59 lines
1.5 KiB
Bash
59 lines
1.5 KiB
Bash
#!/bin/bash
|
|
set -e
|
|
|
|
# -- 1. Secure Environment Setup --
|
|
export RESTIC_CACHE_DIR="${RESTIC_CACHE_DIR:-/tmp/restic-cache}"
|
|
export SSH_DIR="/tmp/.ssh"
|
|
mkdir -p "$SSH_DIR"
|
|
|
|
# Copy key from K8s Secret mount to /tmp so we can chmod it
|
|
cp "$SSH_KEY_PATH" "$SSH_DIR/key"
|
|
chmod 0600 "$SSH_DIR/key"
|
|
|
|
|
|
SSH_CMD="ssh -p ${SSH_PORT:-22} -i $SSH_DIR/key -o StrictHostKeyChecking=accept-new ${SSH_USER}@${SSH_HOST}"
|
|
REPO="rclone:remote:/"
|
|
|
|
run_restic() {
|
|
# -o rclone.program tells Restic to execute over SSH
|
|
restic -o rclone.program="$SSH_CMD" -r "$REPO" "$@"
|
|
}
|
|
|
|
echo "--- 1. Initialization Check ---"
|
|
if ! run_restic snapshots > /dev/null 2>&1; then
|
|
echo "Repository not found. Initializing..."
|
|
run_restic init
|
|
else
|
|
echo "Repository exists."
|
|
fi
|
|
|
|
echo "--- 2. Starting Backup ---"
|
|
|
|
for pattern in $EXCLUDE_PATTERNS; do
|
|
EXCLUDES+=("--exclude=$pattern")
|
|
done
|
|
|
|
run_restic backup ${SOURCE_DIR} \
|
|
"${EXCLUDES[@]}" \
|
|
--tag "${BACKUP_TAG:-Default}" \
|
|
--verbose
|
|
|
|
# -- 4. Retention (if set) --
|
|
if [ -n "$RETENTION_POLICY" ]; then
|
|
echo "--- 3. Retention & Pruning ---"
|
|
# shellcheck disable=SC2086
|
|
run_restic forget --group-by tag --tag "${BACKUP_TAG:-Default}" $RETENTION_POLICY --prune
|
|
fi
|
|
|
|
# -- 5. Health Check (if set) --
|
|
if [ "$RUN_CHECK" = "true" ]; then
|
|
echo "--- 4. Integrity Check ---"
|
|
# default to 5% read test
|
|
run_restic check ${CHECK_ARGS:---read-data-subset=5%}
|
|
fi
|
|
|
|
# -- 6. Cache Cleanup --
|
|
echo "--- 5. Cache Cleanup ---"
|
|
run_restic cache --cleanup
|
|
|
|
echo "Backup process completed successfully." |