nixcfg/cluster/prod/app/backup/build/backup-garage/do-backup.sh

#!/usr/bin/env bash

# DEPENDENCIES: btrfs-progs curl rclone jq

# PARAMETERS (environmenet variables)
#       $BACKUP_BASEDIR         => where to store backups and btrfs snapshots
#       $GARAGE_ADMIN_TOKEN     => Garage administration access token
#       $GARAGE_ACCESS_KEY      => Garage access key
#       $GARAGE_SECRET_KEY      => Garage secret key

if [ -z "$BACKUP_BASEDIR" -o -z "$GARAGE_ACCESS_KEY" -o -z "$GARAGE_ADMIN_TOKEN" ]; then
        echo "Missing parameters"
fi

if [ ! -d "$BACKUP_BASEDIR/buckets" ]; then
        btrfs subvolume create "$BACKUP_BASEDIR/buckets"
fi


function gcurl {
        curl -s -H "Authorization: Bearer $GARAGE_ADMIN_TOKEN" $@
}

BUCKETS=$(gcurl "http://localhost:3903/v0/bucket" | jq -r '.[].id')

for BUCKET in $BUCKETS; do
        echo "==== BUCKET $BUCKET ===="

        gcurl "http://localhost:3903/v0/bucket?id=$BUCKET" > "$BACKUP_BASEDIR/buckets/$BUCKET.json"

        ALIASES=$(jq -r '.globalAliases[]' < "$BACKUP_BASEDIR/buckets/$BUCKET.json")
        echo "(aka. $ALIASES)"

        case $ALIASES in
                *backup*)
                        echo "Skipping $BUCKET (not doing backup of backup)"
                        ;;
                *cache*)
                        echo "Skipping $BUCKET (not doing backup of cache)"
                        ;;
                *)
                        echo "Backing up $BUCKET"

                        if [ ! -d "$BACKUP_BASEDIR/buckets/$BUCKET" ]; then
                                mkdir "$BACKUP_BASEDIR/buckets/$BUCKET"
                        fi

                        gcurl -X POST -H "Content-Type: application/json"  --data @- "http://localhost:3903/v0/bucket/allow" >/dev/null <<EOF
                                {
                                        "bucketId": "$BUCKET",
                                        "accessKeyId": "$GARAGE_ACCESS_KEY",
                                        "permissions": {"read": true}
                                }
EOF

                        rclone sync --s3-endpoint http://localhost:3900 \
                                --s3-access-key-id $GARAGE_ACCESS_KEY \
                                --s3-secret-access-key $GARAGE_SECRET_KEY \
                                --s3-region garage \
                                --s3-force-path-style \
                                --transfers 32 \
                                --fast-list \
                                --stats-one-line \
                                --stats 10s \
                                --stats-log-level NOTICE \
                                ":s3:$BUCKET" "$BACKUP_BASEDIR/buckets/$BUCKET" 2>&1
                        ;;
        esac
done

echo "========= DONE SYNCHRONIZING =========="

if [ ! -d "$BACKUP_BASEDIR/snapshots" ]; then
        mkdir "$BACKUP_BASEDIR/snapshots"
fi

SNAPSHOT="$BACKUP_BASEDIR/snapshots/buckets-$(date +%F)"
if [ ! -e "$SNAPSHOT" ]; then
        echo "Making snapshot: $SNAPSHOT"
        btrfs subvolume snapshot "$BACKUP_BASEDIR/buckets" "$SNAPSHOT"
        btrfs prop set "$SNAPSHOT" ro true
fi