backups: do backup rotation ourselves instead of relying on zfs-auto-snapshot

2022-01-05 09:53:18 +01:00 · 2022-01-05 09:53:18 +01:00 · c9054a243a
commit c9054a243a
parent b6eb12ed90
7 changed files with 169 additions and 13 deletions
--- a/bundles/backup-server/items.py
+++ b/bundles/backup-server/items.py
@ -1,17 +1,41 @@
 repo.libs.tools.require_bundle(node, 'zfs')

 from os.path import join
+from bundlewrap.metadata import metadata_to_json

 dataset = node.metadata.get('backup-server/zfs-base')

+files = {
+    '/etc/backup-server/config.json': {
+        'content': metadata_to_json({
+            'zfs-base': dataset,
+        }),
+    },
+    '/usr/local/bin/rotate-single-backup-client': {
+        'mode': '0755',
+    },
+}
+
+directories['/etc/backup-server/clients'] = {
+    'purge': True,
+}
+
+sudoers = {}
+
 for nodename, config in node.metadata.get('backup-server/clients', {}).items():
    with open(join(repo.path, 'data', 'backup', 'keys', f'{nodename}.pub'), 'r') as f:
        pubkey = f.read().strip()

+    sudoers[config['user']] = nodename
+
    users[config['user']] = {
        'home': f'/srv/backups/{nodename}',
    }

+    files[f'/etc/backup-server/clients/{nodename}'] = {
+        'content': metadata_to_json(config['retain']),
+    }
+
    files[f'/srv/backups/{nodename}/.ssh/authorized_keys'] = {
        'content': pubkey,
        'owner': config['user'],
@ -28,3 +52,11 @@ for nodename, config in node.metadata.get('backup-server/clients', {}).items():
            f'zfs_dataset:{dataset}/{nodename}',
        },
    }
+
+files['/etc/sudoers.d/backup-server'] = {
+    'source': 'sudoers',
+    'content_type': 'mako',
+    'context': {
+        'clients': sudoers,
+    },
+}