Micha/homelab-infra
1
0
Fork 0
Code Issues 1 Pull Requests 5 Actions Packages Projects Releases Wiki Activity

fix(restore): harden restore checks and add authelia smoke scaffold

Browse Source
This commit is contained in:
Micha
2026-06-03 07:39:05 +02:00
parent e2624796f0
commit b1ae9f3c26
24 changed files with 821 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ops/restore-tests/common.sh
+42
View File
@@ -20,7 +20,28 @@ require_path() {
}
}
require_borg_container() {
docker inspect "$BORG_CONTAINER" >/dev/null 2>&1 || {
echo "Missing Borg container: $BORG_CONTAINER" >&2
exit 1
}
[ "$(docker inspect -f '{{.State.Running}}' "$BORG_CONTAINER" 2>/dev/null)" = "true" ] || {
echo "Borg container is not running: $BORG_CONTAINER" >&2
exit 1
}
docker exec "$BORG_CONTAINER" test -r /data/borg.db >/dev/null 2>&1 || {
echo "Missing borg-ui database in container: $BORG_CONTAINER:/data/borg.db" >&2
exit 1
}
docker exec "$BORG_CONTAINER" test -r /local/secrets/borg_repo_passphrase.txt >/dev/null 2>&1 || {
echo "Missing Borg passphrase in container: $BORG_CONTAINER:/local/secrets/borg_repo_passphrase.txt" >&2
echo "Host path exists, but borg-ui must mount it as /local/secrets/borg_repo_passphrase.txt." >&2
exit 1
}
}
latest_archive_name() {
require_borg_container
docker exec -i "$BORG_CONTAINER" python3 - <<'PY'
import sqlite3
conn = sqlite3.connect('/data/borg.db')
@@ -34,6 +55,7 @@ PY
}
borg_repo_url() {
require_borg_container
docker exec -i "$BORG_CONTAINER" python3 - <<'PY'
import sqlite3
conn = sqlite3.connect('/data/borg.db')
@@ -50,6 +72,7 @@ borg_extract() {
local extract_dir="$1"
shift
local paths=("$@")
require_borg_container
docker exec -i "$BORG_CONTAINER" python3 - "$extract_dir" "${paths[@]}" <<'PY'
import os, sys, subprocess
extract_dir = sys.argv[1]
@@ -88,3 +111,22 @@ cleanup_compose() {
docker compose -f "$compose_file" down >/dev/null 2>&1 || true
fi
}
# Hilfsfunktion: bei Fehler-Exit Restore-Lab-Pfad nicht loeschen, sondern in
# einen `_failed/<service>-<date>-<pid>`-Pfad umbenennen, damit Post-Mortem
# moeglich bleibt. Aufrufer setzt vor Erfolg `RESTORE_SUCCESS=1`.
RESTORE_FAILED_ROOT="${RESTORE_FAILED_ROOT:-/mnt/user/backups/restore-lab/_failed}"
preserve_on_failure() {
local service="$1"
local path="$2"
if [ ! -e "$path" ]; then
return 0
fi
mkdir -p "$RESTORE_FAILED_ROOT"
local target="$RESTORE_FAILED_ROOT/${service}-$(date +%F)-$$"
if mv "$path" "$target" 2>/dev/null; then
echo "preserved failed restore data: $target" >&2
else
echo "failed to preserve restore data: $path -> $target" >&2
fi
}