|
|
@@ -120,58 +120,74 @@ def to_source_path(path: Path):
|
|
|
return mount_base / with_drive.relative_to(with_drive.anchor)
|
|
|
|
|
|
|
|
|
-def start_borgmatic_container(hostname: str, login: str, secret_sources: list[Secret]):
|
|
|
- data_sources = read_data_sources(hostname, login)
|
|
|
- container_name = f"borgmatic_{login}"
|
|
|
- ssh_auth_sock = os.getenv("SSH_AUTH_SOCK")
|
|
|
-
|
|
|
- data_path = Path.cwd() / "data"
|
|
|
- config_d_path = data_path / "borgmatic.d"
|
|
|
- config_path = data_path / "borgmatic"
|
|
|
- history_file = data_path / ".bash_history"
|
|
|
- history_file.touch()
|
|
|
- ssh_config_path = Path.home() / ".ssh"
|
|
|
- volumes = [
|
|
|
- f"{config_d_path}:/etc/borgmatic.d/",
|
|
|
- f"{config_path}:/etc/borgmatic/",
|
|
|
- f"{history_file}:/root/.bash_history",
|
|
|
- "borg_ssh_dir:/root/.ssh",
|
|
|
- "borg_config:/root/.config/borg",
|
|
|
- "borg_cache:/root/.cache/borg",
|
|
|
- "borgmatic_state:/root/.local/state/borgmatic",
|
|
|
- ]
|
|
|
- if ssh_auth_sock:
|
|
|
- volumes += [f"{ssh_auth_sock}:{ssh_auth_sock}:Z"]
|
|
|
-
|
|
|
- volumes += [
|
|
|
- f"{vol}:{to_source_path(vol)}:ro" for vol in data_sources
|
|
|
- ]
|
|
|
-
|
|
|
- volume_args = [a for vol in volumes for a in ["-v", vol]]
|
|
|
-
|
|
|
- secrets_args = [a for s in secret_sources for a in ["--secret", f"{s.name},mode=0{s.mode:o}"]]
|
|
|
- image_name = "ghcr.io/borgmatic-collective/borgmatic"
|
|
|
-
|
|
|
- args = [
|
|
|
- "podman",
|
|
|
- "run",
|
|
|
- "-h",
|
|
|
- hostname,
|
|
|
- "--detach",
|
|
|
- "--name",
|
|
|
- container_name,
|
|
|
- "-e",
|
|
|
- "SSH_AUTH_SOCK",
|
|
|
- "-e",
|
|
|
- "TZ=Europe/Paris",
|
|
|
- "-e",
|
|
|
- "SSH_KEY_NAME",
|
|
|
- "-e",
|
|
|
- f"HOST_LOGIN={login}",
|
|
|
- "--security-opt=label=disable"
|
|
|
- ] + volume_args + secrets_args + [image_name]
|
|
|
- print(args)
|
|
|
- subprocess.run(args)
|
|
|
+@dataclass
|
|
|
+class BorgmaticContainer:
|
|
|
+ hostname: str
|
|
|
+ login: str
|
|
|
+ name: str
|
|
|
+ image: str = "ghcr.io/borgmatic-collective/borgmatic"
|
|
|
+
|
|
|
+ def run(self, data_sources: list[Path], secret_sources: list[Secret]):
|
|
|
+ container_name = f"borgmatic_{self.login}"
|
|
|
+ ssh_auth_sock = os.getenv("SSH_AUTH_SOCK")
|
|
|
+
|
|
|
+ data_path = Path.cwd() / "data"
|
|
|
+ config_d_path = data_path / "borgmatic.d"
|
|
|
+ config_path = data_path / "borgmatic"
|
|
|
+ history_file = data_path / ".bash_history"
|
|
|
+ history_file.touch()
|
|
|
+ volumes = [
|
|
|
+ f"{config_d_path}:/etc/borgmatic.d/",
|
|
|
+ f"{config_path}:/etc/borgmatic/",
|
|
|
+ f"{history_file}:/root/.bash_history",
|
|
|
+ "borg_ssh_dir:/root/.ssh",
|
|
|
+ "borg_config:/root/.config/borg",
|
|
|
+ "borg_cache:/root/.cache/borg",
|
|
|
+ "borgmatic_state:/root/.local/state/borgmatic",
|
|
|
+ ]
|
|
|
+ if ssh_auth_sock:
|
|
|
+ volumes += [f"{ssh_auth_sock}:{ssh_auth_sock}:Z"]
|
|
|
+
|
|
|
+ volumes += [
|
|
|
+ f"{vol}:{to_source_path(vol)}:ro" for vol in data_sources
|
|
|
+ ]
|
|
|
+
|
|
|
+ volume_args = [a for vol in volumes for a in ["-v", vol]]
|
|
|
+
|
|
|
+ secrets_args = [a for s in secret_sources for a in ["--secret", f"{s.name},mode=0{s.mode:o}"]]
|
|
|
+
|
|
|
+ args = [
|
|
|
+ "podman",
|
|
|
+ "run",
|
|
|
+ "-h",
|
|
|
+ self.hostname,
|
|
|
+ "--detach",
|
|
|
+ "--name",
|
|
|
+ container_name,
|
|
|
+ "-e",
|
|
|
+ "SSH_AUTH_SOCK",
|
|
|
+ "-e",
|
|
|
+ "TZ=Europe/Paris",
|
|
|
+ "-e",
|
|
|
+ "SSH_KEY_NAME",
|
|
|
+ "-e",
|
|
|
+ f"HOST_LOGIN={self.login}",
|
|
|
+ "--security-opt=label=disable"
|
|
|
+ ] + volume_args + secrets_args + [self.image]
|
|
|
+ print(args)
|
|
|
+ subprocess.run(args)
|
|
|
+
|
|
|
+ def rm(self):
|
|
|
+ subprocess.run(["podman", "rm", "-f", self.name])
|
|
|
+
|
|
|
+ def exec(self, cmd: list[str], env_vars: list[str] = []):
|
|
|
+ args = ["podman", "exec", "-ti"]
|
|
|
+ args += [a for var in env_vars for a in ["-e", var]]
|
|
|
+ subprocess.run(args + [self.name] + cmd)
|
|
|
+
|
|
|
+ @classmethod
|
|
|
+ def new(cls, hostname: str, login: str):
|
|
|
+ return cls(hostname, login, f"borgmatic_{login}")
|
|
|
|
|
|
|
|
|
def main():
|
|
|
@@ -179,10 +195,14 @@ def main():
|
|
|
hostname = socket.gethostname()
|
|
|
|
|
|
secret_sources = Secret.read_sources(hostname, login)
|
|
|
+ data_sources = read_data_sources(hostname, login)
|
|
|
|
|
|
if not secret_sources:
|
|
|
print("no secret required ?")
|
|
|
|
|
|
+ container = BorgmaticContainer.new(hostname, login)
|
|
|
+ env_vars = ["BORG_PASSPHRASE_NAME", "STORAGE_BOX_USER", "SSH_KEY_NAME"]
|
|
|
+
|
|
|
try:
|
|
|
if sys.argv[1] == "create_secrets":
|
|
|
keepass_path = Path(sys.argv[2])
|
|
|
@@ -191,13 +211,19 @@ def main():
|
|
|
s.create(keepass)
|
|
|
|
|
|
elif sys.argv[1] == "start":
|
|
|
- start_borgmatic_container(hostname, login, secret_sources)
|
|
|
+ container.run(data_sources, secret_sources)
|
|
|
|
|
|
elif sys.argv[1] == "rm":
|
|
|
- subprocess.run(["podman", "rm", "-f", f"borgmatic_{login}"])
|
|
|
+ container.rm()
|
|
|
|
|
|
elif sys.argv[1] == "bash":
|
|
|
- subprocess.run(["podman", "exec", "-ti", f"borgmatic_{login}", "bash"])
|
|
|
+ container.exec(["bash"])
|
|
|
+
|
|
|
+ elif sys.argv[1] == "create_repo":
|
|
|
+ container.exec(["borgmatic", "repo-create", "--encryption", "repokey"], env_vars)
|
|
|
+
|
|
|
+ elif sys.argv[1] == "export_key":
|
|
|
+ container.exec(["borgmatic", "export", "key"], env_vars)
|
|
|
|
|
|
except IndexError:
|
|
|
print("You should provide an argument")
|
jherve