npm - @highstate/restic - Versions diffs - 0.4.5 - Mend

@highstate/restic 0.4.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,82 @@
+import { k8s, restic } from '@highstate/library';
+import { core } from '@pulumi/kubernetes';
+import { ScriptBundle, Job, CronJob, CommonArgs, ScriptEnvironment, WorkloadVolume, Container, ScriptDistribution } from '@highstate/k8s';
+import { ComponentResource, Output, Input, InputArray, ComponentResourceOptions, InstanceTriggerInvocation, InstanceTrigger } from '@highstate/pulumi';
+type BackupJobPairArgs = CommonArgs & {
+    /**
+     * The k8s cluster to calculate the repository path.
+     */
+    k8sCluster: Input<k8s.Cluster>;
+    /**
+     * The repository to backup/restore to/from.
+     */
+    resticRepo: Input<restic.Repo>;
+    /**
+     * The extra script environment to pass to the backup and restore scripts.
+     */
+    environment?: Input<ScriptEnvironment>;
+    /**
+     * The extra script environments to pass to the backup and restore scripts.
+     */
+    environments?: InputArray<ScriptEnvironment>;
+    /**
+     * The volume to backup.
+     */
+    volume?: Input<WorkloadVolume>;
+    /**
+     * The sup path of the volume to restore/backup.
+     */
+    subPath?: Input<string>;
+    /**
+     * The schedule for the backup job.
+     *
+     * By default, the backup job runs every day at midnight.
+     */
+    schedule?: Input<string>;
+    /**
+     * The extra options to pass to the backup script.
+     */
+    backupOptions?: InputArray<string>;
+    /**
+     * The extra options for the backup container.
+     */
+    backupContainer?: Input<Container>;
+    /**
+     * The extra options for the restore container.
+     */
+    restoreContainer?: Input<Container>;
+    /**
+     * The distribution to use for the scripts.
+     *
+     * By default, the distribution is `alpine`.
+     *
+     * You can also use `ubuntu` if you need to install packages that are not available (or working) in Alpine.
+     */
+    distribution?: ScriptDistribution;
+};
+declare class BackupJobPair extends ComponentResource {
+    private readonly name;
+    private readonly opts?;
+    /**
+     * The credentials used to access the repository and encrypt the backups.
+     */
+    readonly credentials: Output<core.v1.Secret>;
+    /**
+     * The script bundle used by the backup and restore jobs.
+     */
+    readonly scriptBundle: Output<ScriptBundle>;
+    /**
+     * The job resource which restores the volume from the backup before creating an application.
+     */
+    readonly restoreJob: Output<Job>;
+    /**
+     * The cron job resource which backups the volume regularly.
+     */
+    readonly backupJob: Output<CronJob>;
+    constructor(name: string, args: BackupJobPairArgs, opts?: ComponentResourceOptions | undefined);
+    handleTrigger(triggers: InstanceTriggerInvocation[]): InstanceTrigger | undefined;
+    private createBackupOnDestroyJob;
+}
+export { BackupJobPair, type BackupJobPairArgs };

package/dist/index.js ADDED Viewed

@@ -0,0 +1,267 @@
+import { core, batch } from '@pulumi/kubernetes';
+import { mapMetadata, ScriptBundle, Job, createScriptContainer, CronJob } from '@highstate/k8s';
+import { ComponentResource, output, normalize } from '@highstate/pulumi';
+function text(array, ...values) {
+  const str = array.reduce(
+    // eslint-disable-next-line @typescript-eslint/no-base-to-string
+    (result, part, i) => result + part + (values[i] ? String(values[i]) : ""),
+    ""
+  );
+  return trimIndentation(str);
+}
+function trimIndentation(text2) {
+  const lines = text2.split("\n");
+  const indent = lines.filter((line) => line.trim() !== "").map((line) => line.match(/^\s*/)?.[0].length ?? 0).reduce((min, indent2) => Math.min(min, indent2), Infinity);
+  return lines.map((line) => line.slice(indent)).join("\n").trim();
+}
+const backupEnvironment = {
+  alpine: {
+    packages: ["restic"]
+  },
+  ubuntu: {
+    packages: ["restic"]
+  },
+  scripts: {
+    "backup.sh": text`
+      #!/bin/sh
+      set -e
+      # Init the repo if it doesn't exist
+      echo "| Checking the repository"
+      if restic snapshots > /dev/null 2>&1; then
+        echo "| Repository is ready"
+      else
+        echo "| Initializing new repository"
+        restic init
+      fi
+      # Execute lock script if it exists
+      if [ -f /scripts/lock.sh ]; then
+        /scripts/lock.sh || (echo "| error: lock script failed" && exit 1)
+      fi
+      # Unlock the data source on exit
+      if [ -f /scripts/unlock.sh ]; then
+        trap "echo '/scripts/unlock.sh || (echo '| error: unlock script failed' && exit 1)" EXIT
+      fi
+      # Perform online backup if the corresponding script exists
+      if [ -f /scripts/online-backup.sh ]; then
+        /scripts/online-backup.sh || (echo "| error: online backup script failed" && exit 1)
+      fi
+      # Backup the volume
+      echo "| Backing up /data"
+      restic backup -H "$RESTIC_HOSTNAME" /data $EXTRA_BACKUP_OPTIONS
+      # Forget old snapshots
+      echo "| Forgetting old snapshots"
+      restic forget --host "$RESTIC_HOSTNAME" --keep-daily 7 --keep-weekly 4 --keep-monthly 6
+      echo "| Backup complete"
+    `,
+    "restore.sh": text`
+      #!/bin/sh
+      set -e
+      # Check if /data is empty
+      echo "| Checking if volume is empty"
+      if [ "$(find /data -type f -print -quit 2>/dev/null)" ]; then
+        echo "| Volume is not empty. Skipping restore."
+        exit 0
+      fi
+      # Check if at least one snapshot exists
+      echo "| Checking for snapshots"
+      if ! result=$(restic list snapshots); then
+        echo "| No snapshots found. Skipping restore."
+        exit 0
+      fi
+      if [ -z "$result" ]; then
+        echo "| No snapshots found. Skipping restore."
+        exit 0
+      fi
+      # Restore the volume
+      echo "| Restoring /data"
+      restic restore -H "$RESTIC_HOSTNAME" latest --target /
+      echo "| Volume restored."
+      # Post-restore script
+      if [ -f /scripts/post-restore.sh ]; then
+        /scripts/post-restore.sh || (echo "| error: post-restore script failed" && exit 1)
+      fi
+    `
+  }
+};
+class BackupJobPair extends ComponentResource {
+  constructor(name, args, opts) {
+    super("highstate:restic:BackupJobPair", name, args, opts);
+    this.name = name;
+    this.opts = opts;
+    this.credentials = output(args).apply((args2) => {
+      return new core.v1.Secret(
+        `${name}-backup-credentials`,
+        {
+          metadata: mapMetadata(args2, `${name}-backup-credentials`),
+          stringData: {
+            password: args2.resticRepo.password,
+            "rclone.conf": args2.resticRepo.rcloneConfig
+          }
+        },
+        { parent: this, ...opts }
+      );
+    });
+    const environment = output(args).apply((args2) => {
+      return {
+        alpine: {
+          packages: ["rclone"]
+        },
+        ubuntu: {
+          preInstallPackages: ["curl", "unzip"],
+          preInstallScripts: {
+            "rclone.sh": text`
+              #!/bin/sh
+              set -e
+              curl https://rclone.org/install.sh | bash
+            `
+          }
+        },
+        environment: {
+          RESTIC_REPOSITORY: `rclone:${args2.resticRepo.remoteName}:${args2.resticRepo.basePath}/${args2.k8sCluster.name}/${name}`,
+          RESTIC_PASSWORD_FILE: "/credentials/password",
+          RESTIC_HOSTNAME: "default",
+          RCLONE_CONFIG: "/credentials/rclone.conf",
+          EXTRA_BACKUP_OPTIONS: args2.backupOptions?.join(" ")
+        },
+        volumes: [this.credentials, ...args2.volume ? [args2.volume] : []],
+        volumeMounts: [
+          {
+            volume: this.credentials,
+            mountPath: "/credentials",
+            readOnly: true
+          },
+          ...args2.volume ? [
+            {
+              volume: args2.volume,
+              mountPath: "/data",
+              subPath: args2.subPath
+            }
+          ] : []
+        ]
+      };
+    });
+    this.scriptBundle = output(args).apply((args2) => {
+      return new ScriptBundle(
+        `${name}-backup-scripts`,
+        {
+          namespace: args2.namespace,
+          distribution: args2.distribution ?? "alpine",
+          environments: [
+            backupEnvironment,
+            environment,
+            ...normalize(args2.environment, args2.environments)
+          ]
+        },
+        { parent: this, ...opts }
+      );
+    });
+    this.restoreJob = output(args).apply((args2) => {
+      return new Job(
+        `${name}-restore`,
+        {
+          namespace: args2.namespace,
+          container: createScriptContainer({
+            ...args2.restoreContainer,
+            main: "restore.sh",
+            bundle: this.scriptBundle
+          })
+        },
+        { parent: this, ...opts }
+      );
+    });
+    this.backupJob = output(args).apply((args2) => {
+      return new CronJob(
+        `${name}-backup`,
+        {
+          namespace: args2.namespace,
+          container: createScriptContainer({
+            ...args2.backupContainer,
+            main: "backup.sh",
+            bundle: this.scriptBundle
+          }),
+          schedule: args2.schedule ?? "0 0 * * *",
+          concurrencyPolicy: "Forbid",
+          jobTemplate: {
+            spec: {
+              backoffLimit: 1,
+              template: {
+                spec: {
+                  restartPolicy: "Never"
+                }
+              }
+            }
+          }
+        },
+        { parent: this, ...opts }
+      );
+    });
+    this.registerOutputs({
+      credentials: this.credentials,
+      scriptBundle: this.scriptBundle,
+      restoreJob: this.restoreJob,
+      backupJob: this.backupJob
+    });
+  }
+  /**
+   * The credentials used to access the repository and encrypt the backups.
+   */
+  credentials;
+  /**
+   * The script bundle used by the backup and restore jobs.
+   */
+  scriptBundle;
+  /**
+   * The job resource which restores the volume from the backup before creating an application.
+   */
+  restoreJob;
+  /**
+   * The cron job resource which backups the volume regularly.
+   */
+  backupJob;
+  handleTrigger(triggers) {
+    const triggerName = `restic.backup-on-destroy.${this.name}`;
+    const invokedTrigger = triggers.find((trigger) => trigger.name === triggerName);
+    if (invokedTrigger) {
+      this.createBackupOnDestroyJob();
+      return;
+    }
+    return {
+      name: triggerName,
+      title: "Backup on Destroy",
+      description: `Backup the "${this.name}" before destroying.`,
+      spec: {
+        type: "before-destroy"
+      }
+    };
+  }
+  createBackupOnDestroyJob() {
+    new batch.v1.Job(
+      `${this.name}-backup-on-destroy`,
+      {
+        metadata: {
+          name: `${this.name}-backup-on-destroy`,
+          namespace: this.backupJob.cronJob.metadata.namespace
+        },
+        spec: this.backupJob.cronJob.spec.jobTemplate.spec
+      },
+      { parent: this, ...this.opts }
+    );
+  }
+}
+export { BackupJobPair };

package/dist/repo/index.js ADDED Viewed

@@ -0,0 +1,33 @@
+import { restic } from '@highstate/library';
+import { forUnit, getOrCreateSecret } from '@highstate/pulumi';
+import { generatePassword } from '@highstate/common';
+const { args, secrets, outputs } = forUnit(restic.repo);
+const remoteName = secrets.rcloneConfig.apply((config) => {
+  const remoteNames = Array.from(config.matchAll(/(?<=\[).+?(?=\])/g));
+  if (remoteNames.length === 0) {
+    throw new Error("No remotes found in rclone config");
+  }
+  if (remoteNames.length > 1) {
+    throw new Error("Multiple remotes found in rclone config");
+  }
+  return remoteNames[0][0];
+});
+const password = getOrCreateSecret(secrets, "password", generatePassword);
+const basePath = args.basePath?.replace(/\/$/, "") ?? "backups";
+var index = outputs({
+  repo: {
+    password,
+    type: "rclone",
+    rcloneConfig: secrets.rcloneConfig,
+    remoteName,
+    remoteDomains: args.remoteDomains ?? [],
+    basePath
+  },
+  $status: {
+    remoteName,
+    basePath
+  }
+});
+export { index as default };

package/package.json ADDED Viewed

@@ -0,0 +1,37 @@
+{
+  "name": "@highstate/restic",
+  "version": "0.4.5",
+  "type": "module",
+  "files": [
+    "assets",
+    "dist"
+  ],
+  "exports": {
+    ".": {
+      "default": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    },
+    "./repo": {
+      "default": "./dist/repo/index.js"
+    }
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "build": "pkgroll --tsconfig=tsconfig.build.json"
+  },
+  "dependencies": {
+    "@highstate/common": "^0.4.5",
+    "@highstate/k8s": "^0.4.5",
+    "@highstate/pulumi": "^0.4.5",
+    "@pulumi/kubernetes": "^4.18.0"
+  },
+  "peerDependencies": {
+    "@highstate/library": "workspace:^0.4.4"
+  },
+  "devDependencies": {
+    "pkgroll": "^2.5.1"
+  },
+  "gitHead": "afd601fdade1bcf31af58072eea3c08ee26349b8"
+}