Moves backup from Git to Duplicity

cloud-config

@@ -13,21 +13,12 @@ coreos:
     - name: etcd.service
       command: start
 write_files:
-  - path: /data/BACKUP_DESTINATION
-    permissions: 0644
+  - path: /etc/environment
+    permissions: 0600
     owner: root
     content: |
-      core@backup.dev
-write_files:
-  - path: /etc/hosts
-    permissions: 0644
-    owner: root
-    content: |
-      127.0.0.1 localhost
-      255.255.255.255 broadcasthost
-      ::1 localhost
-      10.0.0.xx mybackupserver
-      10.0.0.yy myotherserver
+      ENCRYPT_KEY=""
+      BACKUP_DESTINATION="core@backup.dev"
 ssh_authorized_keys:
   - ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key
 users:

dockerfiles/backup/duplicity/Dockerfile

+FROM debian:jessie
+
+ENV DEBIAN_FRONTEND noninteractive
+
+RUN \
+  export VERSION=0.7.01 && \
+  apt-get update && \
+  apt-get install -y wget python python-dev python-pip librsync-dev ncftp lftp rsync && \
+  rm -rf /var/lib/apt/lists/* && \
+  pip install --upgrade lockfile paramiko pycrypto && \
+  cd /tmp/ && \
+  wget https://launchpad.net/duplicity/0.7-series/$VERSION/+download/duplicity-$VERSION.tar.gz && \
+  cd /opt/ && \
+  tar xzvf /tmp/duplicity-$VERSION.tar.gz && \
+  rm /tmp/duplicity-$VERSION.tar.gz && \
+  cd duplicity-$VERSION && \
+  ./setup.py install
+
+ENTRYPOINT [ "/usr/local/bin/duplicity" ]
+

scripts/setup.sh

@@ -27,7 +27,6 @@ sudo cp /data/indiehosters/unit-files/* /etc/systemd/system && systemctl daemon-
 
 # Create Directory structure
 mkdir -p /data/domains
-mkdir -p /data/import
 mkdir -p /data/runtime/haproxy/approved-certs
 mkdir -p /data/runtime/postfix
 

unit-files/backup@.service

 [Unit]
-Description=Back up domain data to a git repo and push it out
+Description=Back up data from %i
 
 [Service]
 Type=oneshot
+EnvironmentFile=/etc/environment
+ExecStartPre=/usr/bin/docker run --rm -v /opt/bin:/opt/bin ibuildthecloud/systemd-docker
 ExecStartPre=-/usr/bin/docker kill mysqldump-%i
 ExecStartPre=-/usr/bin/docker rm mysqldump-%i
 ExecStartPre=/bin/bash -euxc ' \
@@ -24,10 +26,13 @@ ExecStartPre=/bin/bash -euxc ' \
   fi'
 
 ExecStart=/bin/bash -euxc ' \
+  /opt/bin/systemd-docker --env run \
+    --rm \
+    --name duplicity \
+    -h backup.container \
+    -v /root:/root \
+    -v /data/domains/%i:/backup pierreozoux/duplicity \
+      --encrypt-key ${ENCRYPT_KEY} \
+        /backup \
+        sftp://${BACKUP_DESTINATION}/%i' 
 
-  echo "Committing everything"; \
-  cd /data/domains/%i/; \
-  git add *; \
-  git status; \
-  git commit --allow-empty -am"backup %i @ `hostname` - `date`"; \
-  git push origin master'

unit-files/init@.service

-[Unit]
-Description=Initializer
-After=network-online.target
-
-[Service]
-Type=oneshot
-ExecStartPre=/bin/bash -euxc ' \
-  BACKUP_DESTINATION=`cat /data/BACKUP_DESTINATION`; \
-  echo "Intitializing backups with $BACKUP_DESTINATION"; \
-  if [ ! -d /data/domains/%i/.git ]; then \
-    if [ `ssh $BACKUP_DESTINATION "test -d %i"; echo $?` -eq 0 ]; then \
-      git clone $BACKUP_DESTINATION:%i /data/domains/%i; \
-      cd /data/domains/%i; \
-    else \
-      ssh $BACKUP_DESTINATION " \
-        if [ ! -d %i ]; then \
-          mkdir -p %i; \
-          cd %i; \
-          git init --bare; \
-        fi"; \
-      if [ ! -d /data/domains/%i ]; then \
-        mkdir /data/domains/%i; \
-      fi; \
-      cd /data/domains/%i; \
-      git init; \
-      git remote add origin $BACKUP_DESTINATION:%i; \
-    fi; \
-    git config --local user.email "backups@`hostname`"; \
-    git config --local user.name "`hostname` hourly backups"; \
-  fi'
-
-ExecStart=/bin/bash -euxc ' \
-  if [ -d /data/import/%i ]; then \
-    cp -av /data/import/%i/* /data/domains/%i; \
-    cp /data/import/%i/.env /data/domains/%i/; \
-    cd /data/domains/%i/; \
-    git add .env; \
-    rm -rf /data/import/%i; \
-  fi; \
-  cp /data/domains/%i/TLS/%i.pem /data/runtime/haproxy/approved-certs/%i.pem;'

unit-files/lamp@.service

@@ -3,20 +3,19 @@ Description=%p-%i
 
 # Requirements
 Requires=docker.service
-Requires=init@%i.service
 Requires=mysql@%i.service
 Requires=discovery@%i.service
 Requires=backup@%i.timer
 
 # Dependency ordering
 After=docker.service
-After=init@%i.service
 After=mysql@%i.service
 Before=discovery@%i.service
 Before=backup@%i.timer
 
 [Service]
 Restart=always
+ExecStartPre=cp /data/domains/%i/TLS/%i.pem /data/runtime/haproxy/approved-certs/%i.pem
 Type=notify
 NotifyAccess=all
 EnvironmentFile=/data/domains/%i/.env

unit-files/mysql@.service

@@ -27,8 +27,6 @@ ExecStartPre=/bin/bash -euxc ' \
       mkdir -p $mysql_folder; \
       pass=`echo $RANDOM  ${date} | md5sum | base64 | cut -c-10`; \
       echo MYSQL_PASS=$pass > $mysql_folder/.env; \
-    else \
-      cp $mysql_folder/dump.sql /data/runtime/domains/%i/mysql/db_files/; \
     fi; \
   fi'
 
@@ -36,7 +34,6 @@ ExecStart=/opt/bin/systemd-docker run \
   --rm \
   --name %p-%i \
   -v /data/runtime/domains/%i/%p/db_files:/var/lib/mysql \
-  -e STARTUP_SQL=/var/lib/mysql/dump.sql \
   --env-file /data/domains/%i/%p/.env \
   pierreozoux/mysql
 ExecReload=/usr/bin/docker restart %p-%i

unit-files/static@.service

@@ -3,18 +3,17 @@ Description=%p-%i
 
 # Requirements
 Requires=docker.service
-Requires=init@%i.service
 Requires=discovery@%i.service
 Requires=backup@%i.timer
 
 # Dependency ordering
 After=docker.service
-After=init@%i.service
 Before=discovery@%i.service
 Before=backup@%i.timer
 
 [Service]
 Restart=always
+ExecStartPre=cp /data/domains/%i/TLS/%i.pem /data/runtime/haproxy/approved-certs/%i.pem
 ExecStartPre=-/usr/bin/docker kill %i
 ExecStartPre=-/usr/bin/docker rm %i
 ExecStartPre=/bin/bash -euxc ' \