From 3e0269ba99a8bbd10eb9b705d83aa111d76755ed Mon Sep 17 00:00:00 2001
From: Franziska Kunsmann <hi@kunsmann.eu>
Date: Tue, 4 Jan 2022 17:14:55 +0100
Subject: [PATCH] bundles/backup-{client,server}: use node names, only deploy
 users to correct backup server

---
 bundles/backup-client/files/generate-backup |  8 +++++---
 bundles/backup-client/items.py              | 11 ++++-------
 bundles/backup-server/metadata.py           |  8 ++++++++
 groups/os.py                                |  2 +-
 nodes/home/nas.py                           |  2 ++
 5 files changed, 20 insertions(+), 11 deletions(-)

diff --git a/bundles/backup-client/files/generate-backup b/bundles/backup-client/files/generate-backup
index 8764358..fa5ad60 100644
--- a/bundles/backup-client/files/generate-backup
+++ b/bundles/backup-client/files/generate-backup
@@ -2,7 +2,9 @@
 
 statusfile=/var/tmp/backup.monitoring
 ssh_login="${username}@${server}"
+ssh_cmnd="ssh -o IdentityFile=/etc/backup.priv -o StrictHostKeyChecking=accept-new -p ${port}"
 
+<%text>
 NL=$'\n'
 
 if ! [[ -f /etc/backup.priv ]]
@@ -32,7 +34,7 @@ do_backup() {
         # Compress level 1 is a good compromise between speed and cpu usage.
         rsync --compress-level=1 -aAP --numeric-ids --delete --relative \
             --rsync-path="/usr/bin/rsync --fake-super" \
-            -e "ssh -o IdentityFile=/etc/backup.priv -o StrictHostKeyChecking=accept-new -p ${port}" \
+            -e "$ssh_cmnd" \
             "$1" "$ssh_login":backups/
 
         # Exit code 24 means some files have vanished during rsync.
@@ -52,13 +54,13 @@ do_backup() {
     if [[ "$backup_has_successfully_run" != "yes" ]]
     then
         echo "Backup for '$1' did not succeed!" | logger -t backup-client -p user.error
-<%text>
         rsync_errors+="${NL}${1}${rsync_errorcodes_for_this_path}"
-</%text>
     fi
 }
 
 rsync_errors=""
+</%text>
+
 % for path in sorted(paths):
 do_backup "${path}"
 % endfor
diff --git a/bundles/backup-client/items.py b/bundles/backup-client/items.py
index f816855..3d91c8e 100644
--- a/bundles/backup-client/items.py
+++ b/bundles/backup-client/items.py
@@ -22,22 +22,19 @@ if node.metadata.get('backups/exclude_from_backups', False):
         'delete': True,
     }
 else:
-    if ':' in node.metadata['backup-client']['server']:
-        server, port = node.metadata['backup-client']['server'].split(':')
-    else:
-        server = node.metadata['backup-client']['server']
-        port = 22
+    backup_target = repo.get_node(node.metadata.get('backup-client/target'))
 
     files['/usr/local/bin/generate-backup'] = {
         'content_type': 'mako',
         'context': {
             'username': node.metadata['backup-client']['user-name'],
-            'server': server,
-            'port': port,
+            'server': backup_target.metadata.get('backup-server/my_hostname'),
+            'port': backup_target.metadata.get('backup-server/my_ssh_port'),
             'paths': backup_paths,
         },
         'mode': '0700',
     }
+
     files['/etc/backup.priv'] = {
         'content': repo.vault.decrypt_file(join('backup', 'keys', f'{node.name}.key.vault')),
         'mode': '0400',
diff --git a/bundles/backup-server/metadata.py b/bundles/backup-server/metadata.py
index dfa0899..990c39f 100644
--- a/bundles/backup-server/metadata.py
+++ b/bundles/backup-server/metadata.py
@@ -1,4 +1,7 @@
 defaults = {
+    'backup-server': {
+        'my_ssh_port': 22,
+    },
     'openssh': {
         'allowed_users': {
             # Usernames for backup clients always start with 'c-'
@@ -9,6 +12,7 @@ defaults = {
 
 @metadata_reactor.provides(
     'backup-server/clients',
+    'backup-server/my_hostname',
 )
 def get_my_clients(metadata):
     my_clients = {}
@@ -17,6 +21,9 @@ def get_my_clients(metadata):
         if not rnode.has_bundle('backup-client') or rnode.metadata.get('backups/exclude_from_backups', False):
             continue
 
+        if node.name != rnode.metadata.get('backup-client/target'):
+            continue
+
         my_clients[rnode.name] = {
             'user': rnode.metadata.get('backup-client/user-name'),
         }
@@ -24,6 +31,7 @@ def get_my_clients(metadata):
     return {
         'backup-server': {
             'clients': my_clients,
+            'my_hostname': metadata.get('hostname'),
         },
     }
 
diff --git a/groups/os.py b/groups/os.py
index 368ac72..c17190d 100644
--- a/groups/os.py
+++ b/groups/os.py
@@ -38,7 +38,7 @@ groups['linux'] = {
             },
         },
         'backup-client': {
-            'server': 'backup-kunsi.htz-hel.kunbox.net',
+            'target': 'htz-hel.backup-kunsi',
         },
         'firewall': {
             'port_rules': {
diff --git a/nodes/home/nas.py b/nodes/home/nas.py
index 057d593..2e11900 100644
--- a/nodes/home/nas.py
+++ b/nodes/home/nas.py
@@ -55,6 +55,8 @@ nodes['home.nas'] = {
                     'user': 'kunsi-t470',
                 },
             },
+            'my_hostname': 'franzi-home.kunbox.net',
+            'my_ssh_port': 2022,
             'zfs-base': 'storage/backups',
         },
         'cron': {