mirror of
https://github.com/offen/docker-volume-backup.git
synced 2024-11-22 21:30:28 +01:00
Added _FILE variant for all password vars.
This commit is contained in:
parent
536af29222
commit
cc4492d2c0
@ -25,7 +25,7 @@ type Config struct {
|
|||||||
AwsStorageClass string
|
AwsStorageClass string
|
||||||
AwsAccessKeyID string `env:"AWS_ACCESS_KEY_ID"`
|
AwsAccessKeyID string `env:"AWS_ACCESS_KEY_ID"`
|
||||||
AwsAccessKeyIDFile string `env:"AWS_ACCESS_KEY_ID_FILE,file"`
|
AwsAccessKeyIDFile string `env:"AWS_ACCESS_KEY_ID_FILE,file"`
|
||||||
AwsSecretAccessKey string
|
AwsSecretAccessKey string `env:"AWS_SECRET_ACCESS_KEY"`
|
||||||
AwsSecretAccessKeyFile string `env:"AWS_SECRET_ACCESS_KEY_FILE,file"`
|
AwsSecretAccessKeyFile string `env:"AWS_SECRET_ACCESS_KEY_FILE,file"`
|
||||||
AwsIamRoleEndpoint string
|
AwsIamRoleEndpoint string
|
||||||
AwsPartSize int64
|
AwsPartSize int64
|
||||||
@ -42,7 +42,8 @@ type Config struct {
|
|||||||
BackupFromSnapshot bool
|
BackupFromSnapshot bool
|
||||||
BackupExcludeRegexp RegexpDecoder
|
BackupExcludeRegexp RegexpDecoder
|
||||||
BackupSkipBackendsFromPrune []string
|
BackupSkipBackendsFromPrune []string
|
||||||
GpgPassphrase string
|
GpgPassphrase string `env:"GPG_PASSPHRASE"`
|
||||||
|
GpgPassphraseFile string `env:"GPG_PASSPHRASE_FILE,file"`
|
||||||
NotificationURLs []string `env:"NOTIFICATION_URLS"`
|
NotificationURLs []string `env:"NOTIFICATION_URLS"`
|
||||||
NotificationLevel string `envDefault:"error"`
|
NotificationLevel string `envDefault:"error"`
|
||||||
EmailNotificationRecipient string
|
EmailNotificationRecipient string
|
||||||
@ -51,17 +52,21 @@ type Config struct {
|
|||||||
EmailSMTPPort int `env:"EMAIL_SMTP_PORT" envDefault:"587"`
|
EmailSMTPPort int `env:"EMAIL_SMTP_PORT" envDefault:"587"`
|
||||||
EmailSMTPUsername string `env:"EMAIL_SMTP_USERNAME"`
|
EmailSMTPUsername string `env:"EMAIL_SMTP_USERNAME"`
|
||||||
EmailSMTPPassword string `env:"EMAIL_SMTP_PASSWORD"`
|
EmailSMTPPassword string `env:"EMAIL_SMTP_PASSWORD"`
|
||||||
|
EmailSMTPPasswordFile string `env:"EMAIL_SMTP_PASSWORD_FILE,file"`
|
||||||
WebdavUrl string
|
WebdavUrl string
|
||||||
WebdavUrlInsecure bool
|
WebdavUrlInsecure bool
|
||||||
WebdavPath string `envDefault:"/"`
|
WebdavPath string `envDefault:"/"`
|
||||||
WebdavUsername string
|
WebdavUsername string
|
||||||
WebdavPassword string
|
WebdavPassword string `env:"WEBDAV_PASSWORD"`
|
||||||
|
WebdavPasswordFile string `env:"WEBDAV_PASSWORD_FILE,file"`
|
||||||
SSHHostName string `env:"SSH_HOST_NAME"`
|
SSHHostName string `env:"SSH_HOST_NAME"`
|
||||||
SSHPort string `env:"SSH_PORT" envDefault:"22"`
|
SSHPort string `env:"SSH_PORT" envDefault:"22"`
|
||||||
SSHUser string `env:"SSH_USER"`
|
SSHUser string `env:"SSH_USER"`
|
||||||
SSHPassword string `env:"SSH_PASSWORD"`
|
SSHPassword string `env:"SSH_PASSWORD"`
|
||||||
|
SSHPasswordFile string `env:"SSH_PASSWORD_FILE,file"`
|
||||||
SSHIdentityFile string `env:"SSH_IDENTITY_FILE" envDefault:"/root/.ssh/id_rsa"`
|
SSHIdentityFile string `env:"SSH_IDENTITY_FILE" envDefault:"/root/.ssh/id_rsa"`
|
||||||
SSHIdentityPassphrase string `env:"SSH_IDENTITY_PASSPHRASE"`
|
SSHIdentityPassphrase string `env:"SSH_IDENTITY_PASSPHRASE"`
|
||||||
|
SSHIdentityPassphraseFile string `env:"SSH_IDENTITY_PASSPHRASE_FILE,file"`
|
||||||
SSHRemotePath string `env:"SSH_REMOTE_PATH"`
|
SSHRemotePath string `env:"SSH_REMOTE_PATH"`
|
||||||
ExecLabel string
|
ExecLabel string
|
||||||
ExecForwardOutput bool
|
ExecForwardOutput bool
|
||||||
@ -73,13 +78,26 @@ type Config struct {
|
|||||||
AzureStorageEndpoint string `envDefault:"https://{{ .AccountName }}.blob.core.windows.net/"`
|
AzureStorageEndpoint string `envDefault:"https://{{ .AccountName }}.blob.core.windows.net/"`
|
||||||
DropboxEndpoint string `envDefault:"https://api.dropbox.com/"`
|
DropboxEndpoint string `envDefault:"https://api.dropbox.com/"`
|
||||||
DropboxOAuth2Endpoint string `env:"DROPBOX_OAUTH2_ENDPOINT" envDefault:"https://api.dropbox.com/"`
|
DropboxOAuth2Endpoint string `env:"DROPBOX_OAUTH2_ENDPOINT" envDefault:"https://api.dropbox.com/"`
|
||||||
DropboxRefreshToken string
|
DropboxRefreshToken string `env:"DROPBOX_REFRESH_TOKEN"`
|
||||||
DropboxAppKey string
|
DropboxRefreshTokenFile string `env:"DROPBOX_REFRESH_TOKEN_FILE,file"`
|
||||||
DropboxAppSecret string
|
DropboxAppKey string `env:"DROPBOX_APP_KEY"`
|
||||||
|
DropboxAppKeyFile string `env:"DROPBOX_APP_KEY_FILE,file"`
|
||||||
|
DropboxAppSecret string `env:"DROPBOX_APP_SECRET"`
|
||||||
|
DropboxAppSecretFile string `env:"DROPBOX_APP_SECRET_FILE,file"`
|
||||||
DropboxRemotePath string
|
DropboxRemotePath string
|
||||||
DropboxConcurrencyLevel NaturalNumber `envDefault:"6"`
|
DropboxConcurrencyLevel NaturalNumber `envDefault:"6"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (c *Config) getSecret(preferred string, fallback string) string {
|
||||||
|
if preferred != "" {
|
||||||
|
return preferred
|
||||||
|
}
|
||||||
|
if fallback != "" {
|
||||||
|
return fallback
|
||||||
|
}
|
||||||
|
return ""
|
||||||
|
}
|
||||||
|
|
||||||
type CompressionType string
|
type CompressionType string
|
||||||
|
|
||||||
func (c *CompressionType) UnmarshalText(text []byte) error {
|
func (c *CompressionType) UnmarshalText(text []byte) error {
|
||||||
|
@ -140,20 +140,8 @@ func newScript() (*script, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if s.c.AwsS3BucketName != "" {
|
if s.c.AwsS3BucketName != "" {
|
||||||
var accessKeyID string
|
accessKeyID := s.c.getSecret(s.c.AwsAccessKeyIDFile, s.c.AwsAccessKeyID)
|
||||||
var secretAccessKey string
|
secretAccessKey := s.c.getSecret(s.c.AwsSecretAccessKeyFile, s.c.AwsSecretAccessKey)
|
||||||
|
|
||||||
if s.c.AwsAccessKeyIDFile != "" {
|
|
||||||
accessKeyID = s.c.AwsAccessKeyIDFile
|
|
||||||
} else {
|
|
||||||
accessKeyID = s.c.AwsAccessKeyID
|
|
||||||
}
|
|
||||||
|
|
||||||
if s.c.AwsSecretAccessKeyFile != "" {
|
|
||||||
secretAccessKey = s.c.AwsSecretAccessKeyFile
|
|
||||||
} else {
|
|
||||||
secretAccessKey = s.c.AwsSecretAccessKey
|
|
||||||
}
|
|
||||||
|
|
||||||
s3Config := s3.Config{
|
s3Config := s3.Config{
|
||||||
Endpoint: s.c.AwsEndpoint,
|
Endpoint: s.c.AwsEndpoint,
|
||||||
@ -176,11 +164,13 @@ func newScript() (*script, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if s.c.WebdavUrl != "" {
|
if s.c.WebdavUrl != "" {
|
||||||
|
webdavPassword := s.c.getSecret(s.c.WebdavPasswordFile, s.c.WebdavPassword)
|
||||||
|
|
||||||
webDavConfig := webdav.Config{
|
webDavConfig := webdav.Config{
|
||||||
URL: s.c.WebdavUrl,
|
URL: s.c.WebdavUrl,
|
||||||
URLInsecure: s.c.WebdavUrlInsecure,
|
URLInsecure: s.c.WebdavUrlInsecure,
|
||||||
Username: s.c.WebdavUsername,
|
Username: s.c.WebdavUsername,
|
||||||
Password: s.c.WebdavPassword,
|
Password: webdavPassword,
|
||||||
RemotePath: s.c.WebdavPath,
|
RemotePath: s.c.WebdavPath,
|
||||||
}
|
}
|
||||||
if webdavBackend, err := webdav.NewStorageBackend(webDavConfig, logFunc); err != nil {
|
if webdavBackend, err := webdav.NewStorageBackend(webDavConfig, logFunc); err != nil {
|
||||||
@ -191,13 +181,16 @@ func newScript() (*script, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if s.c.SSHHostName != "" {
|
if s.c.SSHHostName != "" {
|
||||||
|
sshPassword := s.c.getSecret(s.c.SSHPasswordFile, s.c.SSHPassword)
|
||||||
|
sshIdentityPassphrase := s.c.getSecret(s.c.SSHIdentityPassphraseFile, s.c.SSHIdentityPassphrase)
|
||||||
|
|
||||||
sshConfig := ssh.Config{
|
sshConfig := ssh.Config{
|
||||||
HostName: s.c.SSHHostName,
|
HostName: s.c.SSHHostName,
|
||||||
Port: s.c.SSHPort,
|
Port: s.c.SSHPort,
|
||||||
User: s.c.SSHUser,
|
User: s.c.SSHUser,
|
||||||
Password: s.c.SSHPassword,
|
Password: sshPassword,
|
||||||
IdentityFile: s.c.SSHIdentityFile,
|
IdentityFile: s.c.SSHIdentityFile,
|
||||||
IdentityPassphrase: s.c.SSHIdentityPassphrase,
|
IdentityPassphrase: sshIdentityPassphrase,
|
||||||
RemotePath: s.c.SSHRemotePath,
|
RemotePath: s.c.SSHRemotePath,
|
||||||
}
|
}
|
||||||
if sshBackend, err := ssh.NewStorageBackend(sshConfig, logFunc); err != nil {
|
if sshBackend, err := ssh.NewStorageBackend(sshConfig, logFunc); err != nil {
|
||||||
@ -232,12 +225,16 @@ func newScript() (*script, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if s.c.DropboxRefreshToken != "" && s.c.DropboxAppKey != "" && s.c.DropboxAppSecret != "" {
|
if s.c.DropboxRefreshToken != "" && s.c.DropboxAppKey != "" && s.c.DropboxAppSecret != "" {
|
||||||
|
dropboxRefreshToken := s.c.getSecret(s.c.DropboxRefreshTokenFile, s.c.DropboxRefreshToken)
|
||||||
|
dropboxAppKey := s.c.getSecret(s.c.DropboxAppKeyFile, s.c.DropboxAppKey)
|
||||||
|
dropboxAppSecret := s.c.getSecret(s.c.DropboxAppSecretFile, s.c.DropboxAppSecret)
|
||||||
|
|
||||||
dropboxConfig := dropbox.Config{
|
dropboxConfig := dropbox.Config{
|
||||||
Endpoint: s.c.DropboxEndpoint,
|
Endpoint: s.c.DropboxEndpoint,
|
||||||
OAuth2Endpoint: s.c.DropboxOAuth2Endpoint,
|
OAuth2Endpoint: s.c.DropboxOAuth2Endpoint,
|
||||||
RefreshToken: s.c.DropboxRefreshToken,
|
RefreshToken: dropboxRefreshToken,
|
||||||
AppKey: s.c.DropboxAppKey,
|
AppKey: dropboxAppKey,
|
||||||
AppSecret: s.c.DropboxAppSecret,
|
AppSecret: dropboxAppSecret,
|
||||||
RemotePath: s.c.DropboxRemotePath,
|
RemotePath: s.c.DropboxRemotePath,
|
||||||
ConcurrencyLevel: s.c.DropboxConcurrencyLevel.Int(),
|
ConcurrencyLevel: s.c.DropboxConcurrencyLevel.Int(),
|
||||||
}
|
}
|
||||||
@ -249,10 +246,12 @@ func newScript() (*script, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if s.c.EmailNotificationRecipient != "" {
|
if s.c.EmailNotificationRecipient != "" {
|
||||||
|
smtpPassword := s.c.getSecret(s.c.EmailSMTPPasswordFile, s.c.EmailSMTPPassword)
|
||||||
|
|
||||||
emailURL := fmt.Sprintf(
|
emailURL := fmt.Sprintf(
|
||||||
"smtp://%s:%s@%s:%d/?from=%s&to=%s",
|
"smtp://%s:%s@%s:%d/?from=%s&to=%s",
|
||||||
s.c.EmailSMTPUsername,
|
s.c.EmailSMTPUsername,
|
||||||
s.c.EmailSMTPPassword,
|
smtpPassword,
|
||||||
s.c.EmailSMTPHost,
|
s.c.EmailSMTPHost,
|
||||||
s.c.EmailSMTPPort,
|
s.c.EmailSMTPPort,
|
||||||
s.c.EmailNotificationSender,
|
s.c.EmailNotificationSender,
|
||||||
@ -513,7 +512,8 @@ func (s *script) createArchive() error {
|
|||||||
// In case no passphrase is given it returns early, leaving the backup file
|
// In case no passphrase is given it returns early, leaving the backup file
|
||||||
// untouched.
|
// untouched.
|
||||||
func (s *script) encryptArchive() error {
|
func (s *script) encryptArchive() error {
|
||||||
if s.c.GpgPassphrase == "" {
|
gpgPassphrase := s.c.getSecret(s.c.GpgPassphraseFile, s.c.GpgPassphrase)
|
||||||
|
if gpgPassphrase == "" {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -535,7 +535,7 @@ func (s *script) encryptArchive() error {
|
|||||||
defer outFile.Close()
|
defer outFile.Close()
|
||||||
|
|
||||||
_, name := path.Split(s.file)
|
_, name := path.Split(s.file)
|
||||||
dst, err := openpgp.SymmetricallyEncrypt(outFile, []byte(s.c.GpgPassphrase), &openpgp.FileHints{
|
dst, err := openpgp.SymmetricallyEncrypt(outFile, []byte(gpgPassphrase), &openpgp.FileHints{
|
||||||
IsBinary: true,
|
IsBinary: true,
|
||||||
FileName: name,
|
FileName: name,
|
||||||
}, nil)
|
}, nil)
|
||||||
|
Loading…
Reference in New Issue
Block a user