#!/bin/bash

# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2020       Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

function backup () {(
    set -e

    echo "Starting data backup:"

    docker run --name="duplicity-backup-lvm" \
            --security-opt "label=disable" \
            --security-opt "no-new-privileges" \
            --cap-drop=ALL \
            --cap-add=DAC_OVERRIDE \
            --rm \
            -v "$HOME/.cache/duplicity/:/archive" \
            -v "/root/.gnupg/:/root/.gnupg/" \
            -v "/lvm_self_backup_snapshots/:/backup/:ro" \
            -e "PASSPHRASE={{ lvm_self_backup_gpg.passphrase }}" \
            --hostname {{ ansible_fqdn }} \
            {{ lvm_self_backup_duplicity_image }}:{{ lvm_self_backup_duplicity_image_version }} \
            --full-if-older-than 1M \
            --progress \
            --progress-rate 60 \
            --sign-key "{{ lvm_self_backup_gpg.sign_key | default(lvm_self_backup_gpg.id) }}" \
{% for encryption_key in lvm_self_backup_gpg.encryption_keys | default([lvm_self_backup_gpg.id]) %}
            --encrypt-key "{{ encryption_key }}" \
{% endfor %}
            /backup/ \
            "{{ lvm_self_backup_target }}"

{% if lvm_self_backup_retention.incremental.enabled %}
    echo "Remove old incremental backups"
    docker run --name="duplicity-backup-lvm" \
            --security-opt "label=disable" \
            --security-opt "no-new-privileges" \
            --cap-drop=ALL \
            --cap-add=DAC_OVERRIDE \
            --rm \
            -v "$HOME/.cache/duplicity/:/archive" \
            --hostname {{ ansible_fqdn }} \
            {{ lvm_self_backup_duplicity_image }}:{{ lvm_self_backup_duplicity_image_version }} \
            remove-all-inc-of-but-n-full {{ lvm_self_backup_retention.incremental.count }} --force \
            "{{ lvm_self_backup_target }}"
{% endif %}

{% if lvm_self_backup_retention.full.enabled %}
    echo "Remove old full backups"
    docker run --name="duplicity-backup-lvm" \
            --security-opt "label=disable" \
            --security-opt "no-new-privileges" \
            --cap-drop=ALL \
            --cap-add=DAC_OVERRIDE \
            --rm \
            -v "$HOME/.cache/duplicity/:/archive" \
            --hostname {{ ansible_fqdn }} \
            {{ lvm_self_backup_duplicity_image }}:{{ lvm_self_backup_duplicity_image_version }} \
            remove-all-but-n-full {{ lvm_self_backup_retention.full.count }} --force \
            "{{ lvm_self_backup_target }}"
{% endif %}
)}

echo "LVM backup started:"

backup
success=$?
if [ $success -gt 0 ]; then
  echo "ERROR: An error occured during backup! $success"
fi

echo $success > {{ lvm_self_backup_status_directory }}/backup.status

chown {{ lvm_self_backup_status_directory_uid }}:{{ lvm_self_backup_status_directory_gid }} {{ lvm_self_backup_status_directory }}/backup.status

exit $success