Updated to config v2

Author: jkellerer

.goreleaser.yml

@@ -153,15 +153,24 @@ nfpms:
       postinstall: "contrib/posix/post-install.sh"
     contents:
       - { type: config, src: contrib/posix/profiles.conf, dst: /etc/resticprofile/profiles.conf.dist }
+      - { type: config, src: contrib/posix/conf.d/backup.conf, dst: /etc/resticprofile/conf.d/backup.conf.dist }
       - { type: config, src: contrib/posix/conf.d/check.conf, dst: /etc/resticprofile/conf.d/check.conf.dist }
       - { type: config, src: contrib/posix/conf.d/hooks.conf, dst: /etc/resticprofile/conf.d/hooks.conf.dist }
       - { type: config, src: contrib/posix/conf.d/metrics.conf, dst: /etc/resticprofile/conf.d/metrics.conf.dist }
       - { type: config, src: contrib/posix/conf.d/prune.conf, dst: /etc/resticprofile/conf.d/prune.conf.dist }
-      - { type: config, src: contrib/posix/conf.d/repository.conf, dst: /etc/resticprofile/conf.d/repository.conf.dist }
+      - { type: config, src: contrib/posix/conf.d/z_overrides.conf, dst: /etc/resticprofile/conf.d/z_overrides.conf.dist }
       - { type: config, src: contrib/posix/profiles.d/fs-snapshot.yaml.sample, dst: /etc/resticprofile/profiles.d/fs-snapshot.yaml.sample }
-      - { type: config, src: contrib/posix/profiles.d/system.toml, dst: /etc/resticprofile/profiles.d/system.toml.dist }
+      - { type: config, src: contrib/posix/profiles.d/minimal.conf.sample, dst: /etc/resticprofile/profiles.d/minimal.conf.sample }
+      - { type: config, src: contrib/posix/profiles.d/minimal.yaml.sample, dst: /etc/resticprofile/profiles.d/minimal.yaml.sample }
+      - { type: config, src: contrib/posix/profiles.d/system.conf, dst: /etc/resticprofile/profiles.d/system.conf.dist }
+      - { type: config, src: contrib/posix/repository.d/default.conf, dst: /etc/resticprofile/repository.d/default.conf.dist }
+      - { type: config, src: contrib/posix/repository.d/other.conf.sample, dst: /etc/resticprofile/repository.d/other.conf.sample }
+      - { type: config, src: contrib/posix/templates/default-host.conf, dst: /etc/resticprofile/templates/default-host.conf.dist }
+      - { type: config, src: contrib/posix/templates/default-tags.conf, dst: /etc/resticprofile/templates/default-tags.conf.dist }
       - { type: config, src: contrib/posix/templates/systemd.timer.in, dst: /etc/resticprofile/templates/systemd.timer.in.dist }
       - { type: config, src: contrib/posix/templates/systemd.unit.in, dst: /etc/resticprofile/templates/systemd.unit.in.dist }
-      - src: contrib/systemd/resticprofile-send-error.sh
+      - src: contrib/posix/resticprofile-send-error.rc
+        dst: /etc/resticprofile/resticprofile-send-error.rc.dist
+      - src: contrib/notification-scripts/resticprofile-send-error.sh
         dst: /usr/local/bin/resticprofile-send-error
-        file_info: { mode: 0640, owner: root, group: root }
+        file_info: { mode: 0755, owner: root, group: root }

contrib/notification-scripts/README.md

@@ -15,6 +15,7 @@ Usage:
 resticprofile-send-error.sh [options] user1@domain user2@domain ...
 Options:
    -s         Only send mail when operating on schedule (RESTICPROFILE_ON_SCHEDULE=1)
+   -o name,.. Only send mail when PROFILE_NAME is in the list of specified names
    -c command Set the profile command (instead of PROFILE_COMMAND)
    -n name    Set the profile name (instead of PROFILE_NAME)
    -p         Print mail to stdout instead of sending it

contrib/notification-scripts/resticprofile-send-error.sh

@@ -7,6 +7,7 @@ help() {
   Usage $1 [options] user1@domain user2@domain ...
   Options:
    -s         Only send mail when operating on schedule (RESTICPROFILE_ON_SCHEDULE=1)
+   -o name,.. Only send mail when PROFILE_COMMAND is in the list of specified names
    -c command Set the profile command (instead of PROFILE_COMMAND)
    -n name    Set the profile name (instead of PROFILE_NAME)
    -p         Print mail to stdout instead of sending it
@@ -17,9 +18,11 @@ HELP
 # Parse CLI args
 FORCE_SENDING=0
 SEND_COMMAND=""
-while getopts 'c:fhn:ps' flag ; do
+LIMIT_COMMAND_NAMES=""
+while getopts 'c:fhn:o:ps' flag ; do
   case "${flag}" in
     c) PROFILE_COMMAND="${OPTARG}" ;;
+    o) LIMIT_COMMAND_NAMES="${OPTARG}" ;;
     f) FORCE_SENDING=1 ;;
     n) PROFILE_NAME="${OPTARG}" ;;
     p) SEND_COMMAND="cat -" ;;
@@ -51,14 +54,14 @@ RC_FILE="/etc/resticprofile/$(basename "$0").rc}"
 [[ -f "${RC_FILE}" ]] && source "${RC_FILE}"
 
 main() {
-  if [[ -n "${PROFILE_NAME}" || "${FORCE_SENDING}" == "1" ]] ; then
+  if can_send ; then
     if [[ -n "${DETAILS_COMMAND}" ]] ; then
       DETAILS_COMMAND_RESULT="$(${DETAILS_COMMAND})"
     fi
 
     for email in "$@" "${MAIL_TO}" ; do
       if [[ "${email}" =~ ^[a-zA-Z0-9_.%+-]+@[a-zA-Z0-9_]+[a-zA-Z0-9_.-]+$ ]] ; then
-        send_mail "${email}" || echo "Failed sending to \"${email}\""
+        send_mail "${email}" || echo "Failed sending to \"${email}\" using '${SEND_COMMAND}' exit code $?"
       elif [[ -n "${email}" ]] ; then
         echo "Skipping notification for invalid address \"${email}\""
       fi
@@ -67,6 +70,22 @@ main() {
   return 0
 }
 
+can_send() {
+  if [[ -n "${PROFILE_NAME}" ]] ; then
+    if [[ -n "${LIMIT_COMMAND_NAMES}" ]] ; then
+      local IFS=",; "
+      for cmd in ${LIMIT_COMMAND_NAMES} ; do
+        [[ "${PROFILE_COMMAND}" == "$cmd" ]] && return 0
+      done
+    else
+      return 0
+    fi
+  fi
+
+  [[ "${FORCE_SENDING}" == "1" ]]
+  return $?
+}
+
 send_mail() {
   ${SEND_COMMAND} <<ERRMAIL
 To: $1

contrib/posix/README.md

@@ -2,18 +2,20 @@
 
 **Layout for `/etc/resticprofile`**:
 
-* `profiles.conf` - host centric default configuration
+* `conf.d/*` - default configuration and config overrides
+* `profiles.conf` - main configuration file 
 * `profiles.d/*` - host centric backup profiles (`*.toml` & `*.yaml`)
-* `conf.d/*` - overrides & extra configuration
+* `repositories.d/*` - restic repository configuration
+* `templates/*` - reusable config blocks and system templates
 
 The layout is used in `deb`, `rpm` and `apk` packages of `resticprofile`
 
 **Generated files**:
-* `conf.d/default-repository.secret` - during installation, only if missing
+* `repositories.d/default-repository.secret` - during installation, only if missing
 
 **Referenced files and paths**:
-* `conf.d/default-repository-self-signed-pub.pem` - TLS public cert (self-signed only)
-* `conf.d/default-repository-client.pem` - TLS client cert
+* `repositories.d/default-repository-self-signed-pub.pem` - TLS public cert (self-signed only)
+* `repositories.d/default-repository-client.pem` - TLS client cert
 * `/var/lib/prometheus/node-exporter/resticprofile-*.prom` - Prometheus files
 * `$TMPDIR/resticprofile-*` - Status and lock files
 
@@ -28,13 +30,23 @@ The layout is used in `deb`, `rpm` and `apk` packages of `resticprofile`
 Setup repository and validate system backup profile:
 ```shell
 cd /etc/resticprofile/
-vim conf.d/repository.conf
+vim repositories.d/default.conf
 vim profiles.d/system.toml
 ```
 
-## Test config and backup
+## Verify configuration, backup & restore
 ```shell
-resticprofile -n root show
-resticprofile -n root --dry-run backup
-resticprofile -n root backup
+resticprofile root.show
+resticprofile --dry-run root.backup
+resticprofile root.backup
+resticprofile root.snapshots
+resticprofile root.mount /mnt/restore &
+```
+
+## Maintenance (check & prune)
+```shell
+resticprofile maintenance.check
+resticprofile maintenance.prune
+resticprofile maintenance.schedule
+resticprofile maintenance.unschedule
 ```

contrib/posix/conf.d/backup.conf

@@ -0,0 +1,187 @@
+# -----------------------------------------------------------------------------
+##
+# Default configuration for backup & restore related commands
+#
+# This file should contain useful defaults to reduce amount of configuration
+# work needed in derived profiles. It should NOT contain a full backup config
+# having "source" definitions, since these whould be inherited by all backup
+# profiles that derive from "base" (or "default") settings.
+#
+# To define backup sources, create a profile config in "profiles.d" like:
+#
+# >>> "profiles.d/example.conf"
+#
+#     [profiles.example]
+#     description = "Backup example"
+#     inherit = "base"
+#
+#     [profiles.example.backup]
+#     schedule = "daily"
+#     source = [
+#       "/path/to/backup",
+#       "/other/path/to/backup",
+#     ]
+#
+# <<<
+#
+
+
+##
+# Backup defaults
+[profiles.default.backup]
+
+# Hostname and tags to identify backup snapshots in the repository
+{{ template "conf:default-host" . }}
+{{ template "conf:default-tags" . }}
+
+# Exclude known cache files & folders from backups
+exclude-caches = true
+
+# Exclude nested filesystems
+# Prefer overriding this option in dedicated backup profiles instead of
+# globally as it can greatly increase the volume if nested FS mounts are
+# contained in backup source paths.
+one-file-system = true
+
+# Toggle whether a failure in reading a backup source is considered an error
+no-error-on-warning = false
+
+# Wait on acquiring locks when running the profile on a schedule
+schedule-lock-wait = "45m"
+
+# Specify the user that runs profile tasks on a schedule
+# "system" - root runs the profile tasks
+# "user" - user that created the schedule runs the profile tasks
+schedule-permission = "system"
+
+# Toggle verbose output for troubleshooting
+#verbose = false
+
+# Toggles immediate repository check before and after backup.
+# Checks can be heavy on resources. Consider scheduling "maintenance"
+# (see "conf.d/check.conf") instead of enabling checks here.
+check-before = false
+check-after = false
+
+
+##
+# Snapshot retention defaults
+[profiles.default.retention]
+# Remove obsolete snapshots prior to starting a backup
+before-backup = false
+# Remove obsolete snapshots after a successful backup
+after-backup = true
+
+#
+# Note: Retention operates on host, path and tag filters to identify snapshots
+#       to retain or remove. In most cases these filters should be in sync with
+#       the backup configuration of a profile so that snapshots will be removed
+#       that truely belong to a profile's backup.
+#
+
+# Copying "host" block to identify snapshots by hostname
+{{ template "conf:default-host" . }}
+
+# Retention allows to build tag filter from backup with 'true'. It is strongly
+# advised not to change this as tags are the primary filter besides hostname.
+tag = true
+
+# Copying backup source paths to identify snapshots to retain or remove.
+# Set to "false" or a list of paths to disable or customize the path filter.
+#
+# It may make sense to disable path filters when source paths change. Ensure
+# that tags and hostname can properly identify snapshots when disabling paths.
+path = true
+
+# Specify the snapshots to keep when checking for obsolete snapshots
+# Snapshots that do not match any condition are removed
+keep-tag = [ "forever" ]
+keep-last = 3
+#keep-hourly = 1
+#keep-daily = 1
+#keep-weekly = 1
+#keep-monthly = 1
+#keep-yearly = 1
+#keep-within = "30d"
+
+# Use compact format for listing snapshots
+#compact = false
+
+# Toggles immediate prune of the repository as snapshots are removed.
+#
+# While removing snapshots is a light operation, prune (reclaim space) can
+# be heavy on resources as it rewrites parts of the repository.
+# Consider scheduling "maintenance" (see "conf.d/prune.conf") instead of
+# enabling prune here.
+#
+# Also an attempt to recover a removed snapshot with "resticprofile recover"
+# only works as long as the repository was not yet pruned.
+prune = false
+
+
+##
+# Defaults for operations on repository snapshots of this host
+# Usage:
+# - "resticprofile snapshots"            - view snapshots
+# - "resticprofile mount /mnt/restore"   - mount snapshots
+# - "resticprofile ls latest /"          - list files in a snapshot
+# - "resticprofile dump latest /file"    - dump a file to stdout
+# - "resticprofile find PATTERN..."      - find files in snapshots
+# - "resticprofile copy --repo2=..."     - copy snapshots to repo2
+# - "resticprofile restore --target=/to/dir --include=PATTERN... latest"
+[profiles.default.copy]
+{{ template "conf:default-host" . }}
+schedule-lock-wait = "1h30m"
+[profiles.default.dump]
+{{ template "conf:default-host" . }}
+[profiles.default.find]
+{{ template "conf:default-host" . }}
+[profiles.default.forget]
+{{ template "conf:default-host" . }}
+[profiles.default.ls]
+{{ template "conf:default-host" . }}
+[profiles.default.mount]
+{{ template "conf:default-host" . }}
+[profiles.default.restore]
+{{ template "conf:default-host" . }}
+[profiles.default.snapshots]
+{{ template "conf:default-host" . }}
+[profiles.default.stats]
+{{ template "conf:default-host" . }}
+[profiles.default.tag]
+{{ template "conf:default-host" . }}
+
+
+##
+# Setup operations on repository snapshots for profiles deriving from "base"
+# Usage:
+# - "resticprofile profileName.snapshots"            - view snapshots
+# - "resticprofile profileName.mount /mnt/restore"   - mount snapshots
+# - "resticprofile profileName.ls latest /"          - list files in a snapshot
+# - "resticprofile profileName.dump latest /file"    - dump a file to stdout
+# - "resticprofile profileName.find PATTERN..."      - find files in snapshots
+# - "resticprofile profileName.copy --repo2=..."     - copy snapshots to repo2
+# - "resticprofile profileName.restore --target=/to/dir latest"
+[profiles.base.copy]
+{{ template "conf:default-tags" . }}
+[profiles.base.dump]
+{{ template "conf:default-tags" . }}
+[profiles.base.find]
+{{ template "conf:default-tags" . }}
+[profiles.base.forget]
+{{ template "conf:default-tags" . }}
+[profiles.base.ls]
+{{ template "conf:default-tags" . }}
+[profiles.base.mount]
+{{ template "conf:default-tags" . }}
+[profiles.base.restore]
+{{ template "conf:default-tags" . }}
+[profiles.base.snapshots]
+{{ template "conf:default-tags" . }}
+[profiles.base.stats]
+{{ template "conf:default-tags" . }}
+[profiles.base.tag]
+{{ template "conf:default-tags" . }}
+
+
+# -----------------------------------------------------------------------------