Add functional, documented scripts and Makefile - resticc

commit e9c78245f9abdd7b8531f4cc8b30df04f052760c
Author: Jacob R. Edwards <jacob@jacobedwards.org>
Date:   Wed, 21 Jan 2026 16:55:16 -0600

Add functional, documented scripts and Makefile

This is the initial commit of the resticc project. It includes the
resticc script along with a README, manpage, and Makefile containing
the install and uninstall targets.

Diffstat:
A Makefile  | 15 +++++++++++++++
A README.md  | 27 +++++++++++++++++++++++++++
A config.mk  | 4 ++++
A resticc  | 128 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A resticc.1  | 87 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

5 files changed, 261 insertions(+), 0 deletions(-)
diff --git a/Makefile b/Makefile
@@ -0,0 +1,15 @@
+# resticc Makefile
+
+.include "config.mk"
+
+n = resticc
+
+install:
+	install -o root -g bin -m 0755 $n ${PREFIX}/bin/$n
+	install -o root -g bin -m 0755 $n.1 ${MANPREFIX}/man1/$n.1
+	makewhatis -d ${MANPREFIX} ${MANPREFIX}/man1/$n.1
+
+uninstall:
+	rm -f ${PREFIX}/bin/$n ${MANPREFIX}/bin/$n.1
+
+.PHONY: install uninstall
diff --git a/README.md b/README.md
@@ -0,0 +1,27 @@
+# Resticc -- Restic Configuration
+ 
+Resticc is a wrapper around restic(1) that loads restic repository
+location and keys from configuration files.
+
+## Installation
+
+To install resticc, edit config.mk and run make install:
+
+	$ make install
+
+## Usage
+
+With resticc, you always specify the repository identifier as the
+first argument so keys and endpoint information can loaded before
+executing restic. For example:
+
+	$ resticc backup snapshots
+
+will all the information necessary to list snapshots for the "backup"
+repository.
+
+Please see the included manual for further information.
+
+## Limitations
+
+Currently resticc only supports loading keys for s3: repositories.
diff --git a/config.mk b/config.mk
@@ -0,0 +1,4 @@
+# resticc config.mk
+
+PREFIX = /usr/local
+MANPREFIX = ${PREFIX}/man
diff --git a/resticc b/resticc
@@ -0,0 +1,128 @@
+#!/bin/sh
+#
+# Restic(1) wrapper to load repository and application/encryption keys
+#
+# Copyright (c) 2026 Jacob R. Edwards <jacob@jacobedwards.org>
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+
+warn() {
+	echo "error: $@" 1>&2
+}
+
+err() {
+	warn "$@"
+	exit 1
+}
+
+ifdef() {
+	printenv "$1" >/dev/null
+}
+
+defaultkey() {
+	find "$keys" -type f | awk -F/ '{print $NF}' | sed 1q
+}
+
+host() {
+	if test -f "$rc"/host; then
+		cat "$rc"/host
+	else
+		echo s3.us-east-005.backblazeb2.com
+	fi
+}
+
+path() {
+	if test -f "$rc"/path; then
+		cat "$rc"/path
+	else
+		hostname | sed 's/\.lan$//'
+	fi
+}
+
+loadkey() {
+	test -d "$keys" ||
+		return 1
+	ifdef AWS_ACCESS_KEY_ID || {
+		AWS_ACCESS_KEY_ID="$(defaultkey)"
+		ifdef AWS_ACCESS_KEY_ID || {
+			err 'Unable to get access key id'
+		}
+	}
+
+	ifdef AWS_SECRET_ACCESS_KEY || {
+		AWS_SECRET_ACCESS_KEY="$(<"$keys/$AWS_ACCESS_KEY_ID")"
+	}
+}
+
+loadrepo() {
+	ifdef RESTIC_REPOSITORY ||
+		RESTIC_REPOSITORY="s3:https://$(host)/$(bucket "$repo")/$(path)/restic"
+}
+
+loadpassword() {
+	k="$rc"/keys/restic
+	! ifdef RESTIC_PASSWORD && test -f "$k" &&
+		RESTIC_PASSWORD="$(<"$k")"
+}
+
+bucket() {
+	name="${1:?name}"
+	prefix="$2"
+	test $# -lt 2 && {
+		if test -f "$root"/prefix; then
+			prefix="$(<"$root"/prefix)"
+		else
+			prefix=resticc
+		fi
+	}
+	salt='CoAlvPb40qNtWOtKDWgWDQ=='
+	echo "$prefix-$name"-"$(echo "$salt$1" | md5 | cut -c1-4)"
+}
+
+main() {
+	set -ae
+
+	case "$1.$#" in
+	(.[01]|-*)  echo 'usage: resticc repository [restic_args]
+       resticc repository config' 1>&2
+		exit 1 ;;
+	esac
+
+	repo="${1:?repository}"
+	shift
+
+	root=/etc/resticc
+	rc="$root/$repo"
+	keys="$rc"/keys/app
+
+	loadrepo
+	loadpassword
+	loadkey ||
+		warn 'No application key'
+
+	case "$1" in
+	(config)
+		printenv | egrep '^(AWS_ACCESS_KEY_ID|AWS_SECRET_ACCESS_KEY|RESTIC_REPOSITORY|RESTIC_PASSWORD)=' 1>&2
+		;;
+	(bucket)
+		shift
+		bucket "$repo" "$@"
+		;;
+	(*)
+		restic "$@"
+		;;
+	esac
+}
+
+main "$@"
diff --git a/resticc.1 b/resticc.1
@@ -0,0 +1,87 @@
+./"
+./" Copyright (c) 2026 Jacob R. Edwards <jacob@jacobedwards.org>
+./"
+./" Permission to use, copy, modify, and distribute this software for any
+./" purpose with or without fee is hereby granted, provided that the above
+./" copyright notice and this permission notice appear in all copies.
+./"
+./" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIE
+./" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+./" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+./" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+./" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+./" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+./" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+./"
+.Dd January 21, 2026
+.Dt RESTICC 1
+.Os
+.Sh NAME
+.Nm resticc
+.Nd restic configuration
+.Sh SYNOPSIS
+.Nm
+.Ar repository
+.Op Ar restic_args
+.Nm
+.Ar repository Ar config
+.Nm
+.Ar repository Ar bucket Ar name Op Ar prefix
+.Sh DESCRIPTION
+.Nm
+provides configuration files for
+.Xr restic 1
+to load repository locations and keys from. It's usage is the same as
+.Xr restic 1
+with the addition of the
+.Ar config
+and
+.Ar bucket
+commands. The
+.Ar config
+command displays the loaded configuration, and
+.Ar bucket
+displays the hashed bucket name.
+.Sh ENVIRONMENT
+.Bl -tag -width Ds
+.It Ev RESTIC_PASSWORD
+Override the encryption key.
+.It Ev RESTIC_REPOSITORY
+Override the repository URL.
+.It Ev AWS_ACCESS_KEY_ID
+Override the application key id. (Key will be loaded from the keys
+directory based on this.)
+.It Ev AWS_SECRET_ACCESS_KEY
+Override the application key data.
+.Sh FILES
+.Bl -tag -width Ds
+.It Pa /etc/resticc/prefix
+Bucket prefix.
+.It Pa /etc/resticc/$repository/host
+Repository host.
+.It Pa /etc/resticc/$repository/path
+Bucket path.
+.It Pa /etc/resticc/$repository/keys/restic
+Restic encryption key.
+.It Pa /etc/resticc/$repository/keys/app/
+Directory containing restic application keys named by their ID.
+.El
+.Sh EXIT STATUS
+.Ex -std
+.Sh EXAMPLES
+.Pp
+Run
+.Xr restic-ls(1)
+on the
+.Qq backup
+repository's latest snapshot:
+.Pp
+.Dl $ resticc backup ls latest
+.Pp
+Get the bucket name for
+.Qq backup :
+.Dl $ resticc backup bucket
+.Sh SEE ALSO
+.Xr restic 1
+.Sh AUTHORS
+.An Jacob R. Edwards Aq Mt jacob@jacobedwards.org

	resticc Restic with configuration files
	Log \| Files \| Refs \| README

A	Makefile	\|	15	+++++++++++++++
A	README.md	\|	27	+++++++++++++++++++++++++++
A	config.mk	\|	4	++++
A	resticc	\|	128	+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A	resticc.1	\|	87	+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++