LibrePortal/scripts/backup/engine/borg_snapshots.sh
librelad 0b27ed1072 refactor(desudo): funnel backup-engine privilege drop through runBackupOp
The borg/restic/kopia engines all dropped to the dedicated backup user
via scattered 'sudo -E -u $docker_install_user'. Centralize that into a
single runBackupOp helper so the backup subsystem has one audit point and
the scoped sudoers needs only the (dockerinstall) drop rule.

Also:
- owncloud config heredoc tees -> runSystem (container-UID file)
- webui_display_logins: fix the broken 'command -v sudo sqlite3' guard
  to 'command -v sqlite3' (body already runs sqlite3 via runInstallOp)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
2026-05-24 18:01:51 +01:00

82 lines
2.1 KiB
Bash

#!/bin/bash
# Re-shape `borg list --json` output to match the restic-style snapshot JSON
# the frontend consumes: each entry has short_id, id, time, hostname, tags,
# paths. Tags are reconstructed from the comment field we wrote at create time.
borgSnapshotsJson()
{
local idx="$1"
local app_filter="$2"
local host_filter="$3"
borgEnvExport "$idx" || return 1
local args=(list --json)
if [[ -n "$app_filter" || -n "$host_filter" ]]; then
local glob="${app_filter:-*}-${host_filter:-*}-*"
args+=(--glob-archives "$glob")
fi
local raw
raw=$(runBackupOp borg "${args[@]}" 2>/dev/null)
local rc=$?
borgEnvUnset
[[ $rc -ne 0 || -z "$raw" ]] && { echo "[]"; return $rc; }
if command -v jq >/dev/null 2>&1; then
echo "$raw" | jq -c '[.archives[] | {
id: .id,
short_id: .name,
time: .time,
hostname: .hostname,
tags: (.comment | split(" ") | map(select(test("^[a-z_]+=")))),
paths: []
}]'
else
# Fallback: emit minimal entries without jq (no comment parsing).
echo "$raw" | python3 -c '
import json, sys
raw = json.load(sys.stdin)
out = []
for a in raw.get("archives", []):
comment = a.get("comment", "")
tags = [t for t in comment.split() if "=" in t]
out.append({
"id": a.get("id"),
"short_id": a.get("name"),
"time": a.get("time"),
"hostname": a.get("hostname"),
"tags": tags,
"paths": []
})
print(json.dumps(out))
' 2>/dev/null || echo "[]"
fi
}
borgSnapshotLatestId()
{
local idx="$1"
local app_name="$2"
local host="${3:-$CFG_INSTALL_NAME}"
borgEnvExport "$idx" || return 1
local id
id=$(runBackupOp borg list --json --glob-archives "${app_name}-${host}-*" --last 1 2>/dev/null \
| grep -o '"name":"[^"]*"' | head -1 | cut -d'"' -f4)
borgEnvUnset
echo "$id"
}
borgSnapshotListFiles()
{
local idx="$1"
local snapshot_id="$2"
borgEnvExport "$idx" || return 1
runBackupOp borg list --json-lines "::$snapshot_id" 2>/dev/null
local rc=$?
borgEnvUnset
return $rc
}