The borg/restic/kopia engines all dropped to the dedicated backup user via scattered 'sudo -E -u $docker_install_user'. Centralize that into a single runBackupOp helper so the backup subsystem has one audit point and the scoped sudoers needs only the (dockerinstall) drop rule. Also: - owncloud config heredoc tees -> runSystem (container-UID file) - webui_display_logins: fix the broken 'command -v sudo sqlite3' guard to 'command -v sqlite3' (body already runs sqlite3 via runInstallOp) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
94 lines
2.9 KiB
Bash
94 lines
2.9 KiB
Bash
#!/bin/bash
|
|
|
|
kopiaInitLocation()
|
|
{
|
|
local idx="$1"
|
|
|
|
if ! resticLocationEnabled "$idx"; then
|
|
isNotice "Location $(resticLocationName "$idx") disabled — skipping init"
|
|
return 0
|
|
fi
|
|
|
|
kopiaEnvExport "$idx" || return 1
|
|
|
|
local t
|
|
t=$(resticLocationType "$idx")
|
|
|
|
# Already initialized? `kopia repository status` returns 0 only if the
|
|
# config file is connected to a repo.
|
|
if runBackupOp kopia repository status --json >/dev/null 2>&1; then
|
|
isNotice "$(resticLocationName "$idx") already initialized"
|
|
kopiaEnvUnset
|
|
return 0
|
|
fi
|
|
|
|
local args
|
|
case "$t" in
|
|
local)
|
|
local path
|
|
path=$(backupLocationResolvedPath "$idx")
|
|
runFileOp mkdir -p "$path"
|
|
runFileOp chown -R "$docker_install_user":"$docker_install_user" "$path"
|
|
args=(repository create filesystem --path="$path")
|
|
;;
|
|
sftp)
|
|
local user host port path auth keyfile
|
|
user=$(resticLocationField "$idx" SSH_USER)
|
|
host=$(resticLocationField "$idx" SSH_HOST)
|
|
port=$(resticLocationField "$idx" SSH_PORT)
|
|
[[ -z "$port" ]] && port=22
|
|
path=$(resticLocationField "$idx" SSH_PATH)
|
|
auth=$(resticLocationField "$idx" SSH_AUTH)
|
|
if [[ "$auth" == "password" ]]; then
|
|
isError "Kopia's SFTP backend supports key auth only. Switch this location's engine to restic or borg if you need password auth, or generate an SSH key on the location's edit panel."
|
|
kopiaEnvUnset
|
|
return 1
|
|
fi
|
|
keyfile=$(backupSshKeyFile "$idx")
|
|
if [[ ! -f "$keyfile" ]]; then
|
|
isError "Kopia SFTP needs a private key at $keyfile — generate or paste one on the location's edit panel."
|
|
kopiaEnvUnset
|
|
return 1
|
|
fi
|
|
args=(repository create sftp --host="$host" --port="$port" --username="$user" --path="$path" --known-hosts-data="" --keyfile="$keyfile")
|
|
;;
|
|
*)
|
|
isError "Kopia adapter doesn't support type=$t yet"
|
|
kopiaEnvUnset
|
|
return 1
|
|
;;
|
|
esac
|
|
|
|
isNotice "Initializing $(resticLocationName "$idx") with Kopia"
|
|
if runBackupOp kopia "${args[@]}"; then
|
|
isSuccessful "$(resticLocationName "$idx") initialized"
|
|
else
|
|
isError "Failed to initialize $(resticLocationName "$idx") with Kopia"
|
|
kopiaEnvUnset
|
|
return 1
|
|
fi
|
|
|
|
kopiaEnvUnset
|
|
}
|
|
|
|
kopiaEnsureLocationReady()
|
|
{
|
|
local idx="$1"
|
|
[[ -z "$idx" ]] && return 1
|
|
|
|
if ! resticLocationEnabled "$idx"; then
|
|
return 1
|
|
fi
|
|
|
|
local cfg
|
|
cfg=$(kopiaConfigPath "$idx")
|
|
if [[ -f "$cfg" ]]; then
|
|
return 0
|
|
fi
|
|
|
|
if ! command -v kopia >/dev/null 2>&1; then
|
|
kopiaInstall || return 1
|
|
fi
|
|
kopiaInitLocation "$idx"
|
|
}
|