resticc

Restic with configuration files
Log | Files | Refs | README

resticc (2550B)

      1 #!/bin/sh
      2 #
      3 # Restic(1) wrapper to load repository and application/encryption keys
      4 #
      5 # Copyright (c) 2026 Jacob R. Edwards <jacob@jacobedwards.org>
      6 #
      7 # Permission to use, copy, modify, and distribute this software for any
      8 # purpose with or without fee is hereby granted, provided that the above
      9 # copyright notice and this permission notice appear in all copies.
     10 #
     11 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
     12 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
     13 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
     14 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
     15 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
     16 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
     17 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
     18 
     19 
     20 warn() {
     21 	echo "error: $@" 1>&2
     22 }
     23 
     24 err() {
     25 	warn "$@"
     26 	exit 1
     27 }
     28 
     29 ifdef() {
     30 	printenv "$1" >/dev/null
     31 }
     32 
     33 defaultkey() {
     34 	find "$keys" -type f | awk -F/ '{print $NF}' | sed 1q
     35 }
     36 
     37 host() {
     38 	if test -f "$rc"/host; then
     39 		cat "$rc"/host
     40 	else
     41 		echo s3.us-east-005.backblazeb2.com
     42 	fi
     43 }
     44 
     45 path() {
     46 	if test -f "$rc"/path; then
     47 		cat "$rc"/path
     48 	else
     49 		hostname | sed 's/\.lan$//'
     50 	fi
     51 }
     52 
     53 loadkey() {
     54 	test -d "$keys" ||
     55 		return 1
     56 	ifdef AWS_ACCESS_KEY_ID || {
     57 		AWS_ACCESS_KEY_ID="$(defaultkey)"
     58 		ifdef AWS_ACCESS_KEY_ID || {
     59 			err 'Unable to get access key id'
     60 		}
     61 	}
     62 
     63 	ifdef AWS_SECRET_ACCESS_KEY || {
     64 		AWS_SECRET_ACCESS_KEY="$(<"$keys/$AWS_ACCESS_KEY_ID")"
     65 	}
     66 }
     67 
     68 loadrepo() {
     69 	ifdef RESTIC_REPOSITORY ||
     70 		RESTIC_REPOSITORY="s3:https://$(host)/$(bucket "$repo")/$(path)/restic"
     71 }
     72 
     73 loadpassword() {
     74 	k="$rc"/keys/restic
     75 	! ifdef RESTIC_PASSWORD && test -f "$k" &&
     76 		RESTIC_PASSWORD="$(<"$k")"
     77 }
     78 
     79 bucket() {
     80 	name="${1:?name}"
     81 	prefix="$2"
     82 	test $# -lt 2 && {
     83 		if test -f "$root"/prefix; then
     84 			prefix="$(<"$root"/prefix)"
     85 		else
     86 			prefix=resticc
     87 		fi
     88 	}
     89 	salt='CoAlvPb40qNtWOtKDWgWDQ=='
     90 	echo "$prefix-$name"-"$(echo "$salt$1" | md5 | cut -c1-4)"
     91 }
     92 
     93 main() {
     94 	set -ae
     95 
     96 	case "$1.$#" in
     97 	(.[01]|-*)  echo 'usage: resticc repository [restic_args]
     98        resticc repository config' 1>&2
     99 		exit 1 ;;
    100 	esac
    101 
    102 	repo="${1:?repository}"
    103 	shift
    104 
    105 	root=/etc/resticc
    106 	rc="$root/$repo"
    107 	keys="$rc"/keys/app
    108 
    109 	loadrepo
    110 	loadpassword
    111 	loadkey ||
    112 		warn 'No application key'
    113 
    114 	case "$1" in
    115 	(config)
    116 		printenv | egrep '^(AWS_ACCESS_KEY_ID|AWS_SECRET_ACCESS_KEY|RESTIC_REPOSITORY|RESTIC_PASSWORD)=' 1>&2
    117 		;;
    118 	(bucket)
    119 		shift
    120 		bucket "$repo" "$@"
    121 		;;
    122 	(*)
    123 		restic "$@"
    124 		;;
    125 	esac
    126 }
    127 
    128 main "$@"