Compare commits
11 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| fbf15c52b5 | |||
| 3e1fee6022 | |||
|
27c5be7964 | ||
|
|
7b2ac2e56a | ||
| 9407f7caaf | |||
| 12cfe301e3 | |||
|
|
c2a1fbd9d8 | ||
|
|
d43536b67b | ||
|
|
da5521295d | ||
|
|
e39e1033c6 | ||
|
|
ec9d4c6e4f |
@@ -2,6 +2,7 @@
|
|||||||
|
|
||||||
cd /scripts
|
cd /scripts
|
||||||
DEBUG_MODE=${DEBUG_MODE:-false}
|
DEBUG_MODE=${DEBUG_MODE:-false}
|
||||||
|
VERSION=1.1.1
|
||||||
|
|
||||||
#DOCKER_REGISTRY_URL=${DOCKER_REGISTRY_URL:-registry.format.hu}
|
#DOCKER_REGISTRY_URL=${DOCKER_REGISTRY_URL:-registry.format.hu}
|
||||||
DOCKER_REGISTRY_URL=${DOCKER_REGISTRY_URL:-safebox}
|
DOCKER_REGISTRY_URL=${DOCKER_REGISTRY_URL:-safebox}
|
||||||
@@ -109,22 +110,168 @@ backup_query_state() {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
generate_backup_server_secrets () {
|
||||||
|
|
||||||
|
mkdir -p $SECRET_DIR/backup/server
|
||||||
|
|
||||||
|
echo '{
|
||||||
|
"backupserver":{
|
||||||
|
"SSH_USER":"'$SSH_USER'",
|
||||||
|
"SSH_PORT":"'$SSH_PORT'",
|
||||||
|
"SSH_PASSWORD":"'$SSH_PASSWORD'",
|
||||||
|
"PASSWORD":"'$PASSWORD'",
|
||||||
|
"PERIOD":"'$PERIOD'",
|
||||||
|
"COMPRESSION":"'$COMPRESSION'",
|
||||||
|
"DIRECTORIES":"'$DIRECTORIES'",
|
||||||
|
"SERVICES":"'$SERVICES'",
|
||||||
|
"BACKUP_LOCAL_CLIENTS":"'$BACKUP_LOCAL_CLIENTS'",
|
||||||
|
"BACKUP_VPN_CLIENTS":"'$BACKUP_VPN_CLIENTS'"
|
||||||
|
}
|
||||||
|
}' | jq -r . > $SECRET_DIR/backup/server/backup.json
|
||||||
|
}
|
||||||
|
|
||||||
|
create_backup_service () {
|
||||||
|
|
||||||
|
ADDITIONAL=""
|
||||||
|
ADDITIONAL='"EXTRA":"--rm","PRE_START":[],"DEPEND": [],"CMD":""'
|
||||||
|
|
||||||
|
BACKUP_SERVER='{
|
||||||
|
"main": {
|
||||||
|
"SERVICE_NAME": "backup-server"
|
||||||
|
},
|
||||||
|
"containers": [
|
||||||
|
{
|
||||||
|
"IMAGE": "alpine:latest",
|
||||||
|
"NAME": "backup-init",
|
||||||
|
"NETWORK": "host",
|
||||||
|
"UPDATE": "true",
|
||||||
|
"MEMORY": "64M",
|
||||||
|
"EXTRA": "--rm",
|
||||||
|
"VOLUMES":[
|
||||||
|
{
|
||||||
|
"SOURCE": "USER_DATA",
|
||||||
|
"DEST": "/etc/user/data/",
|
||||||
|
"TYPE": "rw"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"ENTRYPOINT": "sh -c",
|
||||||
|
"CMD": "mkdir -p /etc/user/data/backup/server/ssh",
|
||||||
|
"POST_START": []
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"IMAGE": "safebox/backup-server:latest",
|
||||||
|
"NAME": "backupserver",
|
||||||
|
"NETWORK": "'$NETWORK'",
|
||||||
|
"UPDATE": "true",
|
||||||
|
"MEMORY": "64M",
|
||||||
|
"VOLUMES":[
|
||||||
|
{
|
||||||
|
"SOURCE": "USER_DATA",
|
||||||
|
"DEST": "/etc/user/data/",
|
||||||
|
"TYPE": "ro"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"SOURCE": "USER_CONFIG",
|
||||||
|
"DEST": "/etc/user/config/",
|
||||||
|
"TYPE": "ro"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"SOURCE": "USER_SECRET",
|
||||||
|
"DEST": "/etc/user/secret/",
|
||||||
|
"TYPE": "ro"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"SOURCE": "/etc/user/data/backup/server/ssh",
|
||||||
|
"DEST": "/home/'$SSH_USER'/",
|
||||||
|
"TYPE": "rw"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"ENV_FILES":["/etc/user/secret/backup/server/backup.json"],
|
||||||
|
'$ADDITIONAL',
|
||||||
|
"POST_START": []
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}'
|
||||||
|
# create backup server secrets from variables
|
||||||
|
generate_backup_server_secrets
|
||||||
|
}
|
||||||
|
|
||||||
backup_set_service() {
|
backup_set_service() {
|
||||||
|
|
||||||
echo "backup_set_service"
|
|
||||||
|
local PASSWORD="$1"
|
||||||
|
local PERIOD="$2"
|
||||||
|
local COMPRESSION="$3"
|
||||||
|
|
||||||
|
local PLANNED_TIME="$(echo "$4" | base64 -d)"
|
||||||
|
local DIRECTRIES="$5"
|
||||||
|
local SERVICES="$6"
|
||||||
|
local BACKUP_LOCAL_CLIENTS="$7"
|
||||||
|
local BACKUP_VPN_CLIENTS="$8"
|
||||||
|
|
||||||
|
local VPN="$9"
|
||||||
|
local SSH_PORT="${10:-20022}"
|
||||||
|
local SSH_USER="${11:-"backup"}"
|
||||||
|
local SSH_PASSWORD="${12:-"backup"}"
|
||||||
|
local OPERATION="${13}"
|
||||||
|
|
||||||
|
if [ "$OPERATION" == "DELETE" ]; then
|
||||||
|
|
||||||
|
sed -i '/service-backup/d' /etc/user/data/cron/crontab.txt
|
||||||
|
# delete service
|
||||||
|
rm -f /etc/user/config/services/service-backup-server*
|
||||||
|
rm -rf /etc/user/data/backup/server
|
||||||
|
rm -rf /etc/user/secret/backup/server
|
||||||
|
debug "Service backup server service deleted."
|
||||||
|
|
||||||
|
elif [ "$OPERATION" == "MODIFY" ]; then
|
||||||
|
|
||||||
|
# modify only secrets for backup server, it will be affected at the next cron job
|
||||||
|
generate_backup_server_secrets
|
||||||
|
|
||||||
|
else
|
||||||
|
|
||||||
|
if [ -z "$SSH_PORT" ] ; then
|
||||||
|
SSH_PORT=20022
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$VPN" == "true" ]; then
|
||||||
|
NETWORK=$VPN_NETWORK
|
||||||
|
create_backup_service
|
||||||
|
else
|
||||||
|
NETWORK="host"
|
||||||
|
create_backup_service
|
||||||
|
fi
|
||||||
|
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -n "$PLANNED_TIME" ]; then
|
||||||
|
if [ "$VPN" == "true" ]; then
|
||||||
|
if [ -n "$BACKUP_SERVER" ] ; then
|
||||||
|
echo "$BACKUP_SERVER" | jq -r . >/etc/user/config/services/service-backup-server-vpn.json
|
||||||
|
fi
|
||||||
|
echo "'$PLANNED_TIME' service service-backup-server-vpn" >> /etc/user/data/cron/crontab.txt
|
||||||
|
else
|
||||||
|
if [ -n "$BACKUP_SERVER" ] ; then
|
||||||
|
echo "$BACKUP_SERVER" | jq -r . >/etc/user/config/services/service-backup-server-local.json
|
||||||
|
fi
|
||||||
|
echo "'$PLANNED_TIME' service service-backup-server-local" >> /etc/user/data/cron/crontab.txt
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
backup_set_client() {
|
backup_set_client() {
|
||||||
|
|
||||||
NAME="$1"
|
local NAME="$1"
|
||||||
SIZE="$2"
|
local SIZE="$2"
|
||||||
VPN="$3"
|
local VPN="$3"
|
||||||
SSH_PORT="$4"
|
local SSH_PORT="${4:-20022}"
|
||||||
SSH_USER="$5"
|
local SSH_USER="${5:-"backup"}"
|
||||||
SSH_PASSWORD="$6"
|
local SSH_PASSWORD="${6:-"backup"}"
|
||||||
OPERATION="$7"
|
local OPERATION="$7"
|
||||||
VPN_KEY="$8"
|
local VPN_KEY="$8"
|
||||||
|
|
||||||
if [ "$OPERATION" == "DELETE" ]; then
|
if [ "$OPERATION" == "DELETE" ]; then
|
||||||
# delete service
|
# delete service
|
||||||
@@ -152,7 +299,7 @@ backup_set_client() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
ADDITIONAL=""
|
ADDITIONAL=""
|
||||||
ADDITIONAL='"EXTRA": "--label logging=promtail_user --label logging_jobname=containers --restart=always", "PRE_START": [], "DEPEND": [], "CMD": ""'
|
ADDITIONAL='"EXTRA":"--restart=always","PRE_START":[],"DEPEND":[],"CMD": ""'
|
||||||
ENVS='"ENVS": [{"SSH_USER":"'$SSH_USER'"},{"SSH_PORT":"'$SSH_PORT'"},{"SSH_PASSWORD":"'$SSH_PASSWORD'"},{"VPN_CLIENT_KEY":"'$VPN_KEY'"}],'
|
ENVS='"ENVS": [{"SSH_USER":"'$SSH_USER'"},{"SSH_PORT":"'$SSH_PORT'"},{"SSH_PASSWORD":"'$SSH_PASSWORD'"},{"VPN_CLIENT_KEY":"'$VPN_KEY'"}],'
|
||||||
|
|
||||||
echo '{
|
echo '{
|
||||||
@@ -163,6 +310,7 @@ backup_set_client() {
|
|||||||
{
|
{
|
||||||
"IMAGE": "alpine:latest",
|
"IMAGE": "alpine:latest",
|
||||||
"NAME": "'$NAME'-init",
|
"NAME": "'$NAME'-init",
|
||||||
|
"NETWORK": "host",
|
||||||
"UPDATE": "true",
|
"UPDATE": "true",
|
||||||
"MEMORY": "64M",
|
"MEMORY": "64M",
|
||||||
"EXTRA": "--rm",
|
"EXTRA": "--rm",
|
||||||
@@ -174,7 +322,7 @@ backup_set_client() {
|
|||||||
}
|
}
|
||||||
],
|
],
|
||||||
"ENTRYPOINT": "sh -c",
|
"ENTRYPOINT": "sh -c",
|
||||||
"CMD": "mkdir -p /etc/user/data/backup/clients/'$NAME'/backup && /etc/user/data/backup/clients/'$NAME'/ssh",
|
"CMD": "mkdir -p /etc/user/data/backup/clients/'$NAME'/backup && mkdir -p /etc/user/data/backup/clients/'$NAME'/ssh && chmod -R '$SSH_USER':'$SSH_USER' /etc/user/data/backup/clients/'$NAME'",
|
||||||
"POST_START": []
|
"POST_START": []
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@@ -189,13 +337,12 @@ backup_set_client() {
|
|||||||
"VOLUMES":[
|
"VOLUMES":[
|
||||||
{
|
{
|
||||||
"SOURCE": "/etc/user/data/backup/clients/'$NAME'/backup",
|
"SOURCE": "/etc/user/data/backup/clients/'$NAME'/backup",
|
||||||
"DEST": "/backup",
|
"DEST": "/home/'$SSH_USER'/backup",
|
||||||
"TYPE": "rw"
|
"TYPE": "rw"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"SOURCE": "/etc/user/data/backup/clients/'$NAME'/ssh",
|
"SOURCE": "/etc/user/data/backup/clients/'$NAME'/ssh",
|
||||||
"DEST": "/home/'$SSH_USER'/",
|
"DEST": "/home/'$SSH_USER'/.ssh",
|
||||||
"TYPE": "rw"
|
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"POST_START": []
|
"POST_START": []
|
||||||
@@ -203,8 +350,8 @@ backup_set_client() {
|
|||||||
]
|
]
|
||||||
}' | jq -r . >/etc/user/config/services/service-backup-client-$NAME.json
|
}' | jq -r . >/etc/user/config/services/service-backup-client-$NAME.json
|
||||||
|
|
||||||
debug "service-backup-client-$NAME.json stop force dns-remove"
|
debug "service-backup-client-$NAME.json start info"
|
||||||
$service_exec service-backup-client-$NAME.json start &
|
$service_exec service-backup-client-$NAME.json start info &
|
||||||
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@@ -363,6 +510,10 @@ get_repositories() {
|
|||||||
local TREES=""
|
local TREES=""
|
||||||
local REPO
|
local REPO
|
||||||
|
|
||||||
|
if [ ! -f "/etc/user/config/repositories.json" ]; then
|
||||||
|
create_repositories_json
|
||||||
|
fi
|
||||||
|
|
||||||
REPOS=$(jq -r .repositories[] /etc/user/config/repositories.json) # list of repos, delimiter by space
|
REPOS=$(jq -r .repositories[] /etc/user/config/repositories.json) # list of repos, delimiter by space
|
||||||
for REPO in $REPOS; do
|
for REPO in $REPOS; do
|
||||||
|
|
||||||
@@ -1093,16 +1244,18 @@ execute_task() {
|
|||||||
|
|
||||||
VPN_STATUS="0"
|
VPN_STATUS="0"
|
||||||
VPN_RESULT=""
|
VPN_RESULT=""
|
||||||
|
if [ -f $SECRET_DIR/vpn-proxy/wg0.conf ]; then
|
||||||
CONTAINERS=$(docker ps -a --format '{{.Names}} {{.Status}}' | grep -w wireguardproxy)
|
CONTAINERS=$(docker ps -a --format '{{.Names}} {{.Status}}' | grep -w wireguardproxy)
|
||||||
if [ "$CONTAINERS" != "" ]; then
|
if [ "$CONTAINERS" != "" ]; then
|
||||||
UP=$(echo $CONTAINERS | grep -w 'Up')
|
UP=$(echo $CONTAINERS | grep -w 'Up')
|
||||||
if [ "$UP" != "" ]; then
|
if [ "$UP" != "" ]; then
|
||||||
VPN_STATUS="2"
|
|
||||||
else
|
|
||||||
VPN_STATUS="1"
|
VPN_STATUS="1"
|
||||||
|
else
|
||||||
|
VPN_STATUS="2"
|
||||||
fi
|
fi
|
||||||
VPN_RESULT=$(echo "$CONTAINERS" | base64 -w0)
|
VPN_RESULT=$(echo "$CONTAINERS" | base64 -w0)
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
JSON_TARGET=$(echo '{ "DATE": "'$DATE'", "STATUS": "'$VPN_STATUS'", "RESULT": "'$VPN_RESULT'" }' | jq -r . | base64 -w0)
|
JSON_TARGET=$(echo '{ "DATE": "'$DATE'", "STATUS": "'$VPN_STATUS'", "RESULT": "'$VPN_RESULT'" }' | jq -r . | base64 -w0)
|
||||||
|
|
||||||
elif [ "$TASK_NAME" == "save_vpn" ]; then
|
elif [ "$TASK_NAME" == "save_vpn" ]; then
|
||||||
@@ -1136,13 +1289,29 @@ execute_task() {
|
|||||||
|
|
||||||
elif [ "$TASK_NAME" == "backup" ]; then
|
elif [ "$TASK_NAME" == "backup" ]; then
|
||||||
|
|
||||||
TASK_TYPE=$(echo $B64_JSON | base64 -d | jq -r '.TASK_TYPE)')
|
TASK_TYPE=$(echo $B64_JSON | base64 -d | jq -r '.TASK_TYPE')
|
||||||
|
|
||||||
if [ "$TASK_TYPE" == "backup_query_state" ]; then
|
if [ "$TASK_TYPE" == "backup_query_state" ]; then
|
||||||
echo "task type is backup_query_state"
|
echo "task type is backup_query_state"
|
||||||
|
|
||||||
elif [ "$TASK_TYPE" == "backup_set_service" ]; then
|
elif [ "$TASK_TYPE" == "backup_set_service" ]; then
|
||||||
|
|
||||||
|
PASSWORD="$(echo $B64_JSON | base64 -d | jq -r '.BACKUP_SERVER_PASSWORD')"
|
||||||
|
PERIOD="$(echo $B64_JSON | base64 -d | jq -r '.BACKUP_PERIOD')"
|
||||||
|
COMPRESSION="$(echo $B64_JSON | base64 -d | jq -r '.BACKUP_COMPRESSION')"
|
||||||
|
PLANNED_TIME="$(echo $B64_JSON | base64 -d | jq -r '.BACKUP_PLANNED_TIME')"
|
||||||
|
DIRECTRIES="$(echo $B64_JSON | base64 -d | jq -r '.BACKUP_DIRECTORIES')"
|
||||||
|
SERVICES="$(echo $B64_JSON | base64 -d | jq -r '.SERVICES')"
|
||||||
|
BACKUP_LOCAL_CLIENTS="$(echo $B64_JSON | base64 -d | jq -r '.BACKUP_LOCAL_CLIENTS')"
|
||||||
|
BACKUP_VPN_CLIENTS="$(echo $B64_JSON | base64 -d | jq -r '.BACKUP_VPN_CLIENTS')"
|
||||||
|
VPN="$(echo $B64_JSON | base64 -d | jq -r '.VPN')"
|
||||||
|
SSH_PORT="$(echo $B64_JSON | base64 -d | jq -r '.SSH_PORT')"
|
||||||
|
SSH_USER="$(echo $B64_JSON | base64 -d | jq -r '.SSH_USER')"
|
||||||
|
SSH_PASSWORD="$(echo $B64_JSON | base64 -d | jq -r '.SSH_PASSWORD')"
|
||||||
|
OPERATION="$(echo $B64_JSON | base64 -d | jq -r '.OPERATION')"
|
||||||
|
|
||||||
echo "task type is backup_set_service"
|
echo "task type is backup_set_service"
|
||||||
|
backup_set_service "$PASSWORD" "$PERIOD" "$COMPRESSION" "$PLANNED_TIME" "$DIRECTRIES" "$SERVICES" "$BACKUP_LOCAL_CLIENTS" "$BACKUP_VPN_CLIENTS" "$VPN" "$SSH_PORT" "$SSH_USER" "$SSH_PASSWORD" "$OPERATION"
|
||||||
|
|
||||||
elif [ "$TASK_TYPE" == "backup_set_client" ]; then
|
elif [ "$TASK_TYPE" == "backup_set_client" ]; then
|
||||||
|
|
||||||
@@ -1153,14 +1322,8 @@ execute_task() {
|
|||||||
SSH_USER="$(echo $B64_JSON | base64 -d | jq -r '.BACKUP_CLIENT_SSH_USER')"
|
SSH_USER="$(echo $B64_JSON | base64 -d | jq -r '.BACKUP_CLIENT_SSH_USER')"
|
||||||
SSH_PASSWORD="$(echo $B64_JSON | base64 -d | jq -r '.BACKUP_CLIENT_SSH_PASSWORD')"
|
SSH_PASSWORD="$(echo $B64_JSON | base64 -d | jq -r '.BACKUP_CLIENT_SSH_PASSWORD')"
|
||||||
OPERATION="$(echo $B64_JSON | base64 -d | jq -r '.BACKUP_CLIENT_OPERATION')"
|
OPERATION="$(echo $B64_JSON | base64 -d | jq -r '.BACKUP_CLIENT_OPERATION')"
|
||||||
debug "task type is backup_set_client for $NAME"
|
|
||||||
debug " size: $SIZE"
|
|
||||||
debug " vpn: $VPN"
|
|
||||||
debug " ssh_port: $SSH_PORT"
|
|
||||||
debug " ssh_user: $SSH_USER"
|
|
||||||
debug " ssh_password: $SSH_PASSWORD"
|
|
||||||
debug " operation: $OPERATION"
|
|
||||||
|
|
||||||
|
debug "task type is backup_set_client for $NAME"
|
||||||
backup_set_client "$NAME" "$SIZE" "$VPN" "$SSH_PORT" "$SSH_USER" "$SSH_PASSWORD" "$OPERATION"
|
backup_set_client "$NAME" "$SIZE" "$VPN" "$SSH_PORT" "$SSH_USER" "$SSH_PASSWORD" "$OPERATION"
|
||||||
|
|
||||||
elif [ "$TASK_TYPE" == "backup_challenge_clients" ]; then
|
elif [ "$TASK_TYPE" == "backup_challenge_clients" ]; then
|
||||||
@@ -1193,7 +1356,7 @@ execute_task() {
|
|||||||
|
|
||||||
upgrade_scheduler
|
upgrade_scheduler
|
||||||
echo "Removing old framework scheduler container..."
|
echo "Removing old framework scheduler container..."
|
||||||
JSON_TARGET=$(echo '{"DATE":"'$DATE'","INSTALL_STATUS":1}' | jq -r . | base64 -w0)
|
JSON_TARGET=$(echo '{"DATE":"'$DATE'","INSTALL_STATUS":1,"VERSION":'$VERSION'}' | jq -r . | base64 -w0)
|
||||||
add_json_target $NAME
|
add_json_target $NAME
|
||||||
sleep 1
|
sleep 1
|
||||||
/usr/bin/docker rm -f $HOSTNAME
|
/usr/bin/docker rm -f $HOSTNAME
|
||||||
@@ -1337,7 +1500,13 @@ DATE=$(date +%F-%H-%M-%S)
|
|||||||
DIR=$SHARED/input
|
DIR=$SHARED/input
|
||||||
|
|
||||||
# Triggers by certificate or domain config changes
|
# Triggers by certificate or domain config changes
|
||||||
|
# Set installed version number
|
||||||
|
echo '{}' | jq --arg VERSION "$VERSION" '.VERSION = $VERSION' > $SHARED/output/version.json
|
||||||
|
############################
|
||||||
|
|
||||||
|
if [ "$DEBUG_MODE" == "true" ]; then
|
||||||
|
rm $DIR/*
|
||||||
|
fi
|
||||||
unset IFS
|
unset IFS
|
||||||
|
|
||||||
inotifywait --exclude "\.(swp|tmp)" -m -e CREATE,CLOSE_WRITE,DELETE,MOVED_TO -r $DIR |
|
inotifywait --exclude "\.(swp|tmp)" -m -e CREATE,CLOSE_WRITE,DELETE,MOVED_TO -r $DIR |
|
||||||
|
|||||||
Reference in New Issue
Block a user