Added default config for unix packages

creativeprojects · Sep 29, 2021 · 293ff86 · 293ff86
1 parent 245a440
commit 293ff86
Show file tree

Hide file tree

Showing 9 changed files with 506 additions and 0 deletions.
diff --git a/contrib/posix/README.md b/contrib/posix/README.md
@@ -0,0 +1,40 @@
+# Default configuration for POSIX systems
+
+**Layout for `/etc/resticprofile`**:
+
+* `profiles.conf` - host centric default configuration
+* `profiles.d/*` - host centric backup profiles (`*.toml` & `*.yaml`)
+* `conf.d/*` - overrides & extra configuration
+
+The layout is used in `deb`, `rpm` and `apk` packages of `resticprofile`
+
+**Generated files**:
+* `conf.d/default-repository.secret` - during installation, only if missing
+
+**Referenced files and paths**:
+* `conf.d/default-repository-self-signed-pub.pem` - TLS public cert (self-signed only)
+* `conf.d/default-repository-client.pem` - TLS client cert
+* `/var/lib/prometheus/node-exporter/resticprofile-*.prom` - Prometheus files
+* `$TMPDIR/resticprofile-*` - Status and lock files
+
+# Quick Start
+
+## Installation
+
+* RPM: `rpm -i "resticprofile-VERSION-ARCH.rpm"`
+* DEB: `dpkg -i "resticprofile-VERSION-ARCH.deb"`
+
+## Configuration
+Setup repository and validate system backup profile:
+```shell
+cd /etc/resticprofile/
+vim conf.d/repository.conf
+vim profiles.d/system.toml
+```
+
+## Test config and backup
+```shell
+resticprofile -n root show
+resticprofile -n root --dry-run backup
+resticprofile -n root backup
+```
diff --git a/contrib/posix/conf.d/check.conf b/contrib/posix/conf.d/check.conf
@@ -0,0 +1,58 @@
+
+##
+# Groups for profiles that check & verify repositories
+# Usage
+# - `resticprofile -n check-all`
+# - `resticprofile -n check-all schedule`
+# - `resticprofile -n check-all unschedule`
+# - `resticprofile -n verify-all`
+# - `resticprofile -n verify-all schedule`
+# - `resticprofile -n verify-all unschedule`
+[groups]
+check-all = [ "check" ]
+verify-all = [ "verify" ]
+
+
+##
+# Profile "check" may be used to schedule repository checks
+#
+# Usage
+# - `resticprofile -n check`
+# - `resticprofile -n check schedule`
+# - `resticprofile -n check unschedule`
+#
+[check]
+# Operate on the pepository defined in the "base" profile
+inherit = "base"
+initialize = false
+default-command = "check"
+
+# Configuring the "check" command in profile "check"
+[check.check]
+schedule = "daily"
+schedule-lock-wait = "4h"
+
+
+##
+# Profile "verify" may be used to schedule deep repository checks
+#
+# Usage
+# - `resticprofile -n verify`
+# - `resticprofile -n verify schedule`
+# - `resticprofile -n verify unschedule`
+#
+[verify]
+# Operate on the pepository defined in the "base" profile
+inherit = "base"
+initialize = false
+default-command = "check"
+
+# Configuring the "check" command in profile "verify"
+[verify.check]
+schedule = "monthly"
+schedule-lock-wait = "48h"
+# Read the entire repository for verification
+read-data = true
+# Read a subset of the repository for verification
+#read-data-subset = "15%"
+
diff --git a/contrib/posix/conf.d/hooks.conf b/contrib/posix/conf.d/hooks.conf
@@ -0,0 +1,19 @@
+
+##
+# Action hooks for profiles that derive from "base"
+[base]
+# Actions to run before any profile task
+#run-before = [
+#  'echo ">>> ${PROFILE_NAME} - BEGIN ${PROFILE_COMMAND}"',
+#]
+
+# Actions to run after a profile task
+#run-after = [
+#  'echo "<<< ${PROFILE_NAME} - END ${PROFILE_COMMAND}"',
+#]
+
+# Actions to run when a profile task has failed
+run-after-fail = [
+  'echo "!!! ${PROFILE_NAME} - FAILED ${PROFILE_COMMAND}" - ERROR: ${ERROR}"',
+  # 'resticprofile-send-error admin@localhost',
+]
diff --git a/contrib/posix/conf.d/metrics.conf b/contrib/posix/conf.d/metrics.conf
@@ -0,0 +1,15 @@
+
+
+##
+# Metric collection for profiles that derive from "base"
+[base.backup]
+# Toggles full "restic" output capture to allow collecting backup metrics
+# for "status-file" and "prometheus-(save-to-file|push)"
+#extended-status = true
+
+# Write backup metrics as JSON (requires extended-status = true)
+#status-file = "{{.TempDir}}/resticprofile-{{.Profile.Name}}-status.json"
+
+# Export backup metrics to Prometheus (requires extended-status = true)
+#prometheus-save-to-file = "/var/lib/prometheus/node-exporter/{{.Profile.Name}}.prom"
+#prometheus-push = "http://host:9091/"
diff --git a/contrib/posix/conf.d/prune.conf b/contrib/posix/conf.d/prune.conf
@@ -0,0 +1,32 @@
+
+##
+# Group for profiles that prune repositories
+# Usage
+# - `resticprofile -n prune-all`
+# - `resticprofile -n prune-all schedule`
+# - `resticprofile -n prune-all unschedule`
+[groups]
+prune-all = [ "prune" ]
+
+
+##
+# Profile "prune" may be used to schedule pruning of the default repository
+# which reclaims space that is no longer occupied by removed snapshots from
+# profiles that use this repository.
+#
+# Usage
+# - `resticprofile -n prune`
+# - `resticprofile -n prune schedule`
+# - `resticprofile -n prune unschedule`
+#
+[prune]
+# Operate on the pepository defined in the "base" profile
+inherit = "base"
+initialize = false
+default-command = "prune"
+
+# Configuring the "prune" command in profile "prune"
+[prune.prune]
+schedule = "daily"
+schedule-lock-wait = "4h"
+
diff --git a/contrib/posix/conf.d/repository.conf b/contrib/posix/conf.d/repository.conf
@@ -0,0 +1,67 @@
+
+##
+# Repository configuration
+# See https://restic.readthedocs.io/en/latest/030_preparing_a_new_repo.html
+#
+
+##
+# Default repository (used in all derived profiles unless redefined)
+[default]
+# Local: Repository mounted to local folder
+repository = "local:/backup"
+#run-before = [ 'mountpoint -q /backup' ]
+
+# SFTP: (requires password-less public-key auth for the user running restic)
+#repository = "sftp:user@host:/restic-repo"
+#repository = "sftp://user@[::1]:2222//restic-repo"
+
+# REST server: (https://github.com/restic/rest-server)
+#repository = "rest:https://user:pass@host:8000/my_backup_repo/"
+#cacert = "conf.d/default-repository-self-signed-pub.pem"
+#tls-client-cert = "conf.d/default-repository-client.pem"
+
+# S3 storage (see [default.env])
+#repository = "s3:s3.amazonaws.com/bucket_name"
+#repository = "s3:http://host:9000/bucket_name"
+#repository = "s3:https://host/bucket_name"
+#cacert = "conf.d/default-repository-self-signed-pub.pem"
+
+# Azure storage (see [default.env])
+#repository = "azure:container_name:/"
+
+# Repository password file
+password-file = "conf.d/default-repository.secret"
+
+##
+# Environment variables to pass to "restic"
+[default.env]
+# S3 Storage (AWS, Minio, etc.)
+#AWS_ACCESS_KEY_ID = "id"
+#AWS_SECRET_ACCESS_KEY = "key"
+
+# Azure Blob Storage
+#AZURE_ACCOUNT_NAME = "storage_account"
+#AZURE_ACCOUNT_KEY = "key"
+
+
+##
+# Initialize the repository (if empty) for profiles deriving from "base"
+[base]
+# Initialize a repository if none exists at the specified location
+initialize = true
+
+
+##
+# Example: Secondary repository
+# Other repository for profiles inheriting from "other-repository-base":
+#
+# [other-repository-base]
+# inherit = "base"
+# repository = "local:/backup-other"
+#
+# Usage:
+# [my-profile-other]
+# inherit = "other-repository-base"
+# [my-profile-other.backup]
+# source = "/path"
+#