master
Dirk Heilig 2023-02-14 09:32:15 +01:00
commit ea14f2703d
3 changed files with 133 additions and 0 deletions

12
Dockerfile 100644
View File

@ -0,0 +1,12 @@
FROM debian:buster
RUN apt-get update \
&& apt-get upgrade -y \
&& apt-get install -y apache2 php php-curl php-mbstring \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
RUN rm /var/www/html/index.html
ADD htdocs /var/www/html
RUN mkdir /var/www/data
RUN chown www-data:www-data /var/www/ -R
EXPOSE 80
CMD apachectl -D FOREGROUND

53
Readme.md 100644
View File

@ -0,0 +1,53 @@
# restic kumar connector
This is a restic connector for kumar. It allows you to check if you backups did run in time.
## Usage
### Running the Container
Just run the container, ideally using compose and expose port 80, maybe use something like traffic to make it https.
You could add a volume to /var/www/data to persist the data.
This is not necessary, but a fresh container will not report functional backups until you reported something.
If it's nor prevented on a network level for the world to submit data, you might whant to set RKC_USER and RKC_PASS to prevent random people from submitting data.
You need to use these credentials when reporting to the webservice.
### Reporting
To report your you need to post the output of `restic snapshots` to the webservice, eg:
```bash
restic snapshots | curl -X POST -d @- http://restic_kumar_reporter/
```
or
```bash
restic snapshots | curl -X POST -d @- -u "$USER:$PASS" http://restic_kumar_reporter/
```
when RKC_USER and RKC_PASS are set.
### Checking with kumar
Just point kumar to your webservice.
The Output looks something like this:
```
BACKUP|host1|/opt/mailcow|OK
BACKUP|host1|/var/lib/docker/volumes|OK
BACKUP|host2|/opt/docker|OK
BACKUP|host2|/var/lib/docker/volumes|OK
BACKUP|host3|/opt/docker|TOO_OLD
BACKUP|host3|/var/lib/docker/volumes|OK
BACKUP|host4|/opt/docker|OK
BACKUP|host4|/var/lib/docker/volumes|OK
BACKUP|host5|/opt/docker|TOO_OLD
BACKUP|host5|/var/lib/docker/volumes|TOO_OLD
```
output is always sorted by host and path. so you might check a whole block of hosts at once.
A Backup is okay if it is not older than X hours (default 28).
You can change this by requesting with `?maxage=XX` where XX is the maximum age in hours.

68
htdocs/index.php 100644
View File

@ -0,0 +1,68 @@
<?php
if ($_SERVER["REQUEST_METHOD"] === "POST") {
$user = getenv("RKC_USER");
$pass = getenv("RKC_PASS");
if (false !== $user or false !== $pass) {
if (
!isset($_SERVER["PHP_AUTH_USER"]) ||
!isset($_SERVER["PHP_AUTH_PW"]) ||
$_SERVER["PHP_AUTH_USER"] !== $user ||
$_SERVER["PHP_AUTH_PW"] !== $pass
) {
header('WWW-Authenticate: Basic realm="RKC"');
header("HTTP/1.0 401 Unauthorized");
echo "You are not authorized to access this page.";
exit();
}
}
$resticData = file_get_contents("php://input");
$resticData = explode("\n", $resticData);
$backups = [];
foreach ($resticData as $snapshot) {
if (
!preg_match(
"/^(?<id>[a-z0-9]{8}) +(?<year>\d{4})-(?<month>\d{2})-(?<day>\d{2}) +(?<hour>\d{2}):+(?<minute>\d{2}):+(?<second>\d{2}) +(?<host>[^ ]+) +(?<path>[^ ]+).*/",
$snapshot,
$m
)
) {
continue;
}
$backupName = $m["host"] . "|" . $m["path"];
if (!isset($backups[$backupName])) {
$backups[$backupName] = 0;
}
$backupTime = mktime(
$m["hour"],
$m["minute"],
$m["second"],
$m["month"],
$m["day"],
$m["year"]
);
if ($backupTime > $backups[$backupName]) {
$backups[$backupName] = $backupTime;
}
}
ksort($backups);
file_put_contents(
"/var/www/data/backups.json",
json_encode($backups, JSON_UNESCAPED_SLASHES + JSON_PRETTY_PRINT)
);
exit();
}
header("Content-Type: text/plain");
$maxAge = isset($_GET["maxage"]) ? intval($_GET["maxage"]) : 28;
$maxAge = $maxAge * 60 * 60;
$backups = json_decode(file_get_contents("/var/www/data/backups.json"), true);
foreach ($backups as $backupName => $backupTime) {
echo "BACKUP|$backupName|";
if ($backupTime + $maxAge < time()) {
echo "TOO_OLD";
} else {
echo "OK";
}
echo "\n";
}