vous voulez être en mesure d'utiliser vos sauvegardes" - } - }, - { - "name": "conf", - "type": "boolean", - "ask": { - "en": "Would you like to backup your YunoHost configuration ?", - "fr": "Souhaitez-vous effectuer des sauvegardes des configurations du système YunoHost ?" - }, - "default": true - }, - { - "name": "data", - "type": "boolean", - "ask": { - "en": "Would you like to backup mails and user home directory ?", - "fr": "Souhaitez-vous effectuer des sauvegardes des mails et des répertoire des utilisateurs ?" - }, - "default": true - }, - { - "name": "apps", - "type": "string", - "ask": { - "en": "Which apps would you backup (list separated by comma or 'all') ?", - "fr": "Souhaitez-vous effectuer des sauvegardes de vos applications ?" - }, - "default": "all" - }, - { - "name": "allow_extra_space_use", - "type": "boolean", - "ask": { - "en": "Allow backup method to temporarily use more space?", - "fr": "Permettre à la sauvegarde de consommer temporairement de l'espace supplémentaire?" - }, - "help":{ - "en": "Some applications as Gitlab can't be backed up with the standard method and require extra space temporarily", - "fr": "Certaines applications comme Gitlab ne peuvent être sauvegardées avec la méthode standard et nécessitent d'utiliser plus d'espace disque temporairement" - }, - "default": true - }, - { - "name": "on_calendar", - "type": "string", - "ask": { - "en": "Indicate the backup frequency (see systemd OnCalendar format)", - "fr": "Indiquez la fréquence de la sauvegarde (voir le format OnCalendar de systemd)" - }, - "example": "Daily", - "default": "*-*-* 0:15:00" - }, - { - "name": "check_on_calendar", - "type": "string", - "ask": { - "en": "Indicate the backup check frequency (see systemd OnCalendar format)", - "fr": "Indiquez la fréquence de vérification de la sauvegarde (voir le format OnCalendar de systemd)" - }, - "example": "Tue *-*-* 00:15:00", - "default": "Sat *-*-8..31 3:15:00" - }, - { - "name": "check_read_data_on_calendar", - "type": "string", - "ask": { - "en": "Indicate the complete backup check frequency (see systemd OnCalendar format)", - "fr": "Indiquez la fréquence de vérification complète de la sauvegarde (voir le format OnCalendar de systemd)" - }, - "example": "Tue *-*-* 00:15:00", - "default": "Sat *-*-1..7 3:15:00" - } - ] - } -} diff --git a/manifest.toml b/manifest.toml new file mode 100644 index 0000000..61758a0 --- /dev/null +++ b/manifest.toml @@ -0,0 +1,133 @@ +#:schema https://raw.githubusercontent.com/YunoHost/apps/master/schemas/manifest.v2.schema.json + +packaging_format = 2 + +id = "restic" +name = "Restic" +description.en = "Backup your server with Restic" +description.fr = "Sauvegardez votre serveur avec Restic" + +version = "0.12.0~ynh9" + +maintainers = ["Lionel Coupouchetty-Ramouchetty"] + +[upstream] +license = "BSD-2-Clause" +website = "https://restic.net" +admindoc = "https://restic.readthedocs.io/en/latest/" +code = "https://github.com/restic/restic" + +[integration] +yunohost = ">= 11.2" +architectures = "all" +multi_instance = true +ldap = "not_relevant" +sso = "not_relevant" +disk = "50M" # FIXME: replace with an **estimate** minimum disk requirement. e.g. 20M, 400M, 1G, ... +ram.build = "50M" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ... +ram.runtime = "50M" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ... + +[install] + [install.server] + ask.en = "Indicate the server where you want put your backups" + ask.fr = "Indiquez le serveur où vous voulez faire vos sauvegardes" + help.en = "IP address or resolvable hostname of your destination server" + help.fr = "Adresse IP ou nom résolvable de votre serveur de destination" + type = "string" + example = "example.com" + + [install.port] + ask.en = "sftp port of your server" + ask.fr = "Le port sftp de votre serveur" + help.en = "Listening port of your sftp or ssh server. The default value is 22" + help.fr = "Le port d'écoute de votre serveur sftp ou ssh. La valeur par défaut est 22" + type = "string" + example = "22" + default = "22" + + [install.backup_path] + ask.en = "The directory where you want your backup repositories to be created in" + ask.fr = "Le répertoire dans lequel les dépôts restic seront créés" + help.en = "A complete or relative path to an existing directory on the remote server writable by the remote backup user. Defaults to the login directory" + help.fr = "Un chemin complet ou relatif vers un répertoire existant sur le serveur distant et accessible en écriture au compte utilisé pour la sauvegarde. Répertoire d'accueil par défaut" + type = "string" + example = "./backups" + default = "." + + [install.ssh_user] + ask.en = "Indicate the ssh user to use to connect on this server" + ask.fr = "Indiquez l'utilisateur ssh à utiliser pour se connecter au serveur" + type = "string" + example = "john" + + [install.passphrase] + ask.en = "Indicate a strong passphrase, that you will keep preciously if you want to be able to use your backups" + ask.fr = "Indiquez une phrase de passe forte que vous garderez précieusement si vous voulez être en mesure d'utiliser vos sauvegardes" + type = "password" + + [install.conf] + ask.en = "Would you like to backup your YunoHost configuration ?" + ask.fr = "Souhaitez-vous effectuer des sauvegardes des configurations du système YunoHost ?" + type = "boolean" + default = true + + [install.data] + ask.en = "Would you like to backup mails and user home directory ?" + ask.fr = "Souhaitez-vous effectuer des sauvegardes des mails et des répertoire des utilisateurs ?" + type = "boolean" + default = true + + [install.apps] + ask.en = "Which apps would you backup (list separated by comma or 'all') ?" + ask.fr = "Souhaitez-vous effectuer des sauvegardes de vos applications ?" + type = "string" + default = "all" + + [install.allow_extra_space_use] + ask.en = "Allow backup method to temporarily use more space?" + ask.fr = "Permettre à la sauvegarde de consommer temporairement de l'espace supplémentaire?" + help.en = "Some applications as Gitlab can't be backed up with the standard method and require extra space temporarily" + help.fr = "Certaines applications comme Gitlab ne peuvent être sauvegardées avec la méthode standard et nécessitent d'utiliser plus d'espace disque temporairement" + type = "boolean" + default = true + + [install.on_calendar] + ask.en = "Indicate the backup frequency (see systemd OnCalendar format)" + ask.fr = "Indiquez la fréquence de la sauvegarde (voir le format OnCalendar de systemd)" + type = "string" + example = "Daily" + default = "*-*-* 0:15:00" + + [install.check_on_calendar] + ask.en = "Indicate the backup check frequency (see systemd OnCalendar format)" + ask.fr = "Indiquez la fréquence de vérification de la sauvegarde (voir le format OnCalendar de systemd)" + type = "string" + example = "Tue *-*-* 00:15:00" + default = "Sat *-*-8..31 3:15:00" + + [install.check_read_data_on_calendar] + ask.en = "Indicate the complete backup check frequency (see systemd OnCalendar format)" + ask.fr = "Indiquez la fréquence de vérification complète de la sauvegarde (voir le format OnCalendar de systemd)" + type = "string" + example = "Tue *-*-* 00:15:00" + default = "Sat *-*-1..7 3:15:00" + +[resources] + [resources.sources.main] + amd64.url = "https://github.com/restic/restic/releases/download/v0.16.2/restic_0.16.2_linux_amd64.bz2" + amd64.sha256 = "dae5e6e39107a66dc5c8ea59f6f27b16c54bd6be31f57e3281f6d87de30e05b0" + i386.url = "https://github.com/restic/restic/releases/download/v0.16.2/restic_0.16.2_linux_386.bz2" + i386.sha256 = "692e70ade358ad4fe19f0cd5fbaf21c3830d0f23c3d4e491a043f6cbc1b5cf59" + arm64.url = "https://github.com/restic/restic/releases/download/v0.16.2/restic_0.16.2_linux_arm64.bz2" + arm64.sha256 = "efdd75eb5c12af6fec4189aa57dc777035a87dd57204daa52293901199569157" + armhf.url = "https://github.com/restic/restic/releases/download/v0.16.2/restic_0.16.2_linux_arm.bz2" + armhf.sha256 = "60376b01b334a0cee3a59016f44dde8b336de2b6aa44f1e6e403d307990c47a0" + + in_subdir = false + rename = "restic" + + [resources.system_user] + + [resources.install_dir] + + [resources.permissions] diff --git a/scripts/_common.sh b/scripts/_common.sh index d3f701e..3ad5289 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -3,132 +3,88 @@ #================================================= # COMMON VARIABLES #================================================= -# App package root directory should be the parent folder -PKG_DIR=$(cd ../; pwd) + RESTIC_VERSION="0.16.2" +systemd_services_suffixes=( "" "_check" "_check_read_data" ) + # Install restic if restic is not here install_restic () { - architecture=$(uname -m) - arch='' - case $architecture in - i386|i686) - arch="386" - ;; - x86_64) - arch=amd64 - ;; - armv*) - arch=arm - ;; - aarch64) - arch=arm64 - ;; - *) - echo - ynh_die --message="Unsupported architecture \"$architecture\"" - ;; - esac - wget https://github.com/restic/restic/releases/download/v${RESTIC_VERSION}/restic_${RESTIC_VERSION}_linux_${arch}.bz2 -O /tmp/restic.bz2 2>&1 >/dev/null - wget https://github.com/restic/restic/releases/download/v${RESTIC_VERSION}/SHA256SUMS -O /tmp/restic-sha256sums 2>&1 >/dev/null - expected_sum=$(grep restic_${RESTIC_VERSION}_linux_${arch}.bz2 /tmp/restic-sha256sums | awk '{print $1}') - sum=$(sha256sum /tmp/restic.bz2 | awk '{print $1}') - if [ "$sum" == "$expected_sum" ];then - pkill restic || true - bunzip2 /tmp/restic.bz2 -f -c > /usr/local/bin/${app} - chmod +x /usr/local/bin/${app} - else - ynh_die --message="\nDownloaded file does not match expected sha256 sum, aborting" - fi + ynh_setup_source --source_id=main --dest_dir="$install_dir" + chmod +x "$install_dir/restic" } +_gen_and_save_public_key() { + public_key="" + + if [[ -n "$server" ]]; then + private_key="/root/.ssh/id_${app}_ed25519" + if [ ! -f "$private_key" ]; then + ssh-keygen -q -t ed25519 -N "" -f "$private_key" + fi + public_key=$(cat "$private_key.pub") + fi + + ynh_app_setting_set --app="$app" --key=public_key --value="$public_key" +} + +_set_ssh_config() { + if grep -q "$app" "/root/.ssh/config" 2>/dev/null; then + return 0 + fi + + cat << EOCONF >> /root/.ssh/config +# begin $app ssh config +Host ${server} + Hostname ${server} + Port ${port} + User ${ssh_user} + IdentityFile ${private_key} + StrictHostKeyChecking no + UserKnownHostsFile /dev/null +# end $app ssh config +EOCONF + +} + + #================================================= # COMMON HELPERS #================================================= -ynh_export () { - local ynh_arg="" - for var in $@; - do - ynh_arg=$(echo $var | awk '{print toupper($0)}') - if [ "$var" == "path_url" ]; then - ynh_arg="PATH" + +_ynh_add_config_j2() { + # Declare an array to define the options of this helper. + local legacy_args=tdv + local -A args_array=([t]=template= [d]=destination=) + local template + local destination + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + local template_path + + if [ -f "$YNH_APP_BASEDIR/conf/$template" ]; then + template_path="$YNH_APP_BASEDIR/conf/$template" + elif [ -f "$template" ]; then + template_path=$template + else + ynh_die --message="The provided template $template doesn't exist" fi - ynh_arg="YNH_APP_ARG_$ynh_arg" - export $var="${!ynh_arg}" - done + + ynh_backup_if_checksum_is_different --file="$destination" + + # Make sure to set the permissions before we copy the file + # This is to cover a case where an attacker could have + # created a file beforehand to have control over it + # (cp won't overwrite ownership / modes by default...) + touch $destination + chown root:root $destination + chmod 640 $destination + + cp -f "$template_path" "$destination" + + _ynh_apply_default_permissions $destination + + ynh_replace_vars --file="$destination" + + ynh_store_file_checksum --file="$destination" } -# Save listed var in YunoHost app settings -# usage: ynh_save_args VARNAME1 [VARNAME2 [...]] -ynh_save_args () { - for var in $@; - do - local setting_var="$var" - if [ "$var" == "path_url" ]; then - setting_var="path" - fi - ynh_app_setting_set $app $setting_var "${!var}" - done -} - -ynh_configure () { - ynh_backup_if_checksum_is_different $2 - ynh_render_template "${PKG_DIR}/conf/$1.j2" "$2" - ynh_store_file_checksum $2 -} - -# Send an email to inform the administrator -# -# usage: ynh_send_readme_to_admin app_message [recipients] -# | arg: app_message - The message to send to the administrator. -# | arg: recipients - The recipients of this email. Use spaces to separate multiples recipients. - default: root -# example: "root admin@domain" -# If you give the name of a YunoHost user, ynh_send_readme_to_admin will find its email adress for you -# example: "root admin@domain user1 user2" -ynh_send_readme_to_admin() { - local app_message="${1:-...No specific information...}" - local recipients="${2:-root}" - - # Retrieve the email of users - find_mails () { - local list_mails="$1" - local mail - local recipients=" " - # Read each mail in argument - for mail in $list_mails - do - # Keep root or a real email address as it is - if [ "$mail" = "root" ] || echo "$mail" | grep --quiet "@" - then - recipients="$recipients $mail" - else - # But replace an user name without a domain after by its email - if mail=$(ynh_user_get_info "$mail" "mail" 2> /dev/null) - then - recipients="$recipients $mail" - fi - fi - done - echo "$recipients" - } - recipients=$(find_mails "$recipients") - - local mail_subject="☁️🆈🅽🅷☁️: \`$app\` was just installed!" - - local mail_message="This is an automated message from your beloved YunoHost server. -Specific information for the application $app. -$app_message ---- -Automatic diagnosis data from YunoHost -$(yunohost tools diagnosis | grep -B 100 "services:" | sed '/services:/d')" - - # Define binary to use for mail command - if [ -e /usr/bin/bsd-mailx ] - then - local mail_bin=/usr/bin/bsd-mailx - else - local mail_bin=/usr/bin/mail.mailutils - fi - - # Send the email to the recipients - echo "$mail_message" | $mail_bin -a "Content-Type: text/plain; charset=UTF-8" -s "$mail_subject" "$recipients" -} \ No newline at end of file diff --git a/scripts/backup b/scripts/backup index 9e62a26..b15d50c 100755 --- a/scripts/backup +++ b/scripts/backup @@ -1,7 +1,5 @@ #!/bin/bash -#================================================= -# GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= @@ -10,45 +8,33 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_print_info --message="Loading installation settings..." - -export app=$YNH_APP_INSTANCE_NAME -export final_path="/opt/yunohost/${app}" - #================================================= # DECLARE DATA AND CONF FILES TO BACKUP #================================================= ynh_print_info --message="Declaring files to be backed up..." - #================================================= -# BACKUP VARIOUS FILES +# BACKUP THE APP MAIN DIR #================================================= -ynh_backup "/usr/local/bin/backup-with-$app" -ynh_backup "/etc/systemd/system/$app.service" -ynh_backup "/etc/systemd/system/$app.timer" -ynh_backup "/etc/systemd/system/${app}_check.service" -ynh_backup "/etc/systemd/system/${app}_check.timer" -ynh_backup "/etc/systemd/system/${app}_check_read_data.service" -ynh_backup "/etc/systemd/system/${app}_check_read_data.timer" -ynh_backup "/etc/yunohost/hooks.d/backup_method/05-${app}_app" -ynh_backup "${final_path}/check_method_${app}" -ynh_backup "${final_path}/restic_log_${app}" -ssh_dir="/root/.ssh" -ynh_backup "${ssh_dir}/id_${app}_ed25519" -ynh_backup "${ssh_dir}/id_${app}_ed25519.pub" -ynh_backup "${ssh_dir}/config" +ynh_backup --src_path="$install_dir" + +#================================================= +# SYSTEM CONFIGURATION +#================================================= + +for suffix in "${systemd_services_suffixes[@]}"; do + ynh_backup --src_path="/etc/systemd/system/$app$suffix.timer" + ynh_backup --src_path="/etc/systemd/system/$app$suffix.service" +done + +ynh_backup --src_path="/etc/yunohost/hooks.d/backup_method/05-${app}_app" +ynh_backup --src_path="/etc/sudoers.d/$app" + +ynh_backup --src_path="/root/.ssh/id_${app}_ed25519" +ynh_backup --src_path="/root/.ssh/id_${app}_ed25519.pub" +# FIXME: uh do we really want to backup it all? +ynh_backup --src_path="/root/.ssh/config" #================================================= # END OF SCRIPT diff --git a/scripts/install b/scripts/install index 12e922f..e7e2f6c 100755 --- a/scripts/install +++ b/scripts/install @@ -1,7 +1,5 @@ #!/bin/bash -#================================================= -# GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= @@ -9,188 +7,84 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - ynh_clean_check_starting -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# RETRIEVE ARGUMENTS FROM THE MANIFEST -#================================================= -export app=$YNH_APP_INSTANCE_NAME -export final_path="/opt/yunohost/${app}" - -# Retrieve arguments -ynh_export server port ssh_user backup_path passphrase on_calendar check_on_calendar check_read_data_on_calendar conf data apps allow_extra_space_use - #================================================= # STORE SETTINGS FROM MANIFEST #================================================= -ynh_script_progression --message="Storing installation settings..." -ynh_save_args server port ssh_user backup_path passphrase on_calendar check_on_calendar check_read_data_on_calendar conf data apps allow_extra_space_use +# passwords aren't saved by default +ynh_app_setting_set --app=$app --key=passphrase --value="$passphrase" #================================================= # INSTALL RESTIC #================================================= -ynh_script_progression --message="Installing restic binary" --weight=7 +ynh_script_progression --message="Installing Restic..." --weight=7 install_restic -#================================================= -# CREATE APP USER -#================================================= -ynh_script_progression --message="Creating user ${app}" +_gen_and_save_public_key -useradd -m ${app} - -ynh_script_progression --message="Configure ${app} user sudoer rights" - -cat > /tmp/${app}_sudoer << EOSUDOER -${app} ALL = (root) NOPASSWD: /usr/bin/yunohost*, /bin/journalctl*, /usr/bin/find /etc/yunohost/apps -name backup, ${final_path}/check_method_${app} -EOSUDOER -visudo -cf /tmp/${app}_sudoer && mv /tmp/${app}_sudoer /etc/sudoers.d/${app} - -#================================================= -# ACTIVATE BACKUP METHODS -#================================================= -ynh_script_progression --message="Activating backup methods" - -mkdir -p /etc/yunohost/hooks.d/backup_method -mkdir -p /usr/share/yunohost/backup_method +_set_ssh_config #================================================= # SETUP THE BACKUP METHOD #================================================= -ynh_script_progression --message="Setting up backup methods" +ynh_script_progression --message="Setting up backup method..." --weight=1 -ynh_configure backup_method "/etc/yunohost/hooks.d/backup_method/05-${app}_app" -ynh_configure check_method "${final_path}/check_method_${app}" +mkdir -p /etc/yunohost/hooks.d/backup +mkdir -p /etc/yunohost/hooks.d/backup_method +mkdir -p /usr/share/yunohost/backup_method + +## Backup method +_ynh_add_config_j2 --template="backup_method" --destination="/etc/yunohost/hooks.d/backup_method/05-${app}_app" +chmod go=--- "/etc/yunohost/hooks.d/backup_method/05-${app}_app" + +_ynh_add_config_j2 --template="backup-with-restic" --destination="$install_dir/backup-with-${app}" +chmod u+x "$install_dir/backup-with-restic" + +## Check method +_ynh_add_config_j2 --template="check_method" --destination="$install_dir/check_method_${app}" + +_ynh_add_config_j2 --template="check-restic" --destination="$install_dir/check-${app}" +chmod u+x "$install_dir/check-$app" + +## Backup log script +_ynh_add_config_j2 --template="restic_log" --destination="${install_dir}/restic_log_${app}" +chmod u+x "$install_dir/restic_log_${app}" + +# Check log script +_ynh_add_config_j2 --template="restic_check_log" --destination="${install_dir}/restic_check_log_${app}" +chmod u+x "$install_dir/restic_check_log_${app}" + +chown -R "$app:$app" "$install_dir" #================================================= -# SETUP LOG SCRIPTS +# SYSTEM CONFIGURATION #================================================= -ynh_script_progression --message="Setting up backup log script" +ynh_script_progression --message="Adding system configurations related to $app..." --weight=1 -ynh_configure restic_log "${final_path}/restic_log_${app}" -chmod +x "${final_path}/restic_log_${app}" -chown ${app}: "${final_path}/restic_log_${app}" +# Systemd services and timers +for suffix in "${systemd_services_suffixes[@]}"; do + ynh_add_systemd_config --service="$app$suffix" --template="systemd$suffix.service" + _ynh_add_config_j2 --template="systemd$suffix.timer" --destination="/etc/systemd/system/$app$suffix.timer" + systemctl disable --quiet "${app}$suffix.service" + systemctl enable --quiet "${app}$suffix.time" + systemctl start --quiet "${app}$suffix.time" -ynh_script_progression --message="Setting up check log script" -ynh_configure restic_check_log "${final_path}/restic_check_log_${app}" -chmod +x "${final_path}/restic_check_log_${app}" -chown ${app}: "${final_path}/restic_check_log_${app}" + yunohost service add "$app$suffix" --description="Restic backup program ($app$suffix)" \ + --test_status="systemctl show $app$suffix.service -p ActiveState --value | grep -v failed" +done -#================================================= -# CONFIGURE CRON -#================================================= -ynh_script_progression --message="Configuring cron" --weight=5 +ynh_add_config --template="sudoer" --destination="/etc/sudoers.d/$app" +chown root:root "/etc/sudoers.d/$app" -ynh_configure backup-with-restic "/usr/local/bin/backup-with-${app}" -ynh_configure check-restic "${final_path}/check-${app}" -chmod +x "/usr/local/bin/backup-with-${app}" -chown ${app}: "/usr/local/bin/backup-with-${app}" -chmod +x "${final_path}/check-${app}" -chmod +x "${final_path}/check_method_${app}" -ynh_add_systemd_config --service=${app} --template=systemd.service -ynh_add_systemd_config --service=${app}_check --template=systemd_check.service -ynh_add_systemd_config --service=${app}_check_read_data --template=systemd_check_read_data.service -ynh_configure systemd.timer "/etc/systemd/system/${app}.timer" -ynh_configure systemd_check.timer "/etc/systemd/system/${app}_check.timer" -ynh_configure systemd_check_read_data.timer "/etc/systemd/system/${app}_check_read_data.timer" -systemctl disable --quiet ${app}.service -systemctl disable --quiet ${app}_check.service -systemctl disable --quiet ${app}_check_read_data.service -systemctl enable --quiet ${app}.timer -systemctl enable --quiet ${app}_check.timer -systemctl enable --quiet ${app}_check_read_data.timer -systemctl start ${app}.timer -systemctl start ${app}_check.timer -systemctl start ${app}_check_read_data.timer +ynh_use_logrotate --logfile="/var/log/restic_backup_${app}.log" +ynh_use_logrotate --logfile="/var/log/restic_backup_${app}.err" +ynh_use_logrotate --logfile="/var/log/restic_check_${app}.log" +ynh_use_logrotate --logfile="/var/log/restic_check_${app}.err" -#================================================= -# SET PERMISSIONS ON FINAL PATH -#================================================= -ynh_script_progression --message="Set permissions on ${final_path}" - -chown -R ${app}: ${final_path} - -#================================================= -# SETUP LOGROTATE -#================================================= -ynh_script_progression --message="Configuring logrotate" - -ynh_use_logrotate --logfile=/var/log/restic_backup_${app}.log -ynh_use_logrotate --logfile=/var/log/restic_backup_${app}.err -ynh_use_logrotate --logfile=/var/log/restic_check_${app}.log -ynh_use_logrotate --logfile=/var/log/restic_check_${app}.err - -#================================================= -# GENERATE SSH KEY -#================================================= -ynh_script_progression --message="Generating private key" - -ssh_dir="/root/.ssh" -if [ ! -d "${ssh_dir}" ];then - mkdir -p "${ssh_dir}" -fi -private_key="${ssh_dir}/id_${app}_ed25519" -test -f $private_key || ssh-keygen -q -t ed25519 -N "" -f $private_key - -#================================================= -# GENERATE SSH CONFIG -#================================================= -ynh_script_progression --message="Generating ssh config for ${app} server ${server}" - -grep -q "${app}" ${ssh_dir}/config 2>/dev/null || cat << EOCONF >> ${ssh_dir}/config -# begin $app ssh config -Host ${server} - Hostname ${server} - Port ${port} - User ${ssh_user} - IdentityFile ${private_key} - StrictHostKeyChecking no - UserKnownHostsFile /dev/null -# end $app ssh config -EOCONF - -#================================================= -# Display key -#================================================= -ynh_script_progression --message="You should now allow the following public key for user ${ssh_user} on server ${server}: - -$(cat ${private_key}.pub)" - -#================================================= -# SEND A README FOR THE ADMIN -#================================================= -ynh_script_progression --message="Sending post-installation instructions to admin" --last - -message="You should now allow the following public key for user ${ssh_user} on server ${server}: -$(cat ${private_key}.pub) - -Do so by running those commands on ${server} with user ${ssh_user}: - -mkdir ~/.ssh 2>/dev/null -touch ~/.ssh/authorized_keys -chmod u=rw,go= ~/.ssh/authorized_keys -cat << EOPKEY >> ~/.ssh/authorized_keys -$(cat ${private_key}.pub) -EOPKEY - -$(if [ "$backup_path" != "./" ];then echo "Also make sure ${backup_path} exists and is writable by ${ssh_user}";fi) - -If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/restic_ynh" - -ynh_send_readme_to_admin "$message" "root" #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Installation of $app completed" +ynh_script_progression --message="Installation of $app completed" --last diff --git a/scripts/remove b/scripts/remove index 9d2927e..b69166d 100755 --- a/scripts/remove +++ b/scripts/remove @@ -1,7 +1,5 @@ #!/bin/bash -#================================================= -# GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= @@ -9,71 +7,37 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." - -app=$YNH_APP_INSTANCE_NAME -export final_path="/opt/yunohost/${app}" #================================================= -# REMOVE LOGROTATE CONFIGURATION +# REMOVE SYSTEM CONFIGURATIONS #================================================= -ynh_script_progression --message="Removing logrotate configuration..." +ynh_script_progression --message="Removing system configurations related to $app..." --weight=1 + +# Systemd services and timers +for suffix in "${systemd_services_suffixes[@]}"; do + if ynh_exec_warn_less yunohost service status "$app_suffix" >/dev/null; then + yunohost service remove "$app_suffix" + fi + systemctl stop "$app$suffix.timer" + systemctl --quiet disable "$app$suffix.timer" + ynh_remove_systemd_config --service="$app$suffix" + ynh_secure_remove "/etc/systemd/system/$app$suffix.timer" +done # Remove the app-specific logrotate config ynh_remove_logrotate -#================================================= -# REMOVE DEPENDENCIES -#================================================= -ynh_script_progression --message="Removing dependencies..." --weight=4 +# Remove sudoers +rm "/etc/sudoers.d/$app" -# Remove metapackage and its dependencies -ynh_remove_app_dependencies - -#================================================= -# SPECIFIC REMOVE -#================================================= -# REMOVE VARIOUS FILES -#================================================= -ynh_script_progression --message="Removing various files..." --weight=2 - -systemctl stop ${app}.timer -systemctl --quiet disable ${app}.timer -ynh_remove_systemd_config --service=${app} -ynh_remove_systemd_config --service=${app}_check -ynh_remove_systemd_config --service=${app}_check_read_data -ynh_secure_remove "/etc/systemd/system/${app}.timer" -ynh_secure_remove "/etc/systemd/system/${app}_check.timer" -ynh_secure_remove "/etc/systemd/system/${app}_check_read_data.timer" -ynh_secure_remove "/usr/local/bin/backup-with-${app}" ynh_secure_remove "/etc/yunohost/hooks.d/backup_method/05-${app}_app" -ynh_secure_remove "${final_path}/check_method_${app}" -ynh_secure_remove "${final_path}/check-${app}" -ynh_secure_remove "${final_path}/restic_log_${app}" -ynh_secure_remove "${final_path}/restic_check_log_${app}" -ynh_secure_remove "${final_path}" #================================================= # REMOVE SSH CONFIG #================================================= ynh_script_progression --message="Removing ssh config" -ssh_dir="/root/.ssh" -sed -e "/begin ${app}/,/end ${app}/{/.*/d}" ${ssh_dir}/config -i || true - -#================================================= -# GENERIC FINALIZATION -#================================================= -# REMOVE DEDICATED USER -#================================================= -ynh_script_progression --message="Removing sudoers rights for user ${app}" -rm /etc/sudoers.d/${app} - -ynh_script_progression --message="Removing ${app} user" --last -userdel ${app} +sed -e "/begin ${app}/,/end ${app}/{/.*/d}" /root/.ssh/config -i || true #================================================= # END OF SCRIPT diff --git a/scripts/restore b/scripts/restore index fb89b7f..1ad8759 100755 --- a/scripts/restore +++ b/scripts/restore @@ -1,7 +1,5 @@ #!/bin/bash -#================================================= -# GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= @@ -11,53 +9,47 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers #================================================= -# MANAGE SCRIPT FAILURE +# RESTORE THE APP MAIN DIR #================================================= +ynh_script_progression --message="Restoring the app main directory..." --weight=1 -ynh_clean_setup () { - ynh_clean_check_starting -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors +ynh_restore_file --origin_path="$install_dir" -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." - -export app=$YNH_APP_INSTANCE_NAME - -export server=$(ynh_app_setting_get --app=$app --key=server) - -export final_path="/opt/yunohost/${app}" - -#================================================= -# INSTALL RESTIC -#================================================= install_restic +chown -R "$app:$app" "$install_dir" + #================================================= # ACTIVATE BACKUP METHODS #================================================= +ynh_script_progression --message="Setting up backup method..." --weight=1 + +mkdir -p /etc/yunohost/hooks.d/backup mkdir -p /etc/yunohost/hooks.d/backup_method mkdir -p /usr/share/yunohost/backup_method -#================================================= -# RESTORE FILES -#================================================= - -ynh_restore +ynh_restore_file --origin_path="/etc/yunohost/hooks.d/backup_method/05-${app}_app" +chmod go=--- "/etc/yunohost/hooks.d/backup_method/05-${app}_app" #================================================= -# ENABLE TIMER +# RESTORE SYSTEM CONFIGURATIONS #================================================= +ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1 -systemctl enable --quiet ${app}.timer -systemctl enable --quiet ${app}_check.timer -systemctl enable --quiet ${app}_check_read_data.timer -systemctl start ${app}.timer -systemctl start ${app}_check.timer -systemctl start ${app}_check_read_data.timer +ynh_restore_file --origin_path="/etc/sudoers.d/$app" +chown root:root "/etc/sudoers.d/$app" + +ynh_restore --origin_path="/root/.ssh/id_${app}_ed25519" +ynh_restore --origin_path="/root/.ssh/id_${app}_ed25519.pub" +# FIXME: restore the .ssh/config instead? +_set_ssh_config + +for suffix in "${systemd_services_suffixes[@]}"; do + ynh_restore_file --origin_path="/etc/systemd/system/$app$suffix.timer" + ynh_restore_file --origin_path="/etc/systemd/system/$app$suffix.service" + systemctl enable "$app$suffix.timer" + systemctl start "$app$suffix.timer" +done #================================================= # END OF SCRIPT diff --git a/scripts/upgrade b/scripts/upgrade index 2709a7f..832b45e 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,7 +1,5 @@ #!/bin/bash -#================================================= -# GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= @@ -10,46 +8,31 @@ source _common.sh source /usr/share/yunohost/helpers #================================================= -# LOAD SETTINGS +# STOP SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Loading installation settings..." - -export app=$YNH_APP_INSTANCE_NAME - -export final_path="/opt/yunohost/${app}" -export server=$(ynh_app_setting_get $app server) -export port=$(ynh_app_setting_get $app port) -export ssh_user=$(ynh_app_setting_get $app ssh_user) -export backup_path=$(ynh_app_setting_get $app backup_path) -export passphrase=$(ynh_app_setting_get $app passphrase) -export on_calendar=$(ynh_app_setting_get $app on_calendar) -export check_on_calendar=$(ynh_app_setting_get $app check_on_calendar) -export check_read_data_on_calendar=$(ynh_app_setting_get $app check_read_data_on_calendar) -export conf=$(ynh_app_setting_get $app conf) -export data=$(ynh_app_setting_get $app data) -export apps=$(ynh_app_setting_get $app apps) -export allow_extra_space_use=$(ynh_app_setting_get $app allow_extra_space_use) +ynh_script_progression --message="Stopping $app's systemd service..." --weight=1 #================================================= -# CHECK VERSION +# ENSURE DOWNWARD COMPATIBILITY #================================================= +#ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 + -upgrade_type=$(ynh_check_app_version_changed) #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= -ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." +#REMOVEME? ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." # Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { +#REMOVEME? ynh_backup_before_upgrade +#REMOVEME? ynh_clean_setup () { ynh_clean_check_starting # Restore it if the upgrade fails - ynh_restore_upgradebackup +#REMOVEME? ynh_restore_upgradebackup } # Exit if an error occurs during the execution of the script -ynh_abort_if_errors +#REMOVEME? ynh_abort_if_errors if grep "${app}.timer" /etc/yunohost/services.yml > /dev/null ; then @@ -73,7 +56,7 @@ ynh_script_progression --message="Creating user ${app}" id ${app} 2>/dev/null || useradd -m ${app} ynh_script_progression --message="Configure ${app} user sudoer rights" cat > /tmp/${app}_sudoer << EOSUDOER -${app} ALL = (root) NOPASSWD: /usr/bin/yunohost*, /bin/journalctl*, /usr/bin/find /etc/yunohost/apps -name backup, ${final_path}/check_method_${app} +${app} ALL = (root) NOPASSWD: /usr/bin/yunohost*, /bin/journalctl*, /usr/bin/find /etc/yunohost/apps -name backup, ${install_dir}/check_method_${app} EOSUDOER visudo -cf /tmp/${app}_sudoer && mv /tmp/${app}_sudoer /etc/sudoers.d/${app} ynh_script_progression --message="Move ssh keys from root to ${app} user's home" @@ -116,21 +99,21 @@ mkdir -p /usr/share/yunohost/backup_method ynh_script_progression --message="Setting up backup methods" ynh_configure backup_method "/etc/yunohost/hooks.d/backup_method/05-${app}_app" -ynh_configure check_method "${final_path}/check_method_${app}" +ynh_configure check_method "${install_dir}/check_method_${app}" #================================================= # SETUP LOG SCRIPTS #================================================= ynh_script_progression --message="Setting up backup log script" -ynh_configure restic_log "${final_path}/restic_log_${app}" -chmod +x "${final_path}/restic_log_${app}" -chown ${app}: "${final_path}/restic_log_${app}" +ynh_configure restic_log "${install_dir}/restic_log_${app}" +chmod +x "${install_dir}/restic_log_${app}" +chown ${app}: "${install_dir}/restic_log_${app}" ynh_script_progression --message="Setting up check log script" -ynh_configure restic_check_log "${final_path}/restic_check_log_${app}" -chmod +x "${final_path}/restic_check_log_${app}" -chown ${app}: "${final_path}/restic_check_log_${app}" +ynh_configure restic_check_log "${install_dir}/restic_check_log_${app}" +chmod +x "${install_dir}/restic_check_log_${app}" +chown ${app}: "${install_dir}/restic_check_log_${app}" #================================================= # CONFIGURE CRON @@ -138,11 +121,11 @@ chown ${app}: "${final_path}/restic_check_log_${app}" ynh_script_progression --message="Configuring cron" --weight=5 ynh_configure backup-with-restic "/usr/local/bin/backup-with-${app}" -ynh_configure check-restic "${final_path}/check-${app}" +ynh_configure check-restic "${install_dir}/check-${app}" chmod +x "/usr/local/bin/backup-with-${app}" chown ${app}: "/usr/local/bin/backup-with-${app}" -chmod +x "${final_path}/check-${app}" -chmod +x "${final_path}/check_method_${app}" +chmod +x "${install_dir}/check-${app}" +chmod +x "${install_dir}/check_method_${app}" ynh_add_systemd_config --service=${app} --template=systemd.service ynh_add_systemd_config --service=${app}_check --template=systemd_check.service ynh_add_systemd_config --service=${app}_check_read_data --template=systemd_check_read_data.service diff --git a/tests.toml b/tests.toml new file mode 100644 index 0000000..050cb44 --- /dev/null +++ b/tests.toml @@ -0,0 +1,38 @@ +#:schema https://raw.githubusercontent.com/YunoHost/apps/master/schemas/tests.v1.schema.json + +test_format = 1.0 + +[default] + + args.repository = "ssh://sam@domain.tld:22/~/backup" + args.passphrase = "A_Passphrase" + args.conf = 1 + args.data = 1 + args.apps = "all" + args.on_calendar = "Daily" + args.mailalert = "errors_only" + + # ------------------------------- + # Commits to test upgrade from + # ------------------------------- + + [default.test_upgrade_from.d1cd666ee27f5cfb8e40c6f44a09370381b41b35] + name = "Older ynh 11 version" + args.server = "domain.tld:22" + args.ssh_user = "package_checker" + args.passphrase = "A_Passphrase" + args.conf = 1 + args.data = 1 + args.apps = "all" + args.on_calendar = "Daily" + args.mailalert = "never" + + +[local_directory] + args.repository = "/mnt/backup" + args.passphrase = "A_Passphrase" + args.conf = 1 + args.data = 1 + args.apps = "all" + args.on_calendar = "Daily" + args.mailalert = "errors_only" From 10659e224c38d2add95cc4436f097d3f85bd18cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Sat, 25 May 2024 09:46:27 +0200 Subject: [PATCH 02/32] Fix tests --- check_process | 31 ----------------------------- tests.toml | 55 ++++++++++++++++++++++++++++----------------------- 2 files changed, 30 insertions(+), 56 deletions(-) delete mode 100644 check_process diff --git a/check_process b/check_process deleted file mode 100644 index 6660ec3..0000000 --- a/check_process +++ /dev/null @@ -1,31 +0,0 @@ -;; Test complet - ; Manifest - server="dst.domain.tld" - ssh_user="sam" - passphrase="APassphrase" - conf=1 - port=2222 - backup_path=src.domain.tld - data=1 - app="all" - allow_extra_space_use=1 - on_calendar="Daily" - check_on_calendar="*-*-8,15,22 3:15" - check_read_data_on_calendar="*-*-1 3:15" - ; Checks - pkg_linter=1 - setup_sub_dir=0 - setup_root=0 - setup_nourl=1 - setup_private=0 - setup_public=0 - upgrade=1 - # 0.12.0~ynh9 - upgrade=1 from_commit=526944051f68f4149e415be4e862ce3c69d69f18 - backup_restore=1 - multi_instance=1 - port_already_use=0 - change_url=0 -;;; Options -Email=restic-ynh@coupouchetty-ramouchetty.fr -Notification=down diff --git a/tests.toml b/tests.toml index 050cb44..3797e16 100644 --- a/tests.toml +++ b/tests.toml @@ -4,35 +4,40 @@ test_format = 1.0 [default] - args.repository = "ssh://sam@domain.tld:22/~/backup" - args.passphrase = "A_Passphrase" + args.server = "dst.domain.tld" + args.ssh_user = "sam" + args.passphrase = "APassphrase" args.conf = 1 + args.port = 2222 + args.backup_path = "src.domain.tld" args.data = 1 - args.apps = "all" + args.app = "all" + args.allow_extra_space_use = 1 args.on_calendar = "Daily" - args.mailalert = "errors_only" + args.check_on_calendar = "*-*-8,15,22 3:15" + args.check_read_data_on_calendar = "*-*-1 3:15" - # ------------------------------- - # Commits to test upgrade from - # ------------------------------- +# # ------------------------------- +# # Commits to test upgrade from +# # ------------------------------- - [default.test_upgrade_from.d1cd666ee27f5cfb8e40c6f44a09370381b41b35] - name = "Older ynh 11 version" - args.server = "domain.tld:22" - args.ssh_user = "package_checker" - args.passphrase = "A_Passphrase" - args.conf = 1 - args.data = 1 - args.apps = "all" - args.on_calendar = "Daily" - args.mailalert = "never" +# [default.test_upgrade_from.d1cd666ee27f5cfb8e40c6f44a09370381b41b35] +# name = "Older ynh 11 version" +# args.server = "domain.tld:22" +# args.ssh_user = "package_checker" +# args.passphrase = "A_Passphrase" +# args.conf = 1 +# args.data = 1 +# args.apps = "all" +# args.on_calendar = "Daily" +# args.mailalert = "never" -[local_directory] - args.repository = "/mnt/backup" - args.passphrase = "A_Passphrase" - args.conf = 1 - args.data = 1 - args.apps = "all" - args.on_calendar = "Daily" - args.mailalert = "errors_only" +# [local_directory] +# args.repository = "/mnt/backup" +# args.passphrase = "A_Passphrase" +# args.conf = 1 +# args.data = 1 +# args.apps = "all" +# args.on_calendar = "Daily" +# args.mailalert = "errors_only" From 58356e7f34de01408fc5888c19c7ad03972d4583 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Sat, 25 May 2024 10:50:29 +0200 Subject: [PATCH 03/32] fix j2 template names --- scripts/install | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/scripts/install b/scripts/install index e7e2f6c..0493634 100755 --- a/scripts/install +++ b/scripts/install @@ -35,24 +35,24 @@ mkdir -p /etc/yunohost/hooks.d/backup_method mkdir -p /usr/share/yunohost/backup_method ## Backup method -_ynh_add_config_j2 --template="backup_method" --destination="/etc/yunohost/hooks.d/backup_method/05-${app}_app" +_ynh_add_config_j2 --template="backup_method.j2" --destination="/etc/yunohost/hooks.d/backup_method/05-${app}_app" chmod go=--- "/etc/yunohost/hooks.d/backup_method/05-${app}_app" -_ynh_add_config_j2 --template="backup-with-restic" --destination="$install_dir/backup-with-${app}" +_ynh_add_config_j2 --template="backup-with-restic.j2" --destination="$install_dir/backup-with-${app}" chmod u+x "$install_dir/backup-with-restic" ## Check method -_ynh_add_config_j2 --template="check_method" --destination="$install_dir/check_method_${app}" +_ynh_add_config_j2 --template="check_method.j2" --destination="$install_dir/check_method_${app}" -_ynh_add_config_j2 --template="check-restic" --destination="$install_dir/check-${app}" +_ynh_add_config_j2 --template="check-restic.j2" --destination="$install_dir/check-${app}" chmod u+x "$install_dir/check-$app" ## Backup log script -_ynh_add_config_j2 --template="restic_log" --destination="${install_dir}/restic_log_${app}" +_ynh_add_config_j2 --template="restic_log.j2" --destination="${install_dir}/restic_log_${app}" chmod u+x "$install_dir/restic_log_${app}" # Check log script -_ynh_add_config_j2 --template="restic_check_log" --destination="${install_dir}/restic_check_log_${app}" +_ynh_add_config_j2 --template="restic_check_log.j2" --destination="${install_dir}/restic_check_log_${app}" chmod u+x "$install_dir/restic_check_log_${app}" chown -R "$app:$app" "$install_dir" @@ -65,7 +65,7 @@ ynh_script_progression --message="Adding system configurations related to $app.. # Systemd services and timers for suffix in "${systemd_services_suffixes[@]}"; do ynh_add_systemd_config --service="$app$suffix" --template="systemd$suffix.service" - _ynh_add_config_j2 --template="systemd$suffix.timer" --destination="/etc/systemd/system/$app$suffix.timer" + _ynh_add_config_j2 --template="systemd$suffix.timer.j2" --destination="/etc/systemd/system/$app$suffix.timer" systemctl disable --quiet "${app}$suffix.service" systemctl enable --quiet "${app}$suffix.time" systemctl start --quiet "${app}$suffix.time" From 08958e6897fabc01e4bec58167d82272529ffcba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Sat, 25 May 2024 12:30:33 +0200 Subject: [PATCH 04/32] fix unit name --- scripts/install | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/install b/scripts/install index 0493634..04f7352 100755 --- a/scripts/install +++ b/scripts/install @@ -67,8 +67,8 @@ for suffix in "${systemd_services_suffixes[@]}"; do ynh_add_systemd_config --service="$app$suffix" --template="systemd$suffix.service" _ynh_add_config_j2 --template="systemd$suffix.timer.j2" --destination="/etc/systemd/system/$app$suffix.timer" systemctl disable --quiet "${app}$suffix.service" - systemctl enable --quiet "${app}$suffix.time" - systemctl start --quiet "${app}$suffix.time" + systemctl enable --quiet "${app}$suffix.timer" + systemctl start --quiet "${app}$suffix.timer" yunohost service add "$app$suffix" --description="Restic backup program ($app$suffix)" \ --test_status="systemctl show $app$suffix.service -p ActiveState --value | grep -v failed" From 252a83093b6d7f970f3639a1f26eb672f2dfc853 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Sat, 25 May 2024 12:38:32 +0200 Subject: [PATCH 05/32] oops fix _ynh_add_config_j2 --- scripts/_common.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index 3ad5289..bc71998 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -80,11 +80,9 @@ _ynh_add_config_j2() { chown root:root $destination chmod 640 $destination - cp -f "$template_path" "$destination" + ynh_render_template "$template_path" "$destination" _ynh_apply_default_permissions $destination - ynh_replace_vars --file="$destination" - ynh_store_file_checksum --file="$destination" } From ecad8101e0f90128674279d076d3aca0eb8b892e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Sat, 25 May 2024 12:54:59 +0200 Subject: [PATCH 06/32] Fix : $app -> restic --- scripts/install | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/scripts/install b/scripts/install index 04f7352..0afffb8 100755 --- a/scripts/install +++ b/scripts/install @@ -38,22 +38,22 @@ mkdir -p /usr/share/yunohost/backup_method _ynh_add_config_j2 --template="backup_method.j2" --destination="/etc/yunohost/hooks.d/backup_method/05-${app}_app" chmod go=--- "/etc/yunohost/hooks.d/backup_method/05-${app}_app" -_ynh_add_config_j2 --template="backup-with-restic.j2" --destination="$install_dir/backup-with-${app}" +_ynh_add_config_j2 --template="backup-with-restic.j2" --destination="$install_dir/backup-with-restic" chmod u+x "$install_dir/backup-with-restic" ## Check method -_ynh_add_config_j2 --template="check_method.j2" --destination="$install_dir/check_method_${app}" +_ynh_add_config_j2 --template="check_method.j2" --destination="$install_dir/check_method_restic" -_ynh_add_config_j2 --template="check-restic.j2" --destination="$install_dir/check-${app}" -chmod u+x "$install_dir/check-$app" +_ynh_add_config_j2 --template="check-restic.j2" --destination="$install_dir/check-restic" +chmod u+x "$install_dir/check-restic" ## Backup log script -_ynh_add_config_j2 --template="restic_log.j2" --destination="${install_dir}/restic_log_${app}" -chmod u+x "$install_dir/restic_log_${app}" +_ynh_add_config_j2 --template="restic_log.j2" --destination="$install_dir/restic_log" +chmod u+x "$install_dir/restic_log" # Check log script -_ynh_add_config_j2 --template="restic_check_log.j2" --destination="${install_dir}/restic_check_log_${app}" -chmod u+x "$install_dir/restic_check_log_${app}" +_ynh_add_config_j2 --template="restic_check_log.j2" --destination="$install_dir/restic_check_log" +chmod u+x "$install_dir/restic_check_log" chown -R "$app:$app" "$install_dir" From f27ce2bdd96454ef3c8937d6e315b81ee9b59478 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Sat, 25 May 2024 22:20:53 +0200 Subject: [PATCH 07/32] Cleanup packagingv2 --- scripts/_common.sh | 5 ----- scripts/install | 3 ++- scripts/restore | 3 ++- scripts/upgrade | 3 ++- 4 files changed, 6 insertions(+), 8 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index bc71998..0cd3e6b 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -8,11 +8,6 @@ RESTIC_VERSION="0.16.2" systemd_services_suffixes=( "" "_check" "_check_read_data" ) -# Install restic if restic is not here -install_restic () { - ynh_setup_source --source_id=main --dest_dir="$install_dir" - chmod +x "$install_dir/restic" -} _gen_and_save_public_key() { public_key="" diff --git a/scripts/install b/scripts/install index 0afffb8..63575b6 100755 --- a/scripts/install +++ b/scripts/install @@ -19,7 +19,8 @@ ynh_app_setting_set --app=$app --key=passphrase --value="$passphrase" #================================================= ynh_script_progression --message="Installing Restic..." --weight=7 -install_restic +ynh_setup_source --source_id=main --dest_dir="$install_dir" +chmod +x "$install_dir/restic" _gen_and_save_public_key diff --git a/scripts/restore b/scripts/restore index 1ad8759..d3a8fc9 100755 --- a/scripts/restore +++ b/scripts/restore @@ -15,7 +15,8 @@ ynh_script_progression --message="Restoring the app main directory..." --weight= ynh_restore_file --origin_path="$install_dir" -install_restic +ynh_setup_source --source_id=main --dest_dir="$install_dir" +chmod +x "$install_dir/restic" chown -R "$app:$app" "$install_dir" diff --git a/scripts/upgrade b/scripts/upgrade index 832b45e..5144da8 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -46,7 +46,8 @@ fi #================================================= ynh_script_progression --message="Installing restic binary" --weight=7 -install_restic +ynh_setup_source --source_id=main --dest_dir="$install_dir" +chmod +x "$install_dir/restic" #================================================= # CREATE APP USER From bc1b1275c6e9e4da6ea8903603e922adbeb2ed0c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Sat, 25 May 2024 22:25:00 +0200 Subject: [PATCH 08/32] Cleanup packagingv2, debug --- scripts/install | 4 ++-- scripts/remove | 4 ++-- scripts/restore | 6 ++++-- scripts/upgrade | 4 ++-- 4 files changed, 10 insertions(+), 8 deletions(-) diff --git a/scripts/install b/scripts/install index 63575b6..e221a7c 100755 --- a/scripts/install +++ b/scripts/install @@ -67,9 +67,9 @@ ynh_script_progression --message="Adding system configurations related to $app.. for suffix in "${systemd_services_suffixes[@]}"; do ynh_add_systemd_config --service="$app$suffix" --template="systemd$suffix.service" _ynh_add_config_j2 --template="systemd$suffix.timer.j2" --destination="/etc/systemd/system/$app$suffix.timer" - systemctl disable --quiet "${app}$suffix.service" + ynh_systemd_action --service="${app}$suffix.service" --action="disable" systemctl enable --quiet "${app}$suffix.timer" - systemctl start --quiet "${app}$suffix.timer" + ynh_systemd_action --service="${app}$suffix.timer" --action="start" yunohost service add "$app$suffix" --description="Restic backup program ($app$suffix)" \ --test_status="systemctl show $app$suffix.service -p ActiveState --value | grep -v failed" diff --git a/scripts/remove b/scripts/remove index b69166d..2384c09 100755 --- a/scripts/remove +++ b/scripts/remove @@ -18,8 +18,8 @@ for suffix in "${systemd_services_suffixes[@]}"; do if ynh_exec_warn_less yunohost service status "$app_suffix" >/dev/null; then yunohost service remove "$app_suffix" fi - systemctl stop "$app$suffix.timer" - systemctl --quiet disable "$app$suffix.timer" + ynh_systemd_action --service="$app$suffix.timer" --action="stop" + ynh_systemd_action --service="$app$suffix.timer" --action="disable" ynh_remove_systemd_config --service="$app$suffix" ynh_secure_remove "/etc/systemd/system/$app$suffix.timer" done diff --git a/scripts/restore b/scripts/restore index d3a8fc9..e1a6919 100755 --- a/scripts/restore +++ b/scripts/restore @@ -13,6 +13,8 @@ source /usr/share/yunohost/helpers #================================================= ynh_script_progression --message="Restoring the app main directory..." --weight=1 +find '/home/yunohost.backup/tmp/Backup_test/apps/restic/backup' + ynh_restore_file --origin_path="$install_dir" ynh_setup_source --source_id=main --dest_dir="$install_dir" @@ -48,8 +50,8 @@ _set_ssh_config for suffix in "${systemd_services_suffixes[@]}"; do ynh_restore_file --origin_path="/etc/systemd/system/$app$suffix.timer" ynh_restore_file --origin_path="/etc/systemd/system/$app$suffix.service" - systemctl enable "$app$suffix.timer" - systemctl start "$app$suffix.timer" + systemctl enable --quiet "$app$suffix.timer" + ynh_systemd_action --service="$app$suffix.timer" --action="start" done #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 5144da8..1c82855 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -37,8 +37,8 @@ ynh_script_progression --message="Stopping $app's systemd service..." --weight=1 if grep "${app}.timer" /etc/yunohost/services.yml > /dev/null ; then yunohost service remove $app.timer - systemctl --quiet enable $app.timer - systemctl start $app.timer + ynh_systemd_action --service="$app.timer" --action="enable" + ynh_systemd_action --service="$app.timer" --action="start" fi #================================================= From 59936847cce63f51acaec8774d81fabb20e10976 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Sat, 25 May 2024 22:25:50 +0200 Subject: [PATCH 09/32] update doc the wrong way lol --- doc/DESCRIPTION.md | 143 +++++++++++++++++++++++++++++++++++++++++++++ doc/DISCLAIMER.md | 143 --------------------------------------------- 2 files changed, 143 insertions(+), 143 deletions(-) delete mode 100644 doc/DISCLAIMER.md diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md index afa199e..071e154 100644 --- a/doc/DESCRIPTION.md +++ b/doc/DESCRIPTION.md @@ -3,3 +3,146 @@ A [Restic](https://restic.net/) package for YunoHost (heavily inspired by [the B Restic is a backup tool that can make local and remote backups. This package uses restic to make backups to a sftp server. The package does not handle local backups yet but you can work around that by using the local sftp server as target server (see my comment [here](https://forum.yunohost.org/t/sauvegarde-yunohost-avec-restic/10275/33)). + +## Usage + +If you want to backup your server A onto the server B. + +## Setup Restic app on Server A + +Firstly set up this app on the server A you want to backup: + +``` +$ yunohost app install https://github.com/YunoHost-Apps/restic_ynh +Indicate the server where you want put your backups: serverb.domain.tld +sftp port of your server (default: 22): 2222 +The directory where you want your backup repositories to be created in (default: ./): ./servera.domain.tld +Indicate the ssh user to use to connect on this server: servera +You are now about to define a new user password. The password should be at least 8 characters - though it is good practice to use longer password (i.e. a passphrase) and/or to use various kind of characters (uppercase, lowercase, digits and special characters). +Indicate a strong passphrase, that you will keep preciously if you want to be able to use your backups: +Would you like to backup your YunoHost configuration ? [yes | no] (default: yes): +Would you like to backup mails and user home directory ? [yes | no] (default: yes): +Which apps would you backup (list separated by comma or 'all') ? (default: all): gitlab,blogotext,sogo +Allow backup method to temporarily use more space? [yes | no] (default: yes): +Indicate the backup frequency (see systemd OnCalendar format) (default: *-*-* 0:15:00): *-*-* 0:05 +Indicate the backup check frequency (see systemd OnCalendar format) (default: Sat *-*-8..31 3:15:00): +Indicate the complete backup check frequency (see systemd OnCalendar format) (default: Sun *-*-1..7 3:15:00): +``` + +You can schedule your backup by choosing an other frequency. Some example: + +Monthly : + +Weekly : + +Daily : Daily at midnight + +Hourly : Hourly o Clock + +Sat *-*-1..7 18:00:00 : The first saturday of every month at 18:00 + +4:00 : Every day at 4 AM + +5,17:00 : Every day at 5 AM and at 5 PM + +See here for more info : https://wiki.archlinux.org/index.php/Systemd/Timers#Realtime_timer + +After each invocation an e-mail will be sent to root@yourdomain.tld with the execution log. + +Restic can check backups consistency and verify the actual backed up data has not been modified. +If you use the default values for the backup checks frequencies, a full check will be made on the first day of each month and a simple check will be made on each one of the three remaining weeks of the month. + +At the end of the installation, the app displays the public_key and the user to give to the person who has access to the server B. + +You should now authorize the public key for user `servera` on server B by logging into server B with user `servera` and running: + +``` +mkdir ~/.ssh -p 2>/dev/null +touch ~/.ssh/authorized_keys +chmod u=rw,go= ~/.ssh/authorized_keys +cat << EOPKEY >> ~/.ssh/authorized_keys + +EOPKEY +``` +If you don't find the mail and you don't see the message in the log bar you can find the public_key with this command: +``` +cat /root/.ssh/id_restic_ed25519.pub +``` + +## (Optional) set sftp jail on server B + +To improve security, make sure user `servera` can only do sftp and can only access his home directory on server B. +This is how you would do it on Debian/Ubuntu, otherwise refer to your distribution manual (don't forget to replace `servera` with the real username) + +``` +cat << EOCONFIG >> /etc/ssh/sshd_config +Match User servera + ChrootDirectory %h + ForceCommand internal-sftp + AllowTcpForwarding no + X11Forwarding no +EOCONFIG +service ssh restart +``` + +## Test +At this step your backup should schedule. + +If you want to be sure, you can test it by running on server A: +``` +systemctl start restic.service +``` + +Next you can verify the backup contents by running on server A +``` +restic -r sftp:serverb.domain.tld:servera.domain.tld/auto_conf snapshots +``` + +Replace `auto_conf` with `auto_` if you did not choose to backup configuration but only applications. + +If you want to check the backups consistency: +``` +systemctl start restic_check.service +``` + +If you want to make a complete check of the backups - keep in mind that this reads all the backed up data, it can take some time depending on your target server upload speed (more on this topic in [the Restic documentation](https://restic.readthedocs.io/en/latest/045_working_with_repos.html#checking-integrity-and-consistency)): +``` +systemctl start restic_check_read_data.service +``` + +## Display the apps list to backup + +``` +yunohost app setting restic apps +``` + +## Edit the apps list to backup + +``` +yunohost app setting restic apps -v "nextcloud,wordpress" +``` + +## Launch a backup + +``` +systemctl start restic +``` + +## Launch a backups check + +``` +systemctl start restic_check.service +``` + +## Launch a complete backups check + +WARNING: this will read data from your backups destination server. +It may take a quite long time depending on the target server's internet upload speed and hardware performance. + +``` +systemctl start restic_check_read_data.service +``` + +## Backup on different server, and apply distinct schedule for apps + +You can setup the Restic app several times on the same server so you can backup on several server or manage your frequency backup differently for specific part of your server. diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md deleted file mode 100644 index 7981df4..0000000 --- a/doc/DISCLAIMER.md +++ /dev/null @@ -1,143 +0,0 @@ -## Usage - -If you want to backup your server A onto the server B. - -## Setup Restic app on Server A - -Firstly set up this app on the server A you want to backup: - -``` -$ yunohost app install https://github.com/YunoHost-Apps/restic_ynh -Indicate the server where you want put your backups: serverb.domain.tld -sftp port of your server (default: 22): 2222 -The directory where you want your backup repositories to be created in (default: ./): ./servera.domain.tld -Indicate the ssh user to use to connect on this server: servera -You are now about to define a new user password. The password should be at least 8 characters - though it is good practice to use longer password (i.e. a passphrase) and/or to use various kind of characters (uppercase, lowercase, digits and special characters). -Indicate a strong passphrase, that you will keep preciously if you want to be able to use your backups: -Would you like to backup your YunoHost configuration ? [yes | no] (default: yes): -Would you like to backup mails and user home directory ? [yes | no] (default: yes): -Which apps would you backup (list separated by comma or 'all') ? (default: all): gitlab,blogotext,sogo -Allow backup method to temporarily use more space? [yes | no] (default: yes): -Indicate the backup frequency (see systemd OnCalendar format) (default: *-*-* 0:15:00): *-*-* 0:05 -Indicate the backup check frequency (see systemd OnCalendar format) (default: Sat *-*-8..31 3:15:00): -Indicate the complete backup check frequency (see systemd OnCalendar format) (default: Sun *-*-1..7 3:15:00): -``` - -You can schedule your backup by choosing an other frequency. Some example: - -Monthly : - -Weekly : - -Daily : Daily at midnight - -Hourly : Hourly o Clock - -Sat *-*-1..7 18:00:00 : The first saturday of every month at 18:00 - -4:00 : Every day at 4 AM - -5,17:00 : Every day at 5 AM and at 5 PM - -See here for more info : https://wiki.archlinux.org/index.php/Systemd/Timers#Realtime_timer - -After each invocation an e-mail will be sent to root@yourdomain.tld with the execution log. - -Restic can check backups consistency and verify the actual backed up data has not been modified. -If you use the default values for the backup checks frequencies, a full check will be made on the first day of each month and a simple check will be made on each one of the three remaining weeks of the month. - -At the end of the installation, the app displays the public_key and the user to give to the person who has access to the server B. - -You should now authorize the public key for user `servera` on server B by logging into server B with user `servera` and running: - -``` -mkdir ~/.ssh -p 2>/dev/null -touch ~/.ssh/authorized_keys -chmod u=rw,go= ~/.ssh/authorized_keys -cat << EOPKEY >> ~/.ssh/authorized_keys - -EOPKEY -``` -If you don't find the mail and you don't see the message in the log bar you can find the public_key with this command: -``` -cat /root/.ssh/id_restic_ed25519.pub -``` - -## (Optional) set sftp jail on server B - -To improve security, make sure user `servera` can only do sftp and can only access his home directory on server B. -This is how you would do it on Debian/Ubuntu, otherwise refer to your distribution manual (don't forget to replace `servera` with the real username) - -``` -cat << EOCONFIG >> /etc/ssh/sshd_config -Match User servera - ChrootDirectory %h - ForceCommand internal-sftp - AllowTcpForwarding no - X11Forwarding no -EOCONFIG -service ssh restart -``` - -## Test -At this step your backup should schedule. - -If you want to be sure, you can test it by running on server A: -``` -systemctl start restic.service -``` - -Next you can verify the backup contents by running on server A -``` -restic -r sftp:serverb.domain.tld:servera.domain.tld/auto_conf snapshots -``` - -Replace `auto_conf` with `auto_` if you did not choose to backup configuration but only applications. - -If you want to check the backups consistency: -``` -systemctl start restic_check.service -``` - -If you want to make a complete check of the backups - keep in mind that this reads all the backed up data, it can take some time depending on your target server upload speed (more on this topic in [the Restic documentation](https://restic.readthedocs.io/en/latest/045_working_with_repos.html#checking-integrity-and-consistency)): -``` -systemctl start restic_check_read_data.service -``` - -## Display the apps list to backup - -``` -yunohost app setting restic apps -``` - -## Edit the apps list to backup - -``` -yunohost app setting restic apps -v "nextcloud,wordpress" -``` - -## Launch a backup - -``` -systemctl start restic -``` - -## Launch a backups check - -``` -systemctl start restic_check.service -``` - -## Launch a complete backups check - -WARNING: this will read data from your backups destination server. -It may take a quite long time depending on the target server's internet upload speed and hardware performance. - -``` -systemctl start restic_check_read_data.service -``` - -## Backup on different server, and apply distinct schedule for apps - -You can setup the Restic app several times on the same server so you can backup on several server or manage your frequency backup differently for specific part of your server. - From ffe5dc19934e83c238fc53b0a7db2028f6d30645 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Sat, 25 May 2024 20:25:57 +0000 Subject: [PATCH 10/32] Auto-update READMEs --- README.md | 5 +---- README_es.md | 5 +---- README_eu.md | 5 +---- README_fr.md | 5 +---- README_gl.md | 5 +---- README_zh_Hans.md | 5 +---- 6 files changed, 6 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 6d164ef..303292c 100644 --- a/README.md +++ b/README.md @@ -22,10 +22,6 @@ Restic is a backup tool that can make local and remote backups. This package uses restic to make backups to a sftp server. The package does not handle local backups yet but you can work around that by using the local sftp server as target server (see my comment [here](https://forum.yunohost.org/t/sauvegarde-yunohost-avec-restic/10275/33)). - -**Shipped version:** 0.12.0~ynh9 -## Disclaimers / important information - ## Usage If you want to backup your server A onto the server B. @@ -170,6 +166,7 @@ systemctl start restic_check_read_data.service You can setup the Restic app several times on the same server so you can backup on several server or manage your frequency backup differently for specific part of your server. +**Shipped version:** 0.12.0~ynh9 ## Documentation and resources - Official app website: diff --git a/README_es.md b/README_es.md index 6ce2d6d..cd46f43 100644 --- a/README_es.md +++ b/README_es.md @@ -22,10 +22,6 @@ Restic is a backup tool that can make local and remote backups. This package uses restic to make backups to a sftp server. The package does not handle local backups yet but you can work around that by using the local sftp server as target server (see my comment [here](https://forum.yunohost.org/t/sauvegarde-yunohost-avec-restic/10275/33)). - -**Versión actual:** 0.12.0~ynh9 -## informaciones importantes - ## Usage If you want to backup your server A onto the server B. @@ -170,6 +166,7 @@ systemctl start restic_check_read_data.service You can setup the Restic app several times on the same server so you can backup on several server or manage your frequency backup differently for specific part of your server. +**Versión actual:** 0.12.0~ynh9 ## Documentaciones y recursos - Sitio web oficial: diff --git a/README_eu.md b/README_eu.md index b6762be..bce2cfe 100644 --- a/README_eu.md +++ b/README_eu.md @@ -22,10 +22,6 @@ Restic is a backup tool that can make local and remote backups. This package uses restic to make backups to a sftp server. The package does not handle local backups yet but you can work around that by using the local sftp server as target server (see my comment [here](https://forum.yunohost.org/t/sauvegarde-yunohost-avec-restic/10275/33)). - -**Paketatutako bertsioa:** 0.12.0~ynh9 -## Ezespena / informazio garrantzitsua - ## Usage If you want to backup your server A onto the server B. @@ -170,6 +166,7 @@ systemctl start restic_check_read_data.service You can setup the Restic app several times on the same server so you can backup on several server or manage your frequency backup differently for specific part of your server. +**Paketatutako bertsioa:** 0.12.0~ynh9 ## Dokumentazioa eta baliabideak - Aplikazioaren webgune ofiziala: diff --git a/README_fr.md b/README_fr.md index c2f85a1..da9ab43 100644 --- a/README_fr.md +++ b/README_fr.md @@ -22,10 +22,6 @@ Restic is a backup tool that can make local and remote backups. This package uses restic to make backups to a sftp server. The package does not handle local backups yet but you can work around that by using the local sftp server as target server (see my comment [here](https://forum.yunohost.org/t/sauvegarde-yunohost-avec-restic/10275/33)). - -**Version incluse :** 0.12.0~ynh9 -## Avertissements / informations importantes - ## Usage If you want to backup your server A onto the server B. @@ -170,6 +166,7 @@ systemctl start restic_check_read_data.service You can setup the Restic app several times on the same server so you can backup on several server or manage your frequency backup differently for specific part of your server. +**Version incluse :** 0.12.0~ynh9 ## Documentations et ressources - Site officiel de l’app : diff --git a/README_gl.md b/README_gl.md index 698ed32..0391c2c 100644 --- a/README_gl.md +++ b/README_gl.md @@ -22,10 +22,6 @@ Restic is a backup tool that can make local and remote backups. This package uses restic to make backups to a sftp server. The package does not handle local backups yet but you can work around that by using the local sftp server as target server (see my comment [here](https://forum.yunohost.org/t/sauvegarde-yunohost-avec-restic/10275/33)). - -**Versión proporcionada:** 0.12.0~ynh9 -## Avisos / información importante - ## Usage If you want to backup your server A onto the server B. @@ -170,6 +166,7 @@ systemctl start restic_check_read_data.service You can setup the Restic app several times on the same server so you can backup on several server or manage your frequency backup differently for specific part of your server. +**Versión proporcionada:** 0.12.0~ynh9 ## Documentación e recursos - Web oficial da app: diff --git a/README_zh_Hans.md b/README_zh_Hans.md index 49d5cfb..e609410 100644 --- a/README_zh_Hans.md +++ b/README_zh_Hans.md @@ -22,10 +22,6 @@ Restic is a backup tool that can make local and remote backups. This package uses restic to make backups to a sftp server. The package does not handle local backups yet but you can work around that by using the local sftp server as target server (see my comment [here](https://forum.yunohost.org/t/sauvegarde-yunohost-avec-restic/10275/33)). - -**分发版本:** 0.12.0~ynh9 -## 免责声明 / 重要信息 - ## Usage If you want to backup your server A onto the server B. @@ -170,6 +166,7 @@ systemctl start restic_check_read_data.service You can setup the Restic app several times on the same server so you can backup on several server or manage your frequency backup differently for specific part of your server. +**分发版本:** 0.12.0~ynh9 ## 文档与资源 - 官方应用网站: From 4bfd79488f737ceee8e672aa9bae06de582245e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Sat, 25 May 2024 22:26:49 +0200 Subject: [PATCH 11/32] Add yunohost service add in restore --- scripts/restore | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/restore b/scripts/restore index e1a6919..8d4a125 100755 --- a/scripts/restore +++ b/scripts/restore @@ -52,6 +52,9 @@ for suffix in "${systemd_services_suffixes[@]}"; do ynh_restore_file --origin_path="/etc/systemd/system/$app$suffix.service" systemctl enable --quiet "$app$suffix.timer" ynh_systemd_action --service="$app$suffix.timer" --action="start" + + yunohost service add "$app$suffix" --description="Restic backup program ($app$suffix)" \ + --test_status="systemctl show $app$suffix.service -p ActiveState --value | grep -v failed" done #================================================= From a8fe84051815b0b9c36c9c1d597e264e934d3a97 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Sat, 25 May 2024 22:27:44 +0200 Subject: [PATCH 12/32] fix systemd_action --- scripts/install | 4 ++-- scripts/restore | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/install b/scripts/install index e221a7c..253a381 100755 --- a/scripts/install +++ b/scripts/install @@ -67,9 +67,9 @@ ynh_script_progression --message="Adding system configurations related to $app.. for suffix in "${systemd_services_suffixes[@]}"; do ynh_add_systemd_config --service="$app$suffix" --template="systemd$suffix.service" _ynh_add_config_j2 --template="systemd$suffix.timer.j2" --destination="/etc/systemd/system/$app$suffix.timer" - ynh_systemd_action --service="${app}$suffix.service" --action="disable" + ynh_systemd_action --service_name="${app}$suffix.service" --action="disable" systemctl enable --quiet "${app}$suffix.timer" - ynh_systemd_action --service="${app}$suffix.timer" --action="start" + ynh_systemd_action --service_name="${app}$suffix.timer" --action="start" yunohost service add "$app$suffix" --description="Restic backup program ($app$suffix)" \ --test_status="systemctl show $app$suffix.service -p ActiveState --value | grep -v failed" diff --git a/scripts/restore b/scripts/restore index 8d4a125..dee5b80 100755 --- a/scripts/restore +++ b/scripts/restore @@ -51,7 +51,7 @@ for suffix in "${systemd_services_suffixes[@]}"; do ynh_restore_file --origin_path="/etc/systemd/system/$app$suffix.timer" ynh_restore_file --origin_path="/etc/systemd/system/$app$suffix.service" systemctl enable --quiet "$app$suffix.timer" - ynh_systemd_action --service="$app$suffix.timer" --action="start" + ynh_systemd_action --service_name="$app$suffix.timer" --action="start" yunohost service add "$app$suffix" --description="Restic backup program ($app$suffix)" \ --test_status="systemctl show $app$suffix.service -p ActiveState --value | grep -v failed" From c9cea9c14454272a8d63928926acf7a3dd1779f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Sat, 25 May 2024 22:29:24 +0200 Subject: [PATCH 13/32] cleanup upgrade for linter --- scripts/upgrade | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/scripts/upgrade b/scripts/upgrade index 1c82855..f5496a2 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -18,23 +18,6 @@ ynh_script_progression --message="Stopping $app's systemd service..." --weight=1 #ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 - -#================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP -#================================================= -#REMOVEME? ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." - -# Backup the current version of the app -#REMOVEME? ynh_backup_before_upgrade -#REMOVEME? ynh_clean_setup () { - ynh_clean_check_starting - # Restore it if the upgrade fails -#REMOVEME? ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -#REMOVEME? ynh_abort_if_errors - - if grep "${app}.timer" /etc/yunohost/services.yml > /dev/null ; then yunohost service remove $app.timer ynh_systemd_action --service="$app.timer" --action="enable" From c3c86a1c9e273c1e3b822d0fc63cbba27191e387 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Sun, 26 May 2024 11:58:36 +0200 Subject: [PATCH 14/32] Fix remove --- scripts/remove | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/remove b/scripts/remove index 2384c09..eda18e2 100755 --- a/scripts/remove +++ b/scripts/remove @@ -18,9 +18,9 @@ for suffix in "${systemd_services_suffixes[@]}"; do if ynh_exec_warn_less yunohost service status "$app_suffix" >/dev/null; then yunohost service remove "$app_suffix" fi - ynh_systemd_action --service="$app$suffix.timer" --action="stop" - ynh_systemd_action --service="$app$suffix.timer" --action="disable" - ynh_remove_systemd_config --service="$app$suffix" + ynh_systemd_action --service_name="$app$suffix.timer" --action="stop" + ynh_systemd_action --service_name="$app$suffix.timer" --action="disable" + ynh_remove_systemd_config --service_name="$app$suffix" ynh_secure_remove "/etc/systemd/system/$app$suffix.timer" done From de72383bbc7620eba4de1ea25dd84df28e262ba0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Sun, 26 May 2024 12:00:16 +0200 Subject: [PATCH 15/32] restore debug --- scripts/restore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/restore b/scripts/restore index dee5b80..fd9d60d 100755 --- a/scripts/restore +++ b/scripts/restore @@ -13,7 +13,7 @@ source /usr/share/yunohost/helpers #================================================= ynh_script_progression --message="Restoring the app main directory..." --weight=1 -find '/home/yunohost.backup/tmp/Backup_test/apps/restic/backup' +ynh_exec_warn find '/home/yunohost.backup/tmp/Backup_test/apps/restic/backup' ynh_restore_file --origin_path="$install_dir" From 581aed537e237a81429c99186306353cdac33c83 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Sun, 26 May 2024 12:14:12 +0200 Subject: [PATCH 16/32] Fix remove script --- scripts/remove | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/remove b/scripts/remove index eda18e2..0aa1ce8 100755 --- a/scripts/remove +++ b/scripts/remove @@ -20,7 +20,7 @@ for suffix in "${systemd_services_suffixes[@]}"; do fi ynh_systemd_action --service_name="$app$suffix.timer" --action="stop" ynh_systemd_action --service_name="$app$suffix.timer" --action="disable" - ynh_remove_systemd_config --service_name="$app$suffix" + ynh_remove_systemd_config --service="$app$suffix" ynh_secure_remove "/etc/systemd/system/$app$suffix.timer" done From 1e618d1787134e9d9d610c69384075689afcb04d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Sun, 26 May 2024 12:18:51 +0200 Subject: [PATCH 17/32] do not setup_source in restore --- scripts/restore | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/restore b/scripts/restore index fd9d60d..66fe3e4 100755 --- a/scripts/restore +++ b/scripts/restore @@ -17,8 +17,8 @@ ynh_exec_warn find '/home/yunohost.backup/tmp/Backup_test/apps/restic/backup' ynh_restore_file --origin_path="$install_dir" -ynh_setup_source --source_id=main --dest_dir="$install_dir" -chmod +x "$install_dir/restic" +# ynh_setup_source --source_id=main --dest_dir="$install_dir" +# chmod +x "$install_dir/restic" chown -R "$app:$app" "$install_dir" From d31ec14cb7ad15fa201fc600cbb8f162615683c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Sun, 26 May 2024 12:48:19 +0200 Subject: [PATCH 18/32] Fix restore script by calling the proper function --- scripts/restore | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/restore b/scripts/restore index 66fe3e4..488df08 100755 --- a/scripts/restore +++ b/scripts/restore @@ -42,8 +42,8 @@ ynh_script_progression --message="Restoring system configurations related to $ap ynh_restore_file --origin_path="/etc/sudoers.d/$app" chown root:root "/etc/sudoers.d/$app" -ynh_restore --origin_path="/root/.ssh/id_${app}_ed25519" -ynh_restore --origin_path="/root/.ssh/id_${app}_ed25519.pub" +ynh_restore_file --origin_path="/root/.ssh/id_${app}_ed25519" +ynh_restore_file --origin_path="/root/.ssh/id_${app}_ed25519.pub" # FIXME: restore the .ssh/config instead? _set_ssh_config From 1df315cb746cf41436347b7aeb39d800b18eeb39 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Sun, 26 May 2024 12:55:09 +0200 Subject: [PATCH 19/32] Fix upgrade script --- scripts/upgrade | 189 ++++++++++++++++-------------------------------- 1 file changed, 64 insertions(+), 125 deletions(-) diff --git a/scripts/upgrade b/scripts/upgrade index f5496a2..5cd96f3 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -12,159 +12,98 @@ source /usr/share/yunohost/helpers #================================================= ynh_script_progression --message="Stopping $app's systemd service..." --weight=1 +if grep "${app}.timer" /etc/yunohost/services.yml > /dev/null ; then + yunohost service remove $app.timer + ynh_systemd_action --service="$app" --action="stop" + ynh_systemd_action --service="$app.timer" --action="disable" +fi + #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= #ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 - -if grep "${app}.timer" /etc/yunohost/services.yml > /dev/null ; then - yunohost service remove $app.timer - ynh_systemd_action --service="$app.timer" --action="enable" - ynh_systemd_action --service="$app.timer" --action="start" +# old versions did not have delimiters in ~/.ssh/config making removal in +# multi-instance cases break the remaining instances. +# So we need to add the delimiters if they are missing +# The config will be re-added afterwards +if ! grep -q "begin ${app}" $ssh_dir/config; then + # did not find delimiters so removing old configuration + sed -e "/Host ${server}/,+6d" "$ssh_dir/config" -i || true fi #================================================= # INSTALL RESTIC #================================================= -ynh_script_progression --message="Installing restic binary" --weight=7 +ynh_script_progression --message="Installing Restic..." --weight=7 ynh_setup_source --source_id=main --dest_dir="$install_dir" chmod +x "$install_dir/restic" -#================================================= -# CREATE APP USER -#================================================= -ynh_script_progression --message="Creating user ${app}" +# This function will only create it if required +_gen_and_save_public_key -id ${app} 2>/dev/null || useradd -m ${app} -ynh_script_progression --message="Configure ${app} user sudoer rights" -cat > /tmp/${app}_sudoer << EOSUDOER -${app} ALL = (root) NOPASSWD: /usr/bin/yunohost*, /bin/journalctl*, /usr/bin/find /etc/yunohost/apps -name backup, ${install_dir}/check_method_${app} -EOSUDOER -visudo -cf /tmp/${app}_sudoer && mv /tmp/${app}_sudoer /etc/sudoers.d/${app} -ynh_script_progression --message="Move ssh keys from root to ${app} user's home" -ynh_script_progression --message="Generate ssh config" -set +o errexit -set +o nounset -export ssh_dir="/root/.ssh" -export private_key="${ssh_dir}/id_${app}_ed25519" -mkdir ${ssh_dir} 2>/dev/null || true -touch ${ssh_dir}/config -grep -q "begin ${app}" ${ssh_dir}/config -missing_conf="$?" -if [ "$missing_conf" -eq "1" ];then - cat << EOCONF >> ${ssh_dir}/config - # begin $app ssh config - Host ${server} - Hostname ${server} - Port ${port} - User ${ssh_user} - IdentityFile ${private_key} - StrictHostKeyChecking no - UserKnownHostsFile /dev/null - # end $app ssh config -EOCONF +# Set ssh config if it is missing +if ! grep -q "begin $app" "/root/.ssh/config"; then + _set_ssh_config fi -chown -R ${app}: /home/${app} - - -#================================================= -# ACTIVATE BACKUP METHODS -#================================================= -ynh_script_progression --message="Activating backup methods" - -mkdir -p /etc/yunohost/hooks.d/backup_method -mkdir -p /usr/share/yunohost/backup_method #================================================= # SETUP THE BACKUP METHOD #================================================= -ynh_script_progression --message="Setting up backup methods" +ynh_script_progression --message="Setting up backup method..." --weight=1 -ynh_configure backup_method "/etc/yunohost/hooks.d/backup_method/05-${app}_app" -ynh_configure check_method "${install_dir}/check_method_${app}" +mkdir -p /etc/yunohost/hooks.d/backup +mkdir -p /etc/yunohost/hooks.d/backup_method +mkdir -p /usr/share/yunohost/backup_method + +## Backup method +_ynh_add_config_j2 --template="backup_method.j2" --destination="/etc/yunohost/hooks.d/backup_method/05-${app}_app" +chmod go=--- "/etc/yunohost/hooks.d/backup_method/05-${app}_app" + +_ynh_add_config_j2 --template="backup-with-restic.j2" --destination="$install_dir/backup-with-restic" +chmod u+x "$install_dir/backup-with-restic" + +## Check method +_ynh_add_config_j2 --template="check_method.j2" --destination="$install_dir/check_method_restic" + +_ynh_add_config_j2 --template="check-restic.j2" --destination="$install_dir/check-restic" +chmod u+x "$install_dir/check-restic" + +## Backup log script +_ynh_add_config_j2 --template="restic_log.j2" --destination="$install_dir/restic_log" +chmod u+x "$install_dir/restic_log" + +# Check log script +_ynh_add_config_j2 --template="restic_check_log.j2" --destination="$install_dir/restic_check_log" +chmod u+x "$install_dir/restic_check_log" + +chown -R "$app:$app" "$install_dir" #================================================= -# SETUP LOG SCRIPTS +# SYSTEM CONFIGURATION #================================================= -ynh_script_progression --message="Setting up backup log script" +ynh_script_progression --message="Adding system configurations related to $app..." --weight=1 -ynh_configure restic_log "${install_dir}/restic_log_${app}" -chmod +x "${install_dir}/restic_log_${app}" -chown ${app}: "${install_dir}/restic_log_${app}" +# Systemd services and timers +for suffix in "${systemd_services_suffixes[@]}"; do + ynh_add_systemd_config --service="$app$suffix" --template="systemd$suffix.service" + _ynh_add_config_j2 --template="systemd$suffix.timer.j2" --destination="/etc/systemd/system/$app$suffix.timer" + ynh_systemd_action --service_name="${app}$suffix.service" --action="disable" + systemctl enable --quiet "${app}$suffix.timer" + ynh_systemd_action --service_name="${app}$suffix.timer" --action="start" -ynh_script_progression --message="Setting up check log script" -ynh_configure restic_check_log "${install_dir}/restic_check_log_${app}" -chmod +x "${install_dir}/restic_check_log_${app}" -chown ${app}: "${install_dir}/restic_check_log_${app}" + yunohost service add "$app$suffix" --description="Restic backup program ($app$suffix)" \ + --test_status="systemctl show $app$suffix.service -p ActiveState --value | grep -v failed" +done -#================================================= -# CONFIGURE CRON -#================================================= -ynh_script_progression --message="Configuring cron" --weight=5 +ynh_add_config --template="sudoer" --destination="/etc/sudoers.d/$app" +chown root:root "/etc/sudoers.d/$app" -ynh_configure backup-with-restic "/usr/local/bin/backup-with-${app}" -ynh_configure check-restic "${install_dir}/check-${app}" -chmod +x "/usr/local/bin/backup-with-${app}" -chown ${app}: "/usr/local/bin/backup-with-${app}" -chmod +x "${install_dir}/check-${app}" -chmod +x "${install_dir}/check_method_${app}" -ynh_add_systemd_config --service=${app} --template=systemd.service -ynh_add_systemd_config --service=${app}_check --template=systemd_check.service -ynh_add_systemd_config --service=${app}_check_read_data --template=systemd_check_read_data.service -ynh_configure systemd.timer "/etc/systemd/system/${app}.timer" -ynh_configure systemd_check.timer "/etc/systemd/system/${app}_check.timer" -ynh_configure systemd_check_read_data.timer "/etc/systemd/system/${app}_check_read_data.timer" -systemctl --quiet disable ${app}.service -systemctl --quiet disable ${app}_check.service -systemctl --quiet disable ${app}_check_read_data.service -systemctl --quiet enable ${app}.timer -systemctl --quiet enable ${app}_check.timer -systemctl --quiet enable ${app}_check_read_data.timer -systemctl start ${app}.timer -systemctl start ${app}_check.timer -systemctl start ${app}_check_read_data.timer - -#================================================= -# UPGRADE SSH CONFIG -#================================================= - -# old versions did not have delimiters in ~/.ssh/config -# making removal in multi-instance cases break the remaining -# instances. -# So we need to add the delimiters if they are missing -set +o errexit -set +o nounset -grep -q "begin ${app}" ${ssh_dir}/config -missing_delimiters="$?" -if [ "$missing_delimiters" -eq 1 ];then - # did not find delimiters so removing old configuration - sed -e "/Host ${server}/,+6d" ${ssh_dir}/config -i || true - cat << EOCONF >> ${ssh_dir}/config -# begin $app ssh config -Host ${server} - Hostname ${server} - Port ${port} - User ${ssh_user} - IdentityFile ${private_key} - StrictHostKeyChecking no - UserKnownHostsFile /dev/null -# end $app ssh config -EOCONF -fi - -#================================================= -# GENERIC FINALIZATION -#================================================= -# SETUP LOGROTATE -#================================================= -ynh_script_progression --message="Configuring logrotate" - -ynh_use_logrotate --logfile=/var/log/restic_backup_${app}.log -ynh_use_logrotate --logfile=/var/log/restic_backup_${app}.err -ynh_use_logrotate --logfile=/var/log/restic_check_${app}.log -ynh_use_logrotate --logfile=/var/log/restic_check_${app}.err +ynh_use_logrotate --logfile="/var/log/restic_backup_${app}.log" +ynh_use_logrotate --logfile="/var/log/restic_backup_${app}.err" +ynh_use_logrotate --logfile="/var/log/restic_check_${app}.log" +ynh_use_logrotate --logfile="/var/log/restic_check_${app}.err" #================================================= # END OF SCRIPT From 6cb309b83d34c597962517a62bc0a23d7a492d97 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Sun, 26 May 2024 12:56:25 +0200 Subject: [PATCH 20/32] Fix restore, remove debug --- scripts/restore | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/restore b/scripts/restore index 488df08..aa0303c 100755 --- a/scripts/restore +++ b/scripts/restore @@ -13,13 +13,13 @@ source /usr/share/yunohost/helpers #================================================= ynh_script_progression --message="Restoring the app main directory..." --weight=1 -ynh_exec_warn find '/home/yunohost.backup/tmp/Backup_test/apps/restic/backup' - ynh_restore_file --origin_path="$install_dir" # ynh_setup_source --source_id=main --dest_dir="$install_dir" # chmod +x "$install_dir/restic" +_gen_and_save_public_key + chown -R "$app:$app" "$install_dir" #================================================= From 7c7c50927cd2a0edb9de5480de6a44d7f266c204 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Sun, 26 May 2024 12:59:04 +0200 Subject: [PATCH 21/32] simpler post_install --- doc/POST_INSTALL.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/POST_INSTALL.md b/doc/POST_INSTALL.md index d2225ab..d08142e 100644 --- a/doc/POST_INSTALL.md +++ b/doc/POST_INSTALL.md @@ -4,12 +4,12 @@ __PUBLIC_KEY__ Do so by running those commands on __SERVER__ with user __SSH_USER__: +``` mkdir ~/.ssh 2>/dev/null touch ~/.ssh/authorized_keys chmod u=rw,go= ~/.ssh/authorized_keys -cat << EOPKEY >> ~/.ssh/authorized_keys -__PUBLIC_KEY__ -EOPKEY +echo "__PUBLIC_KEY__" >> ~/.ssh/authorized_keys +``` Also make sure __BACKUP_PATH__ exists and is writable by __SSH_USER__ From 93396b2d6a304963f3e8b13a1f9f3336646ef8e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Sun, 26 May 2024 13:26:43 +0200 Subject: [PATCH 22/32] fix upgrade --- scripts/upgrade | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/upgrade b/scripts/upgrade index 5cd96f3..00ddfbb 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -27,9 +27,9 @@ fi # multi-instance cases break the remaining instances. # So we need to add the delimiters if they are missing # The config will be re-added afterwards -if ! grep -q "begin ${app}" $ssh_dir/config; then +if ! grep -q "begin ${app}" /root/.ssh/config; then # did not find delimiters so removing old configuration - sed -e "/Host ${server}/,+6d" "$ssh_dir/config" -i || true + sed -e "/Host ${server}/,+6d" "/root/.ssh/config" -i || true fi #================================================= From a3b733aa156831abd6fa7b19572c3f80c2ba6c31 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Sun, 26 May 2024 13:31:39 +0200 Subject: [PATCH 23/32] cleanup messages --- doc/DESCRIPTION.md | 2 +- doc/POST_INSTALL.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md index 071e154..5045c92 100644 --- a/doc/DESCRIPTION.md +++ b/doc/DESCRIPTION.md @@ -57,7 +57,7 @@ At the end of the installation, the app displays the public_key and the user to You should now authorize the public key for user `servera` on server B by logging into server B with user `servera` and running: ``` -mkdir ~/.ssh -p 2>/dev/null +mkdir ~/.ssh -p touch ~/.ssh/authorized_keys chmod u=rw,go= ~/.ssh/authorized_keys cat << EOPKEY >> ~/.ssh/authorized_keys diff --git a/doc/POST_INSTALL.md b/doc/POST_INSTALL.md index d08142e..f984977 100644 --- a/doc/POST_INSTALL.md +++ b/doc/POST_INSTALL.md @@ -5,7 +5,7 @@ __PUBLIC_KEY__ Do so by running those commands on __SERVER__ with user __SSH_USER__: ``` -mkdir ~/.ssh 2>/dev/null +mkdir ~/.ssh -p touch ~/.ssh/authorized_keys chmod u=rw,go= ~/.ssh/authorized_keys echo "__PUBLIC_KEY__" >> ~/.ssh/authorized_keys From 272f84d942d5c347eb6af5b5899969aedb178ddc Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Sun, 26 May 2024 11:31:44 +0000 Subject: [PATCH 24/32] Auto-update READMEs --- README.md | 2 +- README_es.md | 2 +- README_eu.md | 2 +- README_fr.md | 2 +- README_gl.md | 2 +- README_zh_Hans.md | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 303292c..ba5cfda 100644 --- a/README.md +++ b/README.md @@ -75,7 +75,7 @@ At the end of the installation, the app displays the public_key and the user to You should now authorize the public key for user `servera` on server B by logging into server B with user `servera` and running: ``` -mkdir ~/.ssh -p 2>/dev/null +mkdir ~/.ssh -p touch ~/.ssh/authorized_keys chmod u=rw,go= ~/.ssh/authorized_keys cat << EOPKEY >> ~/.ssh/authorized_keys diff --git a/README_es.md b/README_es.md index cd46f43..e5cf1d6 100644 --- a/README_es.md +++ b/README_es.md @@ -75,7 +75,7 @@ At the end of the installation, the app displays the public_key and the user to You should now authorize the public key for user `servera` on server B by logging into server B with user `servera` and running: ``` -mkdir ~/.ssh -p 2>/dev/null +mkdir ~/.ssh -p touch ~/.ssh/authorized_keys chmod u=rw,go= ~/.ssh/authorized_keys cat << EOPKEY >> ~/.ssh/authorized_keys diff --git a/README_eu.md b/README_eu.md index bce2cfe..825034e 100644 --- a/README_eu.md +++ b/README_eu.md @@ -75,7 +75,7 @@ At the end of the installation, the app displays the public_key and the user to You should now authorize the public key for user `servera` on server B by logging into server B with user `servera` and running: ``` -mkdir ~/.ssh -p 2>/dev/null +mkdir ~/.ssh -p touch ~/.ssh/authorized_keys chmod u=rw,go= ~/.ssh/authorized_keys cat << EOPKEY >> ~/.ssh/authorized_keys diff --git a/README_fr.md b/README_fr.md index da9ab43..4df70c3 100644 --- a/README_fr.md +++ b/README_fr.md @@ -75,7 +75,7 @@ At the end of the installation, the app displays the public_key and the user to You should now authorize the public key for user `servera` on server B by logging into server B with user `servera` and running: ``` -mkdir ~/.ssh -p 2>/dev/null +mkdir ~/.ssh -p touch ~/.ssh/authorized_keys chmod u=rw,go= ~/.ssh/authorized_keys cat << EOPKEY >> ~/.ssh/authorized_keys diff --git a/README_gl.md b/README_gl.md index 0391c2c..4bbf5e7 100644 --- a/README_gl.md +++ b/README_gl.md @@ -75,7 +75,7 @@ At the end of the installation, the app displays the public_key and the user to You should now authorize the public key for user `servera` on server B by logging into server B with user `servera` and running: ``` -mkdir ~/.ssh -p 2>/dev/null +mkdir ~/.ssh -p touch ~/.ssh/authorized_keys chmod u=rw,go= ~/.ssh/authorized_keys cat << EOPKEY >> ~/.ssh/authorized_keys diff --git a/README_zh_Hans.md b/README_zh_Hans.md index e609410..1239ae1 100644 --- a/README_zh_Hans.md +++ b/README_zh_Hans.md @@ -75,7 +75,7 @@ At the end of the installation, the app displays the public_key and the user to You should now authorize the public key for user `servera` on server B by logging into server B with user `servera` and running: ``` -mkdir ~/.ssh -p 2>/dev/null +mkdir ~/.ssh -p touch ~/.ssh/authorized_keys chmod u=rw,go= ~/.ssh/authorized_keys cat << EOPKEY >> ~/.ssh/authorized_keys From d8f56bf44bd4be3d323652a25ff761865f52d946 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Sun, 26 May 2024 15:17:03 +0200 Subject: [PATCH 25/32] Add test_upgrade_from --- tests.toml | 26 ++++---------------------- 1 file changed, 4 insertions(+), 22 deletions(-) diff --git a/tests.toml b/tests.toml index 3797e16..853998e 100644 --- a/tests.toml +++ b/tests.toml @@ -17,27 +17,9 @@ test_format = 1.0 args.check_on_calendar = "*-*-8,15,22 3:15" args.check_read_data_on_calendar = "*-*-1 3:15" -# # ------------------------------- -# # Commits to test upgrade from -# # ------------------------------- -# [default.test_upgrade_from.d1cd666ee27f5cfb8e40c6f44a09370381b41b35] -# name = "Older ynh 11 version" -# args.server = "domain.tld:22" -# args.ssh_user = "package_checker" -# args.passphrase = "A_Passphrase" -# args.conf = 1 -# args.data = 1 -# args.apps = "all" -# args.on_calendar = "Daily" -# args.mailalert = "never" + [default.test_upgrade_from.526944051f68f4149e415be4e862ce3c69d69f18] + name = "0.12.0~ynh9" - -# [local_directory] -# args.repository = "/mnt/backup" -# args.passphrase = "A_Passphrase" -# args.conf = 1 -# args.data = 1 -# args.apps = "all" -# args.on_calendar = "Daily" -# args.mailalert = "errors_only" + [default.test_upgrade_from.075ce5d9b56f89649623e803e741b36ff5e481df] + name = "last packaging v1" From 984281b63e4c036be0be9ad91763e0e89aff8c4d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Sun, 26 May 2024 15:24:04 +0200 Subject: [PATCH 26/32] upgrade: try to clean up --- scripts/upgrade | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/scripts/upgrade b/scripts/upgrade index 00ddfbb..d32876d 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -21,7 +21,20 @@ fi #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= -#ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 +ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 + +if [ -f "/usr/local/bin/backup-with-${app}" ]; then + ynh_secure_remove --file="/usr/local/bin/backup-with-${app}" +fi + +if [ -d "/opt/yunohost/$app" ]; then + mv "/opt/yunohost/$app/"* "/opt/yunohost/$app/".* "$install_dir" + ynh_secure_remove --file="/opt/yunohost/$app/check-restic" + ynh_secure_remove --file="/opt/yunohost/$app/check_method_restic" + ynh_secure_remove --file="/opt/yunohost/$app/restic_check_log_restic" + ynh_secure_remove --file="/opt/yunohost/$app/restic_log_restic" + ynh_secure_remove --file="/opt/yunohost/$app/" +fi # old versions did not have delimiters in ~/.ssh/config making removal in # multi-instance cases break the remaining instances. From daad20e8baabe2f63562c5daeb2e2f9ae38284cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Sun, 26 May 2024 15:25:13 +0200 Subject: [PATCH 27/32] Remove fixmes from manifest --- manifest.toml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifest.toml b/manifest.toml index 61758a0..0089510 100644 --- a/manifest.toml +++ b/manifest.toml @@ -23,9 +23,9 @@ architectures = "all" multi_instance = true ldap = "not_relevant" sso = "not_relevant" -disk = "50M" # FIXME: replace with an **estimate** minimum disk requirement. e.g. 20M, 400M, 1G, ... -ram.build = "50M" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ... -ram.runtime = "50M" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ... +disk = "50M" +ram.build = "50M" +ram.runtime = "50M" [install] [install.server] From 295c7373e447ee8876fd1622d1ccddd7961d1aae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Sun, 26 May 2024 15:28:00 +0200 Subject: [PATCH 28/32] Fix paths in installed scripts --- conf/backup_method.j2 | 2 +- conf/check_method.j2 | 2 +- conf/systemd.service | 4 ++-- conf/systemd_check.service | 2 +- conf/systemd_check_read_data.service | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/conf/backup_method.j2 b/conf/backup_method.j2 index ace6747..f363e41 100644 --- a/conf/backup_method.j2 +++ b/conf/backup_method.j2 @@ -13,7 +13,7 @@ RESTIC_PATH=$(yunohost app setting {{ app }} backup_path) RESTIC_PASSWORD="$(yunohost app setting {{ app }} passphrase)" RESTIC_REPOSITORY_BASE=sftp://$RESTIC_SERVER_USER@$RESTIC_SERVER:$RESTIC_SERVER_PORT/$RESTIC_PATH/ -RESTIC_COMMAND=/usr/local/bin/{{ app }} +RESTIC_COMMAND={{ install_dir }}/{{ app }} LOGFILE=/var/log/restic_backup_{{ app }}.log ERRFILE=/var/log/restic_backup_{{ app }}.err diff --git a/conf/check_method.j2 b/conf/check_method.j2 index 7640672..b9351cb 100644 --- a/conf/check_method.j2 +++ b/conf/check_method.j2 @@ -10,7 +10,7 @@ RESTIC_PATH=$(yunohost app setting {{ app }} backup_path) RESTIC_PASSWORD="$(yunohost app setting {{ app }} passphrase)" RESTIC_REPOSITORY_BASE=sftp://$RESTIC_SERVER_USER@$RESTIC_SERVER:$RESTIC_SERVER_PORT/$RESTIC_PATH/ -RESTIC_COMMAND=/usr/local/bin/{{ app }} +RESTIC_COMMAND={{ install_dir }}/{{ app }} do_check() { diff --git a/conf/systemd.service b/conf/systemd.service index 81f856c..6b5adfe 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -4,8 +4,8 @@ After=network.target [Service] Type=oneshot -ExecStart=/usr/local/bin/backup-with-__APP__ -ExecStartPost=/opt/yunohost/__APP__/restic_log___APP__ +ExecStart=__INSTALL_DIR__/backup-with-__APP__ +ExecStartPost=__INSTALL_DIR__/restic_log___APP__ User=__APP__ Group=__APP__ diff --git a/conf/systemd_check.service b/conf/systemd_check.service index 41652bc..754e272 100644 --- a/conf/systemd_check.service +++ b/conf/systemd_check.service @@ -5,7 +5,7 @@ After=network.target [Service] Type=oneshot ExecStart=__INSTALL_DIR__/check-__APP__ -ExecStartPost=/opt/yunohost/__APP__/restic_check_log___APP__ 0 +ExecStartPost=__INSTALL_DIR__/restic_check_log___APP__ 0 User=__APP__ Group=__APP__ diff --git a/conf/systemd_check_read_data.service b/conf/systemd_check_read_data.service index 0fb4135..64b4d2e 100644 --- a/conf/systemd_check_read_data.service +++ b/conf/systemd_check_read_data.service @@ -5,7 +5,7 @@ After=network.target [Service] Type=oneshot ExecStart=__INSTALL_DIR__/check-__APP__ "1" -ExecStartPost=/opt/yunohost/__APP__/restic_check_log___APP__ 1 +ExecStartPost=__INSTALL_DIR__/restic_check_log___APP__ 1 User=__APP__ Group=__APP__ From 69994202a9e47b60704bfb86cbc5bc8f9095a8c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Sun, 26 May 2024 15:31:15 +0200 Subject: [PATCH 29/32] re-fix upgrade --- scripts/upgrade | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/upgrade b/scripts/upgrade index d32876d..89b86a0 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -28,7 +28,7 @@ if [ -f "/usr/local/bin/backup-with-${app}" ]; then fi if [ -d "/opt/yunohost/$app" ]; then - mv "/opt/yunohost/$app/"* "/opt/yunohost/$app/".* "$install_dir" + mv "/opt/yunohost/$app/"* "$install_dir" ynh_secure_remove --file="/opt/yunohost/$app/check-restic" ynh_secure_remove --file="/opt/yunohost/$app/check_method_restic" ynh_secure_remove --file="/opt/yunohost/$app/restic_check_log_restic" From 0687aa0d04567b2a87ca6990e22654eb2213fabe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Sun, 26 May 2024 15:46:44 +0200 Subject: [PATCH 30/32] re-fix upgrade --- scripts/upgrade | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/upgrade b/scripts/upgrade index 89b86a0..dbe1a71 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -29,10 +29,10 @@ fi if [ -d "/opt/yunohost/$app" ]; then mv "/opt/yunohost/$app/"* "$install_dir" - ynh_secure_remove --file="/opt/yunohost/$app/check-restic" - ynh_secure_remove --file="/opt/yunohost/$app/check_method_restic" - ynh_secure_remove --file="/opt/yunohost/$app/restic_check_log_restic" - ynh_secure_remove --file="/opt/yunohost/$app/restic_log_restic" + ynh_delete_file_checksum --file="/opt/yunohost/$app/check-restic" + ynh_delete_file_checksum --file="/opt/yunohost/$app/check_method_restic" + ynh_delete_file_checksum --file="/opt/yunohost/$app/restic_check_log_restic" + ynh_delete_file_checksum --file="/opt/yunohost/$app/restic_log_restic" ynh_secure_remove --file="/opt/yunohost/$app/" fi From 62f213a844f4413770aee836e61fda69e569ef0b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Sun, 26 May 2024 15:48:15 +0200 Subject: [PATCH 31/32] cleanup more in upgrade --- scripts/upgrade | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scripts/upgrade b/scripts/upgrade index dbe1a71..05b293c 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -27,6 +27,10 @@ if [ -f "/usr/local/bin/backup-with-${app}" ]; then ynh_secure_remove --file="/usr/local/bin/backup-with-${app}" fi +if [ -f "/usr/local/bin/$app" ]; then + ynh_secure_remove --file="/usr/local/bin/$app" +fi + if [ -d "/opt/yunohost/$app" ]; then mv "/opt/yunohost/$app/"* "$install_dir" ynh_delete_file_checksum --file="/opt/yunohost/$app/check-restic" From 64bc269924a51a03272364d22839d78a99e20681 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Sun, 26 May 2024 15:53:19 +0200 Subject: [PATCH 32/32] cleanup more in upgrade --- scripts/upgrade | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/upgrade b/scripts/upgrade index 05b293c..582678a 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -24,6 +24,7 @@ fi ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 if [ -f "/usr/local/bin/backup-with-${app}" ]; then + ynh_delete_file_checksum --file="/usr/local/bin/backup-with-${app}" ynh_secure_remove --file="/usr/local/bin/backup-with-${app}" fi