diff --git a/Déploiement_du_serveur.md b/Déploiement_du_serveur.md index dc97691..d1c386b 100644 --- a/Déploiement_du_serveur.md +++ b/Déploiement_du_serveur.md @@ -3,7 +3,7 @@ Le système est déployé avec [Yunohost](https://yunohost.org). Le service d'annuaire [LDAP](https://fr.wikipedia.org/wiki/LDAP_Data_Interchange_Format) pour le serveur Yunohost n'est pas compatibles avec toutes les applications hébergées. L'identification LDAP ne fonctionne que pour les mails (Roundcube), pour le Cloud Linux07 (Nextcloud), pour la Forge Linux07(Forgejo) et pour Mypads Linux07 (Etherpad_Mypads). -> ! Certains utilisateurs du Cloud Linux07 (Nextcloud) **ne sont pas connectés à l'annuaire LDAP**, ils ont un compte gratuit de 400 Mo et se sont inscrits par eux-même, leur compte à été validé ensuite. +> ! Certains utilisateurs du Cloud Linux07 (Nextcloud) **ne sont pas connectés à l'annuaire LDAP**, ils ont un compte gratuit de 250 Mo et se sont inscrits par eux-même, leur compte à été validé ensuite. Le serveur a été partitionner en LVM pour pouvoir alloué des volumes partitionnés à certains dossiers ou certaines applications, déplacés avec des `mount --bind`, sauf pour la partition `\var\mail` qui elle montée dans le fichier `/etc/fstab`. diff --git a/Sauvegardes.md b/Sauvegardes.md index 843fe74..dba095c 100644 --- a/Sauvegardes.md +++ b/Sauvegardes.md @@ -7,18 +7,20 @@ Nous avons des sauvegardes locales journalières des données et du système sur Fichier de configuration des sauvegardes distantes vers BorgServer (machine auto-hébergé à l'adresse de l'association Linux07) -**/etc/yunohost/hooks.d/backup_method/05-borg_app** +**/etc/yunohost/hooks.d/backup_method/05-borg_app (mise à jour 2024)** ``` -#!/bin/bash +#!/usr/bin/env bash +set -Eeuo pipefail -set -eo pipefail -app="${0#"./05-"}" -app="${app%"_app"}" +borg="/var/www/borg/venv/bin/borg" +app="borg" -BORG_PASSPHRASE="$(yunohost app setting $app passphrase)" -repo="$(yunohost app setting $app repository)" #$4 -if ssh-keygen -F "[domain.tld]:6060" >/dev/null ; then +BORG_PASSPHRASE="$(yunohost app setting "$app" passphrase)" +BORG_REPO="$(yunohost app setting "$app" repository)" +BORG_LOGGING_CONF="/var/www/borg/logging.conf" + +if ssh-keygen -F "[domainborgserver.tld]:xxxx" >/dev/null ; then BORG_RSH="ssh -i /root/.ssh/id_${app}_ed25519 -oStrictHostKeyChecking=yes " else BORG_RSH="ssh -i /root/.ssh/id_${app}_ed25519 -oStrictHostKeyChecking=no " @@ -28,60 +30,52 @@ do_need_mount() { true } -LOGFILE=/var/log/backup_borg.err -log_with_timestamp() { - sed -e "s/^/[$(date +"%Y-%m-%d_%H:%M:%S")] /" | tee -a $LOGFILE -} - do_backup() { - export BORG_PASSPHRASE + export BORG_REPO export BORG_RSH + export BORG_LOGGING_CONF export BORG_RELOCATED_REPO_ACCESS_IS_OK=yes work_dir="$1" name="$2" - repo="$3" - size="$4" - description="$5" - current_date=$(date +"%Y-%m-%d_%H:%M") - pushd "$work_dir" + size="$3" + description="$4" set +e - if borg init -e repokey "$repo" ; then - #human_size=`echo $size | awk '{ suffix=" KMGT"; for(i=1; $1>1024 && i < length(suffix); i++) $1/=1024; print int($1) substr(suffix, i, 1), $3; }'` - # Speed in Kbps - #speed=1000 - #evaluated_time=$(($size / ($speed * 1000 / 8) / 3600)) - echo "Hello, + if ! "$borg" list > /dev/null 2>&1; then + "$borg" init -e repokey + # human_size=`echo $size | awk '{ suffix=" KMGT"; for(i=1; $1>1024 && i < length(suffix); i++) $1/=1024; print int($1) substr(suffix, i, 1), $3; }'` + # Speed in Kbps + # speed=1000 + # evaluated_time=$(($size / ($speed * 1000 / 8) / 3600)) + echo "Hello, -Your first backup on $repo is starting. +Your first backup on $BORG_REPO is starting. This is an automated message from your beloved YunoHost server." | /usr/bin/mail.mailutils -a "Content-Type: text/plain; charset=UTF-8" -s "[YNH] First backup is starting" "root" fi set -e - borg create "$repo::_${name}-${current_date}" ./ 2>&1 >/dev/null | log_with_timestamp - popd + # About the {now} placeholder: + # https://borgbackup.readthedocs.io/en/stable/usage/create.html#description + # In the archive name, you may use the following placeholders: {now}, {utcnow}, {fqdn}, {hostname}, {user} and some others. + "$borg" create --stats "::${name}-{now}" "$work_dir" + + "$borg" prune --glob-archives "${name}-*" --list --keep-hourly 2 --keep-daily=7 --keep-weekly=8 --keep-monthly=12 - # About thi _20 it's a crazy fix to avoid pruning wordpress__2 - # if you prune wordpress - borg prune "$repo" -P "_${name}-" --keep-hourly 2 --keep-daily=7 --keep-weekly=8 --keep-monthly=12 2>&1 >/dev/null | log_with_timestamp - - # Prune legacy archive name without error on wordpress/wordpress__2 - borg prune "$repo" -P "${name}_" --keep-within 2m --keep-monthly=12 2>&1 >/dev/null | log_with_timestamp - # We prune potential manual backup older than 1 year - borg prune "$repo" --keep-within 1y 2>&1 >/dev/null | log_with_timestamp + "$borg" prune --list --keep-within 1y } do_mount() { export BORG_PASSPHRASE + export BORG_REPO export BORG_RSH + export BORG_LOGGING_CONF work_dir="$1" name="$2" - repo="$3" - size="$4" - description="$5" - borg mount "$repo::$name" "$work_dir" 2>&1 >/dev/null | log_with_timestamp + size="$3" + description="$4" + "$borg" mount "::$name" "$work_dir" } work_dir="$2" @@ -92,13 +86,13 @@ description="$6" case "$1" in need_mount) - do_need_mount "$work_dir" "$name" "$repo" "$size" "$description" + do_need_mount "$work_dir" "$name" "$size" "$description" ;; backup) - do_backup "$work_dir" "$name" "$repo" "$size" "$description" + do_backup "$work_dir" "$name" "$size" "$description" ;; mount) - do_mount + do_mount "$work_dir" "$name" "$size" "$description" ;; *) echo "hook called with unknown argument \`$1'" >&2 @@ -114,14 +108,16 @@ Fichier de configuration des sauvegardes locales **/etc/yunohost/hooks.d/backup_method/05-borg__2_app** ``` -#!/bin/bash +#!/usr/bin/env bash +set -Eeuo pipefail -set -eo pipefail -app="${0#"./05-"}" -app="${app%"_app"}" +borg="/var/www/borg__2/venv/bin/borg" +app="borg__2" + +BORG_PASSPHRASE="$(yunohost app setting "$app" passphrase)" +BORG_REPO="$(yunohost app setting "$app" repository)" +BORG_LOGGING_CONF="/var/www/borg__2/logging.conf" -BORG_PASSPHRASE="$(yunohost app setting $app passphrase)" -repo="$(yunohost app setting $app repository)" #$4 if ssh-keygen -F "" >/dev/null ; then BORG_RSH="ssh -i /root/.ssh/id_${app}_ed25519 -oStrictHostKeyChecking=yes " else @@ -132,60 +128,52 @@ do_need_mount() { true } -LOGFILE=/var/log/backup_borg.err -log_with_timestamp() { - sed -e "s/^/[$(date +"%Y-%m-%d_%H:%M:%S")] /" | tee -a $LOGFILE -} - do_backup() { - export BORG_PASSPHRASE + export BORG_REPO export BORG_RSH + export BORG_LOGGING_CONF export BORG_RELOCATED_REPO_ACCESS_IS_OK=yes work_dir="$1" name="$2" - repo="$3" - size="$4" - description="$5" - current_date=$(date +"%Y-%m-%d_%H:%M") - pushd "$work_dir" + size="$3" + description="$4" set +e - if borg init -e repokey "$repo" ; then - #human_size=`echo $size | awk '{ suffix=" KMGT"; for(i=1; $1>1024 && i < length(suffix); i++) $1/=1024; print int($1) substr(suffix, i, 1), $3; }'` - # Speed in Kbps - #speed=1000 - #evaluated_time=$(($size / ($speed * 1000 / 8) / 3600)) - echo "Hello, + if ! "$borg" list > /dev/null 2>&1; then + "$borg" init -e repokey + # human_size=`echo $size | awk '{ suffix=" KMGT"; for(i=1; $1>1024 && i < length(suffix); i++) $1/=1024; print int($1) substr(suffix, i, 1), $3; }'` + # Speed in Kbps + # speed=1000 + # evaluated_time=$(($size / ($speed * 1000 / 8) / 3600)) + echo "Hello, -Your first backup on $repo is starting. +Your first backup on $BORG_REPO is starting. This is an automated message from your beloved YunoHost server." | /usr/bin/mail.mailutils -a "Content-Type: text/plain; charset=UTF-8" -s "[YNH] First backup is starting" "root" fi set -e - borg create "$repo::_${name}-${current_date}" ./ 2>&1 >/dev/null | log_with_timestamp - popd + # About the {now} placeholder: + # https://borgbackup.readthedocs.io/en/stable/usage/create.html#description + # In the archive name, you may use the following placeholders: {now}, {utcnow}, {fqdn}, {hostname}, {user} and some others. + "$borg" create --stats "::${name}-{now}" "$work_dir" + + "$borg" prune --glob-archives "${name}-*" --list --keep-hourly 2 --keep-daily=7 --keep-weekly=8 --keep-monthly=12 - # About thi _20 it's a crazy fix to avoid pruning wordpress__2 - # if you prune wordpress - borg prune "$repo" -P "_${name}-" --keep-hourly 2 --keep-daily=7 --keep-weekly=8 --keep-monthly=12 2>&1 >/dev/null | log_with_timestamp - - # Prune legacy archive name without error on wordpress/wordpress__2 - borg prune "$repo" -P "${name}_" --keep-within 2m --keep-monthly=12 2>&1 >/dev/null | log_with_timestamp - # We prune potential manual backup older than 1 year - borg prune "$repo" --keep-within 1y 2>&1 >/dev/null | log_with_timestamp + "$borg" prune --list --keep-within 1y } do_mount() { export BORG_PASSPHRASE + export BORG_REPO export BORG_RSH + export BORG_LOGGING_CONF work_dir="$1" name="$2" - repo="$3" - size="$4" - description="$5" - borg mount "$repo::$name" "$work_dir" 2>&1 >/dev/null | log_with_timestamp + size="$3" + description="$4" + "$borg" mount "::$name" "$work_dir" } work_dir="$2" @@ -196,13 +184,13 @@ description="$6" case "$1" in need_mount) - do_need_mount "$work_dir" "$name" "$repo" "$size" "$description" + do_need_mount "$work_dir" "$name" "$size" "$description" ;; backup) - do_backup "$work_dir" "$name" "$repo" "$size" "$description" + do_backup "$work_dir" "$name" "$size" "$description" ;; mount) - do_mount + do_mount "$work_dir" "$name" "$size" "$description" ;; *) echo "hook called with unknown argument \`$1'" >&2