Updated to config v2

.goreleaser.yml

@@ -153,15 +153,24 @@ nfpms:
  postinstall: "contrib/posix/post-install.sh"
  contents:
  - { type: config, src: contrib/posix/profiles.conf, dst: /etc/resticprofile/profiles.conf.dist }
+ - { type: config, src: contrib/posix/conf.d/backup.conf, dst: /etc/resticprofile/conf.d/backup.conf.dist }
  - { type: config, src: contrib/posix/conf.d/check.conf, dst: /etc/resticprofile/conf.d/check.conf.dist }
  - { type: config, src: contrib/posix/conf.d/hooks.conf, dst: /etc/resticprofile/conf.d/hooks.conf.dist }
  - { type: config, src: contrib/posix/conf.d/metrics.conf, dst: /etc/resticprofile/conf.d/metrics.conf.dist }
  - { type: config, src: contrib/posix/conf.d/prune.conf, dst: /etc/resticprofile/conf.d/prune.conf.dist }
- - { type: config, src: contrib/posix/conf.d/repository.conf, dst: /etc/resticprofile/conf.d/repository.conf.dist }
+ - { type: config, src: contrib/posix/conf.d/z_overrides.conf, dst: /etc/resticprofile/conf.d/z_overrides.conf.dist }
  - { type: config, src: contrib/posix/profiles.d/fs-snapshot.yaml.sample, dst: /etc/resticprofile/profiles.d/fs-snapshot.yaml.sample }
- - { type: config, src: contrib/posix/profiles.d/system.toml, dst: /etc/resticprofile/profiles.d/system.toml.dist }
+ - { type: config, src: contrib/posix/profiles.d/minimal.conf.sample, dst: /etc/resticprofile/profiles.d/minimal.conf.sample }
+ - { type: config, src: contrib/posix/profiles.d/minimal.yaml.sample, dst: /etc/resticprofile/profiles.d/minimal.yaml.sample }
+ - { type: config, src: contrib/posix/profiles.d/system.conf, dst: /etc/resticprofile/profiles.d/system.conf.dist }
+ - { type: config, src: contrib/posix/repository.d/default.conf, dst: /etc/resticprofile/repository.d/default.conf.dist }
+ - { type: config, src: contrib/posix/repository.d/other.conf.sample, dst: /etc/resticprofile/repository.d/other.conf.sample }
+ - { type: config, src: contrib/posix/templates/default-host.conf, dst: /etc/resticprofile/templates/default-host.conf.dist }
+ - { type: config, src: contrib/posix/templates/default-tags.conf, dst: /etc/resticprofile/templates/default-tags.conf.dist }
  - { type: config, src: contrib/posix/templates/systemd.timer.in, dst: /etc/resticprofile/templates/systemd.timer.in.dist }
  - { type: config, src: contrib/posix/templates/systemd.unit.in, dst: /etc/resticprofile/templates/systemd.unit.in.dist }
- - src: contrib/systemd/resticprofile-send-error.sh
+ - src: contrib/posix/resticprofile-send-error.rc
+ dst: /etc/resticprofile/resticprofile-send-error.rc.dist
+ - src: contrib/notification-scripts/resticprofile-send-error.sh
  dst: /usr/local/bin/resticprofile-send-error
- file_info: { mode: 0640, owner: root, group: root }
+ file_info: { mode: 0755, owner: root, group: root }

contrib/notification-scripts/README.md

@@ -15,6 +15,7 @@ Usage:
 resticprofile-send-error.sh [options] user1@domain user2@domain ...
 Options:
  -s Only send mail when operating on schedule (RESTICPROFILE_ON_SCHEDULE=1)
+ -o name,.. Only send mail when PROFILE_NAME is in the list of specified names
  -c command Set the profile command (instead of PROFILE_COMMAND)
  -n name Set the profile name (instead of PROFILE_NAME)
  -p Print mail to stdout instead of sending it

contrib/notification-scripts/resticprofile-send-error.sh

@@ -7,6 +7,7 @@ help() {
  Usage $1 [options] user1@domain user2@domain ...
  Options:
  -s Only send mail when operating on schedule (RESTICPROFILE_ON_SCHEDULE=1)
+ -o name,.. Only send mail when PROFILE_COMMAND is in the list of specified names
  -c command Set the profile command (instead of PROFILE_COMMAND)
  -n name Set the profile name (instead of PROFILE_NAME)
  -p Print mail to stdout instead of sending it
@@ -17,9 +18,11 @@ HELP
 # Parse CLI args
 FORCE_SENDING=0
 SEND_COMMAND=""
-while getopts 'c:fhn:ps' flag ; do
+LIMIT_COMMAND_NAMES=""
+while getopts 'c:fhn:o:ps' flag ; do
  case "${flag}" in
  c) PROFILE_COMMAND="${OPTARG}" ;;
+ o) LIMIT_COMMAND_NAMES="${OPTARG}" ;;
  f) FORCE_SENDING=1 ;;
  n) PROFILE_NAME="${OPTARG}" ;;
  p) SEND_COMMAND="cat -" ;;
@@ -51,14 +54,14 @@ RC_FILE="/etc/resticprofile/$(basename "$0").rc}"
 [[ -f "${RC_FILE}" ]] && source "${RC_FILE}"
 
 main() {
- if [[ -n "${PROFILE_NAME}" || "${FORCE_SENDING}" == "1" ]] ; then
+ if can_send ; then
  if [[ -n "${DETAILS_COMMAND}" ]] ; then
  DETAILS_COMMAND_RESULT="$(${DETAILS_COMMAND})"
  fi
 
  for email in "$@" "${MAIL_TO}" ; do
  if [[ "${email}" =~ ^[a-zA-Z0-9_.%+-]+@[a-zA-Z0-9_]+[a-zA-Z0-9_.-]+$ ]] ; then
- send_mail "${email}" || echo "Failed sending to \"${email}\""
+ send_mail "${email}" || echo "Failed sending to \"${email}\" using '${SEND_COMMAND}' exit code $?"
  elif [[ -n "${email}" ]] ; then
  echo "Skipping notification for invalid address \"${email}\""
  fi
@@ -67,6 +70,22 @@ main() {
  return 0
 }
 
+can_send() {
+ if [[ -n "${PROFILE_NAME}" ]] ; then
+ if [[ -n "${LIMIT_COMMAND_NAMES}" ]] ; then
+ local IFS=",; "
+ for cmd in ${LIMIT_COMMAND_NAMES} ; do
+ [[ "${PROFILE_COMMAND}" == "$cmd" ]] && return 0
+ done
+ else
+ return 0
+ fi
+ fi
+
+ [[ "${FORCE_SENDING}" == "1" ]]
+ return $?
+}
+
 send_mail() {
  ${SEND_COMMAND} <<ERRMAIL
 To: $1

contrib/posix/README.md

@@ -2,18 +2,20 @@
 
 **Layout for `/etc/resticprofile`**:
 
-* `profiles.conf` - host centric default configuration
+* `conf.d/*` - default configuration and config overrides
+* `profiles.conf` - main configuration file 
 * `profiles.d/*` - host centric backup profiles (`*.toml` & `*.yaml`)
-* `conf.d/*` - overrides & extra configuration
+* `repositories.d/*` - restic repository configuration
+* `templates/*` - reusable config blocks and system templates
 
 The layout is used in `deb`, `rpm` and `apk` packages of `resticprofile`
 
 **Generated files**:
-* `conf.d/default-repository.secret` - during installation, only if missing
+* `repositories.d/default-repository.secret` - during installation, only if missing
 
 **Referenced files and paths**:
-* `conf.d/default-repository-self-signed-pub.pem` - TLS public cert (self-signed only)
-* `conf.d/default-repository-client.pem` - TLS client cert
+* `repositories.d/default-repository-self-signed-pub.pem` - TLS public cert (self-signed only)
+* `repositories.d/default-repository-client.pem` - TLS client cert
 * `/var/lib/prometheus/node-exporter/resticprofile-*.prom` - Prometheus files
 * `$TMPDIR/resticprofile-*` - Status and lock files
 
@@ -28,13 +30,23 @@ The layout is used in `deb`, `rpm` and `apk` packages of `resticprofile`
 Setup repository and validate system backup profile:
 ```shell
 cd /etc/resticprofile/
-vim conf.d/repository.conf
+vim repositories.d/default.conf
 vim profiles.d/system.toml
 ```
 
-## Test config and backup
+## Verify configuration, backup & restore
 ```shell
-resticprofile -n root show
-resticprofile -n root --dry-run backup
-resticprofile -n root backup
+resticprofile root.show
+resticprofile --dry-run root.backup
+resticprofile root.backup
+resticprofile root.snapshots
+resticprofile root.mount /mnt/restore &
+```
+
+## Maintenance (check & prune)
+```shell
+resticprofile maintenance.check
+resticprofile maintenance.prune
+resticprofile maintenance.schedule
+resticprofile maintenance.unschedule
 ```

contrib/posix/conf.d/backup.conf

@@ -0,0 +1,211 @@
+# -----------------------------------------------------------------------------
+##
+# Default configuration for backup & restore related commands
+#
+# This file contains useful defaults to reduce amount of configuration work
+# needed in derived profiles. It should NOT contain a full backup config
+# with "source" definitions, since these whould be inherited by all backup
+# profiles that derive from "base" (or "default").
+#
+# To define backup sources, create a profile config in "profiles.d" like:
+#
+# >>> "profiles.d/example.conf"
+#
+# [profiles.example]
+# description = "Backup example"
+# inherit = "base"
+#
+# [profiles.example.backup]
+# schedule = "daily"
+# source = [
+# "/path/to/backup",
+# "/other/path/to/backup",
+# ]
+#
+# <<<
+#
+
+
+##
+# Backup defaults
+[profiles.default.backup]
+
+# Hostname to identify backup snapshots in the repository from this host
+{{ template "conf:default-host" . }}
+
+#
+# Tags (besides host & path) are used to identify snapshots belonging to
+# a certain backup.
+#
+# Multiple tags can be defined, but profile name should always be included,
+# the expression "{{ .Profile.Name }}" resolves to the currently active
+# profile name.
+#
+# Notes:
+#
+# - Set the same tags for "backup" and "retention" unless you know what you
+# are doing. Retention uses the tags defined in the backup section when
+# "tag = true" is set in the retention configuration and this default
+# setup should not be changed.
+#
+# - Most of the command sections should use "tag = true" to copy tags from
+# backup so that restore, mount, etc. relate to the selected profile.
+#
+tag = [ "{{ .Profile.Name }}" ]
+
+# Exclude known cache files & folders from backups
+exclude-caches = true
+
+# Exclude nested filesystems
+# Prefer overriding this option in dedicated backup profiles instead of
+# globally as it can greatly increase the volume if nested FS mounts are
+# contained in backup source paths.
+one-file-system = true
+
+# Toggle whether a failure in reading a backup source is considered an error
+no-error-on-warning = false
+
+# Wait on acquiring locks when running the profile on a schedule
+schedule-lock-wait = "45m"
+
+# Specify the user that runs profile tasks on a schedule
+# "system" - root runs the profile tasks
+# "user" - user that created the schedule runs the profile tasks
+schedule-permission = "system"
+
+# Toggle verbose output for troubleshooting
+#verbose = false
+
+# Toggles immediate repository check before and after backup.
+# Checks can be heavy on resources. Consider scheduling "maintenance"
+# (see "conf.d/check.conf") instead of enabling checks here.
+check-before = false
+check-after = false
+
+
+##
+# Snapshot retention defaults
+[profiles.default.retention]
+# Remove obsolete snapshots prior to starting a backup
+before-backup = false
+# Remove obsolete snapshots after a successful backup
+after-backup = true
+
+#
+# Note: Retention operates on host, path and tag filters to identify snapshots
+# to retain or remove. In most cases these filters should be in sync with
+# the backup configuration of a profile so that snapshots will be removed
+# that truely belong to a profile's backup.
+#
+
+# Host filter
+# Copying "host" block to identify snapshots by hostname
+{{ template "conf:default-host" . }}
+
+# Tag filter
+# Retention allows to build tag filter from backup with 'true'. It is strongly
+# advised not to change this as tags are the primary filter besides hostname.
+tag = true
+
+# Path filter
+# Set to "true" to copy source paths from backup, "false" or a list of paths
+# to disable or customize the path filter.
+#
+# Note: Path filters match literally on the absolute source paths recorded
+# when a snapshot was created. If sources are changed, specified relative or
+# with wildcards, snapshots may no longer be matched. Tag and host filters are
+# better suited to identify all snapshots of certain profile.
+path = false
+
+# Specify the snapshots to keep when checking for obsolete snapshots
+# Snapshots that do not match any condition are removed
+keep-tag = [ "forever" ]
+keep-last = 3
+#keep-hourly = 1
+#keep-daily = 1
+#keep-weekly = 1
+#keep-monthly = 1
+#keep-yearly = 1
+#keep-within = "30d"
+
+# Use compact format for listing snapshots
+#compact = false
+
+# Toggles immediate prune of the repository as snapshots are removed.
+#
+# While removing snapshots is a light operation, prune (reclaim space) can
+# be heavy on resources as it rewrites parts of the repository.
+# Consider scheduling "maintenance" (see "conf.d/prune.conf") instead of
+# enabling prune here.
+#
+# Also an attempt to recover a removed snapshot with "resticprofile recover"
+# only works as long as the repository was not yet pruned.
+prune = false
+
+
+##
+# Defaults for operations on repository snapshots of this host
+# Usage:
+# - "resticprofile snapshots" - view snapshots
+# - "resticprofile mount /mnt/restore" - mount snapshots
+# - "resticprofile ls latest /" - list files in a snapshot
+# - "resticprofile dump latest /file" - dump a file to stdout
+# - "resticprofile find PATTERN..." - find files in snapshots
+# - "resticprofile copy --repo2=..." - copy snapshots to repo2
+# - "resticprofile restore --target=/to/dir --include=PATTERN... latest"
+[profiles.default.copy]
+{{ template "conf:default-host" . }}
+schedule-lock-wait = "1h30m"
+[profiles.default.dump]
+{{ template "conf:default-host" . }}
+[profiles.default.find]
+{{ template "conf:default-host" . }}
+[profiles.default.forget]
+{{ template "conf:default-host" . }}
+[profiles.default.ls]
+{{ template "conf:default-host" . }}
+[profiles.default.mount]
+{{ template "conf:default-host" . }}
+[profiles.default.restore]
+{{ template "conf:default-host" . }}
+[profiles.default.snapshots]
+{{ template "conf:default-host" . }}
+[profiles.default.stats]
+{{ template "conf:default-host" . }}
+[profiles.default.tag]
+{{ template "conf:default-host" . }}
+
+
+##
+# Setup operations on repository snapshots for profiles deriving from "base"
+# Usage:
+# - "resticprofile profileName.snapshots" - view snapshots
+# - "resticprofile profileName.mount /mnt/restore" - mount snapshots
+# - "resticprofile profileName.ls latest /" - list files in a snapshot
+# - "resticprofile profileName.dump latest /file" - dump a file to stdout
+# - "resticprofile profileName.find PATTERN..." - find files in snapshots
+# - "resticprofile profileName.copy --repo2=..." - copy snapshots to repo2
+# - "resticprofile profileName.restore --target=/to/dir latest"
+[profiles.base.copy]
+tag = true
+[profiles.base.dump]
+tag = true
+[profiles.base.find]
+tag = true
+[profiles.base.forget]
+tag = true
+[profiles.base.ls]
+tag = true
+[profiles.base.mount]
+tag = true
+[profiles.base.restore]
+tag = true
+[profiles.base.snapshots]
+tag = true
+[profiles.base.stats]
+tag = true
+[profiles.base.tag]
+tag = true
+
+
+# -----------------------------------------------------------------------------