From 16e9952b2f6edbb4546f8e3cfba39605d8e031fc Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Wed, 3 Jan 2024 21:09:07 +0000
Subject: [PATCH] Replace custom restic logs with runitor

---
 ansible/roles/restic/files/backrest-logrotate |  8 ---
 ansible/roles/restic/files/backrest.sh        | 53 +------------------
 ansible/roles/restic/files/restic-backup.sh   |  5 ++
 ansible/roles/restic/files/restic-forget.sh   |  5 ++
 ansible/roles/restic/tasks/main.yml           | 26 ++++-----
 5 files changed, 26 insertions(+), 71 deletions(-)
 delete mode 100644 ansible/roles/restic/files/backrest-logrotate
 create mode 100644 ansible/roles/restic/files/restic-backup.sh
 create mode 100644 ansible/roles/restic/files/restic-forget.sh

diff --git a/ansible/roles/restic/files/backrest-logrotate b/ansible/roles/restic/files/backrest-logrotate
deleted file mode 100644
index 8417c77..0000000
--- a/ansible/roles/restic/files/backrest-logrotate
+++ /dev/null
@@ -1,8 +0,0 @@
-/home/restic/log/*.log {
-  daily
-  rotate 14
-  missingok
-  compress
-  nodateext
-  notifempty
-}
diff --git a/ansible/roles/restic/files/backrest.sh b/ansible/roles/restic/files/backrest.sh
index 4637921..a096077 100644
--- a/ansible/roles/restic/files/backrest.sh
+++ b/ansible/roles/restic/files/backrest.sh
@@ -8,55 +8,6 @@ export RESTIC_PASSWORD="{{ restic_key }}"
 export RESTIC_REPOSITORY="b2:{{ restic_b2_bucket }}"
 export GOGC=20  # HACK: Work around for restic's high memory usage https://github.com/restic/restic/issues/1988
 
-export RESTIC_LOG_DIR="$HOME/log"
-export RESTIC_LOG_FILE="$RESTIC_LOG_DIR/$1-$(date -Iseconds).log"
+set -x
 
-export FORGET_OPTIONS="--keep-daily 30 --keep-monthly 3 --group-by host"
-
-mkdir -p "$RESTIC_LOG_DIR"
-
-# Run backup, and capture logs to file
-cron_backup() {
-    curl -fsS -m 10 --retry 5 -o /dev/null {{ healthchecks_host }}/{{ vault_restic_healthchecks_id }}/start
-    restic --verbose backup --files-from=$HOME/restic-include.txt --exclude-file=$HOME/restic-excludes.txt | tee -a $RESTIC_LOG_FILE
-    exit_code=${PIPESTATUS[0]}
-    curl -fsS -m 10 --retry 5 -o /dev/null {{ healthchecks_host }}/{{ vault_restic_healthchecks_id }}/$exit_code --data-binary "@$RESTIC_LOG_FILE"
-    echo "Exit code: $exit_code"
-}
-
-# Run backup, but show all the progress
-backup() {
-    restic --verbose backup --files-from=$HOME/restic-include.txt --exclude-file=$HOME/restic-excludes.txt
-}
-
-{% if restic_forget %}
-# Run forget and prune, and capture logs to file
-cron_forget() {
-    curl -fsS -m 10 --retry 5 -o /dev/null {{ healthchecks_host }}/{{ vault_restic_forget_healthchecks_id }}/start
-    restic forget --prune $FORGET_OPTIONS | tee -a $RESTIC_LOG_FILE
-    exit_code=${PIPESTATUS[0]}
-    curl -fsS -m 10 --retry 5 -o /dev/null {{ healthchecks_host }}/{{ vault_restic_forget_healthchecks_id }}/$exit_code --data-binary "@$RESTIC_LOG_FILE"
-    echo "Exit code: $exit_code"
-}
-{% endif %}
-
-# Forget legacy snapshots
-forget() {
-    set -x
-    restic forget $FORGET_OPTIONS $@
-}
-
-# Prune orphaned files
-prune() {
-    set -x
-    restic --verbose prune $@
-}
-
-# Run restic, but with environment variables set
-exec () {
-    set -x
-    restic $@
-}
-
-# Run the things
-"$@"
+exec restic $@
diff --git a/ansible/roles/restic/files/restic-backup.sh b/ansible/roles/restic/files/restic-backup.sh
new file mode 100644
index 0000000..115d52f
--- /dev/null
+++ b/ansible/roles/restic/files/restic-backup.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+set -e
+
+exec $HOME/backrest.sh --verbose backup --files-from=$HOME/restic-include.txt --exclude-file=$HOME/restic-excludes.txt
diff --git a/ansible/roles/restic/files/restic-forget.sh b/ansible/roles/restic/files/restic-forget.sh
new file mode 100644
index 0000000..27614ef
--- /dev/null
+++ b/ansible/roles/restic/files/restic-forget.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+set -e
+
+exec $HOME/backrest.sh forget --prune --keep-daily 30 --keep-monthly 3 --group-by host
diff --git a/ansible/roles/restic/tasks/main.yml b/ansible/roles/restic/tasks/main.yml
index 1cc2ecc..d24f47d 100644
--- a/ansible/roles/restic/tasks/main.yml
+++ b/ansible/roles/restic/tasks/main.yml
@@ -3,6 +3,11 @@
     name: restic
   become: true
 
+- name: Install runitor
+  kewlfft.aur.aur:
+    name: runitor-bin
+  become: true
+
 - name: Make user
   user:
     name: restic
@@ -10,12 +15,16 @@
     system: false
   become: true
 
-- name: Install backrest
+- name: Install scripts
   template:
-    src: files/backrest.sh
-    dest: /home/restic/backrest.sh
+    src: files/{{ item }}
+    dest: /home/restic/{{ item }}
     mode: "0700"
     owner: restic
+  loop:
+    - backrest.sh
+    - restic-backup.sh
+    - restic-forget.sh
   become: true
 
 - name: Install includes files
@@ -53,7 +62,7 @@
     name: restic backup
     hour: 0
     minute: 0
-    job: /home/restic/backrest.sh cron_backup
+    job: CHECK_UUID={{ vault_restic_healthchecks_id }} /usr/bin/runitor -- /home/restic/restic-backup.sh
     user: restic
   become: true
 
@@ -63,18 +72,11 @@
     hour: 2
     minute: 0
     weekday: 0
-    job: /home/restic/backrest.sh cron_forget
+    job: CHECK_UUID={{ vault_restic_forget_healthchecks_id }} /usr/bin/runitor -- /home/restic/restic-forget.sh
     user: restic
   become: true
   when: restic_forget
 
-- name: backrest fail2ban config
-  template:
-    src: files/backrest-logrotate
-    dest: /etc/logrotate.d/backrest
-    mode: "0600"
-  become: true
-
 - name: Install pacman post script
   template:
     src: files/restic-post.sh