offen/docker-volume-backup
2
0
Fork 0
mirror of https://github.com/offen/docker-volume-backup.git synced 2024-11-22 13:20:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

Added _FILE variant for all password vars.

Browse Source
This commit is contained in:
MaxJa4 2023-08-27 21:02:06 +02:00
parent 536af29222
commit cc4492d2c0
2 changed files with 47 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
cmd/backup/config.go
View File

@ -25,7 +25,7 @@ type Config struct {
AwsStorageClass string AwsStorageClass string
AwsAccessKeyID string `env:"AWS_ACCESS_KEY_ID"` AwsAccessKeyID string `env:"AWS_ACCESS_KEY_ID"`
AwsAccessKeyIDFile string `env:"AWS_ACCESS_KEY_ID_FILE,file"` AwsAccessKeyIDFile string `env:"AWS_ACCESS_KEY_ID_FILE,file"`
AwsSecretAccessKey string AwsSecretAccessKey string `env:"AWS_SECRET_ACCESS_KEY"`
AwsSecretAccessKeyFile string `env:"AWS_SECRET_ACCESS_KEY_FILE,file"` AwsSecretAccessKeyFile string `env:"AWS_SECRET_ACCESS_KEY_FILE,file"`
AwsIamRoleEndpoint string AwsIamRoleEndpoint string
AwsPartSize int64 AwsPartSize int64
@ -42,7 +42,8 @@ type Config struct {
BackupFromSnapshot bool BackupFromSnapshot bool
BackupExcludeRegexp RegexpDecoder BackupExcludeRegexp RegexpDecoder
BackupSkipBackendsFromPrune []string BackupSkipBackendsFromPrune []string
GpgPassphrase string GpgPassphrase string `env:"GPG_PASSPHRASE"`
GpgPassphraseFile string `env:"GPG_PASSPHRASE_FILE,file"`
NotificationURLs []string `env:"NOTIFICATION_URLS"` NotificationURLs []string `env:"NOTIFICATION_URLS"`
NotificationLevel string `envDefault:"error"` NotificationLevel string `envDefault:"error"`
EmailNotificationRecipient string EmailNotificationRecipient string
@ -51,17 +52,21 @@ type Config struct {
EmailSMTPPort int `env:"EMAIL_SMTP_PORT" envDefault:"587"` EmailSMTPPort int `env:"EMAIL_SMTP_PORT" envDefault:"587"`
EmailSMTPUsername string `env:"EMAIL_SMTP_USERNAME"` EmailSMTPUsername string `env:"EMAIL_SMTP_USERNAME"`
EmailSMTPPassword string `env:"EMAIL_SMTP_PASSWORD"` EmailSMTPPassword string `env:"EMAIL_SMTP_PASSWORD"`
EmailSMTPPasswordFile string `env:"EMAIL_SMTP_PASSWORD_FILE,file"`
WebdavUrl string WebdavUrl string
WebdavUrlInsecure bool WebdavUrlInsecure bool
WebdavPath string `envDefault:"/"` WebdavPath string `envDefault:"/"`
WebdavUsername string WebdavUsername string
WebdavPassword string WebdavPassword string `env:"WEBDAV_PASSWORD"`
WebdavPasswordFile string `env:"WEBDAV_PASSWORD_FILE,file"`
SSHHostName string `env:"SSH_HOST_NAME"` SSHHostName string `env:"SSH_HOST_NAME"`
SSHPort string `env:"SSH_PORT" envDefault:"22"` SSHPort string `env:"SSH_PORT" envDefault:"22"`
SSHUser string `env:"SSH_USER"` SSHUser string `env:"SSH_USER"`
SSHPassword string `env:"SSH_PASSWORD"` SSHPassword string `env:"SSH_PASSWORD"`
SSHPasswordFile string `env:"SSH_PASSWORD_FILE,file"`
SSHIdentityFile string `env:"SSH_IDENTITY_FILE" envDefault:"/root/.ssh/id_rsa"` SSHIdentityFile string `env:"SSH_IDENTITY_FILE" envDefault:"/root/.ssh/id_rsa"`
SSHIdentityPassphrase string `env:"SSH_IDENTITY_PASSPHRASE"` SSHIdentityPassphrase string `env:"SSH_IDENTITY_PASSPHRASE"`
SSHIdentityPassphraseFile string `env:"SSH_IDENTITY_PASSPHRASE_FILE,file"`
SSHRemotePath string `env:"SSH_REMOTE_PATH"` SSHRemotePath string `env:"SSH_REMOTE_PATH"`
ExecLabel string ExecLabel string
ExecForwardOutput bool ExecForwardOutput bool
@ -73,13 +78,26 @@ type Config struct {
AzureStorageEndpoint string `envDefault:"https://{{ .AccountName }}.blob.core.windows.net/"` AzureStorageEndpoint string `envDefault:"https://{{ .AccountName }}.blob.core.windows.net/"`
DropboxEndpoint string `envDefault:"https://api.dropbox.com/"` DropboxEndpoint string `envDefault:"https://api.dropbox.com/"`
DropboxOAuth2Endpoint string `env:"DROPBOX_OAUTH2_ENDPOINT" envDefault:"https://api.dropbox.com/"` DropboxOAuth2Endpoint string `env:"DROPBOX_OAUTH2_ENDPOINT" envDefault:"https://api.dropbox.com/"`
DropboxRefreshToken string DropboxRefreshToken string `env:"DROPBOX_REFRESH_TOKEN"`
DropboxAppKey string DropboxRefreshTokenFile string `env:"DROPBOX_REFRESH_TOKEN_FILE,file"`
DropboxAppSecret string DropboxAppKey string `env:"DROPBOX_APP_KEY"`
DropboxAppKeyFile string `env:"DROPBOX_APP_KEY_FILE,file"`
DropboxAppSecret string `env:"DROPBOX_APP_SECRET"`
DropboxAppSecretFile string `env:"DROPBOX_APP_SECRET_FILE,file"`
DropboxRemotePath string DropboxRemotePath string
DropboxConcurrencyLevel NaturalNumber `envDefault:"6"` DropboxConcurrencyLevel NaturalNumber `envDefault:"6"`
} }
func (c *Config) getSecret(preferred string, fallback string) string {
if preferred != "" {
return preferred
}
if fallback != "" {
return fallback
}
return ""
}
type CompressionType string type CompressionType string
func (c *CompressionType) UnmarshalText(text []byte) error { func (c *CompressionType) UnmarshalText(text []byte) error {

46
cmd/backup/script.go
View File

@ -140,20 +140,8 @@ func newScript() (*script, error) {
} }
if s.c.AwsS3BucketName != "" { if s.c.AwsS3BucketName != "" {
var accessKeyID string accessKeyID := s.c.getSecret(s.c.AwsAccessKeyIDFile, s.c.AwsAccessKeyID)
var secretAccessKey string secretAccessKey := s.c.getSecret(s.c.AwsSecretAccessKeyFile, s.c.AwsSecretAccessKey)
if s.c.AwsAccessKeyIDFile != "" {
accessKeyID = s.c.AwsAccessKeyIDFile
} else {
accessKeyID = s.c.AwsAccessKeyID
}
if s.c.AwsSecretAccessKeyFile != "" {
secretAccessKey = s.c.AwsSecretAccessKeyFile
} else {
secretAccessKey = s.c.AwsSecretAccessKey
}
s3Config := s3.Config{ s3Config := s3.Config{
Endpoint: s.c.AwsEndpoint, Endpoint: s.c.AwsEndpoint,
@ -176,11 +164,13 @@ func newScript() (*script, error) {
} }
if s.c.WebdavUrl != "" { if s.c.WebdavUrl != "" {
webdavPassword := s.c.getSecret(s.c.WebdavPasswordFile, s.c.WebdavPassword)
webDavConfig := webdav.Config{ webDavConfig := webdav.Config{
URL: s.c.WebdavUrl, URL: s.c.WebdavUrl,
URLInsecure: s.c.WebdavUrlInsecure, URLInsecure: s.c.WebdavUrlInsecure,
Username: s.c.WebdavUsername, Username: s.c.WebdavUsername,
Password: s.c.WebdavPassword, Password: webdavPassword,
RemotePath: s.c.WebdavPath, RemotePath: s.c.WebdavPath,
} }
if webdavBackend, err := webdav.NewStorageBackend(webDavConfig, logFunc); err != nil { if webdavBackend, err := webdav.NewStorageBackend(webDavConfig, logFunc); err != nil {
@ -191,13 +181,16 @@ func newScript() (*script, error) {
} }
if s.c.SSHHostName != "" { if s.c.SSHHostName != "" {
sshPassword := s.c.getSecret(s.c.SSHPasswordFile, s.c.SSHPassword)
sshIdentityPassphrase := s.c.getSecret(s.c.SSHIdentityPassphraseFile, s.c.SSHIdentityPassphrase)
sshConfig := ssh.Config{ sshConfig := ssh.Config{
HostName: s.c.SSHHostName, HostName: s.c.SSHHostName,
Port: s.c.SSHPort, Port: s.c.SSHPort,
User: s.c.SSHUser, User: s.c.SSHUser,
Password: s.c.SSHPassword, Password: sshPassword,
IdentityFile: s.c.SSHIdentityFile, IdentityFile: s.c.SSHIdentityFile,
IdentityPassphrase: s.c.SSHIdentityPassphrase, IdentityPassphrase: sshIdentityPassphrase,
RemotePath: s.c.SSHRemotePath, RemotePath: s.c.SSHRemotePath,
} }
if sshBackend, err := ssh.NewStorageBackend(sshConfig, logFunc); err != nil { if sshBackend, err := ssh.NewStorageBackend(sshConfig, logFunc); err != nil {
@ -232,12 +225,16 @@ func newScript() (*script, error) {
} }
if s.c.DropboxRefreshToken != "" && s.c.DropboxAppKey != "" && s.c.DropboxAppSecret != "" { if s.c.DropboxRefreshToken != "" && s.c.DropboxAppKey != "" && s.c.DropboxAppSecret != "" {
dropboxRefreshToken := s.c.getSecret(s.c.DropboxRefreshTokenFile, s.c.DropboxRefreshToken)
dropboxAppKey := s.c.getSecret(s.c.DropboxAppKeyFile, s.c.DropboxAppKey)
dropboxAppSecret := s.c.getSecret(s.c.DropboxAppSecretFile, s.c.DropboxAppSecret)
dropboxConfig := dropbox.Config{ dropboxConfig := dropbox.Config{
Endpoint: s.c.DropboxEndpoint, Endpoint: s.c.DropboxEndpoint,
OAuth2Endpoint: s.c.DropboxOAuth2Endpoint, OAuth2Endpoint: s.c.DropboxOAuth2Endpoint,
RefreshToken: s.c.DropboxRefreshToken, RefreshToken: dropboxRefreshToken,
AppKey: s.c.DropboxAppKey, AppKey: dropboxAppKey,
AppSecret: s.c.DropboxAppSecret, AppSecret: dropboxAppSecret,
RemotePath: s.c.DropboxRemotePath, RemotePath: s.c.DropboxRemotePath,
ConcurrencyLevel: s.c.DropboxConcurrencyLevel.Int(), ConcurrencyLevel: s.c.DropboxConcurrencyLevel.Int(),
} }
@ -249,10 +246,12 @@ func newScript() (*script, error) {
} }
if s.c.EmailNotificationRecipient != "" { if s.c.EmailNotificationRecipient != "" {
smtpPassword := s.c.getSecret(s.c.EmailSMTPPasswordFile, s.c.EmailSMTPPassword)
emailURL := fmt.Sprintf( emailURL := fmt.Sprintf(
"smtp://%s:%s@%s:%d/?from=%s&to=%s", "smtp://%s:%s@%s:%d/?from=%s&to=%s",
s.c.EmailSMTPUsername, s.c.EmailSMTPUsername,
s.c.EmailSMTPPassword, smtpPassword,
s.c.EmailSMTPHost, s.c.EmailSMTPHost,
s.c.EmailSMTPPort, s.c.EmailSMTPPort,
s.c.EmailNotificationSender, s.c.EmailNotificationSender,
@ -513,7 +512,8 @@ func (s *script) createArchive() error {
// In case no passphrase is given it returns early, leaving the backup file // In case no passphrase is given it returns early, leaving the backup file
// untouched. // untouched.
func (s *script) encryptArchive() error { func (s *script) encryptArchive() error {
if s.c.GpgPassphrase == "" { gpgPassphrase := s.c.getSecret(s.c.GpgPassphraseFile, s.c.GpgPassphrase)
if gpgPassphrase == "" {
return nil return nil
} }
@ -535,7 +535,7 @@ func (s *script) encryptArchive() error {
defer outFile.Close() defer outFile.Close()
_, name := path.Split(s.file) _, name := path.Split(s.file)
dst, err := openpgp.SymmetricallyEncrypt(outFile, []byte(s.c.GpgPassphrase), &openpgp.FileHints{ dst, err := openpgp.SymmetricallyEncrypt(outFile, []byte(gpgPassphrase), &openpgp.FileHints{
IsBinary: true, IsBinary: true,
FileName: name, FileName: name,
}, nil) }, nil)