av/pet-project-server
1
0
Fork 0
Code Pull Requests Actions Activity

Backups: move secrets to config file
Some checks failed
Linting / YAML Lint (push) Has been cancelled
Details
Linting / Ansible Lint (push) Has been cancelled
Details

Browse Source 
Allow run backup script with sudo
This commit is contained in:
Anton Vakhrushev
2025-12-07 15:14:55 +03:00
parent c74683cfe7
commit a95da35389
4 changed files with 209 additions and 168 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
files/backups/backup-all.template.py → files/backups/backup-all.py
View File

@@ -13,6 +13,7 @@ import pwd
from pathlib import Path
from typing import List, Tuple, Optional
import requests
import configparser
# Configure logging
logging.basicConfig(
@@ -25,15 +26,17 @@ logging.basicConfig(
)
logger = logging.getLogger(__name__)
# Configuration from Ansible template variables
RESTIC_REPOSITORY = "{{ restic_repository }}"
RESTIC_PASSWORD = "{{ restic_password }}"
AWS_ACCESS_KEY_ID = "{{ restic_s3_access_key }}"
AWS_SECRET_ACCESS_KEY = "{{ restic_s3_access_secret }}"
AWS_DEFAULT_REGION = "{{ restic_s3_region }}"
TELEGRAM_BOT_TOKEN = "{{ notifications_tg_bot_token }}"
TELEGRAM_CHAT_ID = "{{ notifications_tg_chat_id }}"
NOTIFICATIONS_NAME = "{{ notifications_name }}"
config = configparser.ConfigParser()
config.read("/etc/backup/config.ini")
RESTIC_REPOSITORY = config.get("restic", "RESTIC_REPOSITORY")
RESTIC_PASSWORD = config.get("restic", "RESTIC_PASSWORD")
AWS_ACCESS_KEY_ID = config.get("restic", "AWS_ACCESS_KEY_ID")
AWS_SECRET_ACCESS_KEY = config.get("restic", "AWS_SECRET_ACCESS_KEY")
AWS_DEFAULT_REGION = config.get("restic", "AWS_DEFAULT_REGION")
TELEGRAM_BOT_TOKEN = config.get("telegram", "TELEGRAM_BOT_TOKEN")
TELEGRAM_CHAT_ID = config.get("telegram", "TELEGRAM_CHAT_ID")
NOTIFICATIONS_NAME = config.get("telegram", "NOTIFICATIONS_NAME")
class BackupManager:
@@ -137,6 +140,7 @@ class BackupManager:
try:
logger.info("Starting restic backup")
logger.info("Destination: %s", RESTIC_REPOSITORY)
# Set environment variables for restic
env = os.environ.copy()

11
files/backups/config.template.ini Normal file
View File

@@ -0,0 +1,11 @@
[restic]
RESTIC_REPOSITORY={{ restic_repository }}
RESTIC_PASSWORD={{ restic_password }}
AWS_ACCESS_KEY_ID={{ restic_s3_access_key }}
AWS_SECRET_ACCESS_KEY={{ restic_s3_access_secret }}
AWS_DEFAULT_REGION={{ restic_s3_region }}
[telegram]
TELEGRAM_BOT_TOKEN={{ notifications_tg_bot_token }}
TELEGRAM_CHAT_ID={{ notifications_tg_chat_id }}
NOTIFICATIONS_NAME={{ notifications_name }}