Add trial restic script - commented by AI - not well though?
This commit is contained in:
65
scripts/restic.bash
Normal file
65
scripts/restic.bash
Normal file
@@ -0,0 +1,65 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
# -- 1. Secure Environment Setup --
|
||||
# We use /tmp to ensure this works on Read-Only filesystems (PSA Restrictive)
|
||||
export SSH_DIR="/tmp/.ssh"
|
||||
mkdir -p "$SSH_DIR"
|
||||
|
||||
# Copy key from K8s Secret mount to /tmp so we can chmod it
|
||||
cp "$SSH_KEY_PATH" "$SSH_DIR/key"
|
||||
chmod 0600 "$SSH_DIR/key"
|
||||
|
||||
# -- 2. Build the "Magic" Command --
|
||||
# This string is what Restic will execute instead of the local 'rclone' binary.
|
||||
# It pipes Restic's requests directly to the remote server.
|
||||
SSH_CMD="ssh -p ${SSH_PORT:-22} -i $SSH_DIR/key -o StrictHostKeyChecking=accept-new ${SSH_USER}@${SSH_HOST}"
|
||||
|
||||
# Why 'rclone:remote:/'?
|
||||
# 'remote' is just a placeholder name.
|
||||
# '/' works because the remote authorized_keys forces the directory path.
|
||||
REPO="rclone:remote:/"
|
||||
|
||||
run_restic() {
|
||||
# -o rclone.program tells Restic to execute our SSH string
|
||||
# instead of looking for an rclone binary.
|
||||
restic -o rclone.program="$SSH_CMD" -r "$REPO" "$@"
|
||||
}
|
||||
|
||||
# -- 3. Lifecycle Execution --
|
||||
|
||||
echo "--- 1. Initialization Check ---"
|
||||
# We try to list snapshots. If it fails, we assume the repo needs init.
|
||||
# We suppress stdout to keep logs clean, only showing errors.
|
||||
if ! run_restic snapshots > /dev/null 2>&1; then
|
||||
echo "Repository not found. Initializing..."
|
||||
run_restic init
|
||||
else
|
||||
echo "Repository exists."
|
||||
fi
|
||||
|
||||
echo "--- 2. Starting Backup ---"
|
||||
run_restic backup "${SOURCE_DIR}" \
|
||||
--tag "${BACKUP_TAG:-Default}" \
|
||||
--verbose
|
||||
|
||||
# -- 4. Retention (Optional) --
|
||||
if [ -n "$RETENTION_POLICY" ]; then
|
||||
echo "--- 3. Retention & Pruning ---"
|
||||
# shellcheck disable=SC2086
|
||||
run_restic forget --group-by tag --tag "${BACKUP_TAG:-Default}" $RETENTION_POLICY --prune
|
||||
fi
|
||||
|
||||
# -- 5. Health Check (Optional) --
|
||||
if [ "$RUN_CHECK" = "true" ]; then
|
||||
echo "--- 4. Integrity Check ---"
|
||||
# We use a default subset of 5% if not specified, to save bandwidth
|
||||
CHECK_ARGS=${CHECK_ARGS:---read-data-subset=5%}
|
||||
run_restic check $CHECK_ARGS
|
||||
fi
|
||||
|
||||
# -- 6. Cache Cleanup --
|
||||
echo "--- 5. Cache Cleanup ---"
|
||||
run_restic cache --cleanup
|
||||
|
||||
echo "Backup process completed successfully."
|
||||
Reference in New Issue
Block a user