From 92970a673f0915c3d1818033dd40245615fa8ab9 Mon Sep 17 00:00:00 2001
From: Wojciech Kozlowski <wk@wojciechkozlowski.eu>
Date: Sat, 14 Dec 2019 16:51:01 +0100
Subject: [PATCH] Add a backblaze backup script

---
 ansible/b2.cred.j2                            | 10 ++++++
 .../etc/systemd/system/loki-backup.service.j2 |  1 +
 ansible/loki.yml                              | 32 +++++++++----------
 ansible/secrets.def.yml                       |  6 ++++
 b2-backup.sh                                  | 22 +++++++++++++
 backup.sh                                     | 15 +++++++--
 6 files changed, 67 insertions(+), 19 deletions(-)
 create mode 100644 ansible/b2.cred.j2
 create mode 100644 b2-backup.sh

diff --git a/ansible/b2.cred.j2 b/ansible/b2.cred.j2
new file mode 100644
index 0000000..0fcdb8b
--- /dev/null
+++ b/ansible/b2.cred.j2
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+# Backblaze B2 configuration variables
+B2_ACCOUNT="{{ b2_key_id }}"
+B2_KEY="{{ b2_app_key }}"
+B2_BUCKET="loki-backup"
+
+# GPG key (last 8 characters)
+GPG_KEY="{{ gpg_key_id }}"
+PASSPHRASE="{{ gpg_passphrase }}"
diff --git a/ansible/etc/systemd/system/loki-backup.service.j2 b/ansible/etc/systemd/system/loki-backup.service.j2
index fdce049..7972041 100644
--- a/ansible/etc/systemd/system/loki-backup.service.j2
+++ b/ansible/etc/systemd/system/loki-backup.service.j2
@@ -6,3 +6,4 @@ WorkingDirectory={{ loki_dir }}
 Type=oneshot
 ExecStartPre={{ loki_dir }}/registry-cleaner.sh
 ExecStart={{ loki_dir }}/backup.sh -b
+ExecStartPost={{ loki_dir }}/b2-backup.sh
diff --git a/ansible/loki.yml b/ansible/loki.yml
index 836856b..cc8fb7a 100644
--- a/ansible/loki.yml
+++ b/ansible/loki.yml
@@ -58,27 +58,15 @@
       git:
         repo: https://github.com/Wojtek242/loki.git
         dest: "{{ loki_dir }}"
+        update: no
       register: loki_git
 
-    - block:
-        - name: Update
-          command: ./update.sh
-          args:
-            chdir: "{{ loki_dir }}"
-
-      rescue:
-        - debug:
-            msg: "Failed to pull containers from registry - will build locally"
-
-        - name: Build locally
-          command: make build-all
-          args:
-            chdir: "{{ loki_dir }}"
-
+    - name: Build containers locally
+      command: make build-all
+      args:
+        chdir: "{{ loki_dir }}"
       when: loki_git is changed
 
-    # Hosts file must be added after the first update as otherwise the initial
-    # container pull will always fail
     - name: Add hosts file
       template:
         src: ./etc/hosts.j2
@@ -105,12 +93,22 @@
     # Loki backup service.
     # -------------------------------------------------------------------------
 
+    - name: Install duplicity
+      apt:
+        name: duplicity
+
     - name: Create GitLab credentials file
       template:
         src: ./gitlab.cred.j2
         dest: "{{ loki_dir }}/gitlab.cred"
         mode: 0644
 
+    - name: Create B2 credentials file
+      template:
+        src: ./b2.cred.j2
+        dest: "{{ loki_dir }}/b2.cred"
+        mode: 0644
+
     - name: Install Loki backup service
       template:
         src: ./etc/systemd/system/loki-backup.service.j2
diff --git a/ansible/secrets.def.yml b/ansible/secrets.def.yml
index bc8bde9..c3910ca 100644
--- a/ansible/secrets.def.yml
+++ b/ansible/secrets.def.yml
@@ -38,3 +38,9 @@ domains:
 loki_dir:
 gitlab_username:
 gitlab_access_token:
+
+# Backblaze setup
+b2_key_id:
+b2_app_key:
+gpg_key_id:
+gpg_passphrase:
diff --git a/b2-backup.sh b/b2-backup.sh
new file mode 100644
index 0000000..9e32300
--- /dev/null
+++ b/b2-backup.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+# Import all account and GPG variables
+source ./b2.cred
+
+# Local directory to backup
+LOCAL_DIR="/media/usb0/backup"
+
+# Perform a full backup
+duplicity full \
+          --encrypt-sign-key $GPG_KEY \
+          ${LOCAL_DIR} b2://${B2_ACCOUNT}:${B2_KEY}@${B2_BUCKET}
+
+# Cleanup failures
+duplicity cleanup --force \
+          --encrypt-sign-key $GPG_KEY \
+          b2://${B2_ACCOUNT}:${B2_KEY}@${B2_BUCKET}
+
+# Show collection-status
+duplicity collection-status \
+          --encrypt-sign-key $GPG_KEY \
+          b2://${B2_ACCOUNT}:${B2_KEY}@${B2_BUCKET}
diff --git a/backup.sh b/backup.sh
index 20128d7..8a6c712 100755
--- a/backup.sh
+++ b/backup.sh
@@ -11,6 +11,8 @@ NC='\033[00m'
 SCRIPT=$(readlink -f $0)
 DIRNAME=$(dirname $SCRIPT)
 
+BACKUP_DIR="/media/usb0/backup"
+
 # -----------------------------------------------------------------------------
 # Get the list of volumes.
 # -----------------------------------------------------------------------------
@@ -81,6 +83,15 @@ function backup {
 
     volumes=$1
 
+    # Remove old backup directory
+    if [ ! -d ${BACKUP_DIR} ]; then
+        rm -f ${BACKUP_DIR}/*.tar
+        rmdir ${BACKUP_DIR}
+    fi
+
+    # Make sure directory exists
+    mkdir ${BACKUP_DIR}
+
     for vol in "${volumes[@]}"
     do
         echo -e "${CYAN}[${SCRIPT}] Back up ${YELLOW}${vol}${CYAN} volume${NC}"
@@ -88,7 +99,7 @@ function backup {
         set -o xtrace
         docker run --rm \
                -v loki_${vol}:/opt/${vol} \
-               -v /media/usb0:/opt/backup \
+               -v ${BACKUP_DIR}:/opt/backup \
                debian:stable-slim \
                bash -c "cd /opt/${vol} && tar cf /opt/backup/${vol}.tar ."
         set +o xtrace
@@ -111,7 +122,7 @@ function restore {
         set -o xtrace
         docker run --rm \
                -v loki_${vol}:/opt/${vol} \
-               -v /media/usb0:/opt/backup \
+               -v ${BACKUP_DIR}:/opt/backup \
                debian:stable-slim \
                bash -c "cd /opt/${vol} && tar xf /opt/backup/${vol}.tar"
         set +o xtrace