Introduce default fallback jobs

When before lifeboat was expecting the user to populate the run, post,
and sync scripts, now it includes a sane default for each step of the
backup process, making deployments much more simple.

The post script was split up into retain and clean.

2 files changed, 93 insertions, 16 deletions

diff --git a/lifeboat b/lifeboat
index d4100d0..9d569f5 100755
--- a/lifeboat
+++ b/lifeboat
@@ -15,13 +15,55 @@ usage() {
 run_backup() {
 	(
 		cd "$rootdir/$repo"
-		./run
-		for i in post sync; do
-			test -x $i && ./$i
+
+		for i in run retain clean sync; do
+			if test -x $i; then
+				./$i
+			else
+				${i}_default;
+			fi
 		done
 	)
 }
 
+run_default() {
+	restic-priv backup --files-from config/include --exclude-file config/exclude --exclude-caches
+}
+
+retain_default() {
+	restic forget --keep-daily 7 --keep-weekly 5 --keep-monthly 12 --keep-yearly 2
+}
+
+clean_default() {
+	restic check
+	restic prune
+}
+
+sync_default() {
+	if ! test -r config/sync; then
+		return
+	fi
+
+	while read -r target_spec; do
+		target=$(echo "$target_spec" | cut -f1)
+		limit=$(echo "$target_spec" | cut -sf2)
+
+		if test -n "$limit"; then
+			if test "$(du -s "$RESTIC_REPOSITORY" | cut -f1)" -gt "$limit"; then
+				printf "Warning: size threshold exceeded, skipping sync to %s\n" "$target/$LIFEBOAT_REPO_NAME"
+			else
+				sync_single "$target"
+			fi
+		else
+			sync_single "$target"
+		fi
+	done < config/sync
+}
+
+sync_single() {
+	rclone sync --transfers 20 --fast-list "$RESTIC_REPOSITORY" "$1/$LIFEBOAT_REPO_NAME"
+}
+
 rootdir=${LIFEBOAT_ROOT:-"/srv/backup/lifeboat"}
 
 test $# -lt 2 && usage
diff --git a/lifeboat.1 b/lifeboat.1
index 76837f4..5b4e904 100644
--- a/lifeboat.1
+++ b/lifeboat.1
@@ -42,34 +42,69 @@ In that directory, the program expects the following:
 A directory containing the actual
 .Xr restic 1
 repository.
+.It Sy config/include
+A file containing paths to include in the backup, one per line.
+See the
+.Em --files-from
+option in
+.Xr restic-backup 1 .
+.It Sy config/exclude
+A file containing paths that are excluded from the backup, one per line.
+See the
+.Em --exclude-file
+option in
+.Xr restic-backup 1 .
+.It Sy config/sync
+A file containing synchronization targets for
+.Xr rclone 1 ,
+one per line.
+The format for a synchronization target is the
+.Xr rclone 1
+destination, then optionally a tab character and a size limit in kibibytes.
 .It Sy credentials/restic
 A file containing the password for the
 .Xr restic 1
 repository.
 .It Sy run
-A shell script containing backup jobs.
-.It Sy post
-A shell script containing post-backup jobs, optional.
+A shell script containing backup jobs, optional
+.It Sy retain
+A shell script pruning old backups or enforcing retainment policies, optional.
+.It Sy clean
+A shell script containing cleanup jobs, optional.
 .It Sy sync
 A shell script containing synchronization jobs, optional.
 .El
 .Pp
-When
+If any of the optional scripts exist,
 .Nm
-is invoked with the
-.Em run
-command, it will change the current directory to the backup directory, and execute the
-.Em run
-script, followed by executing
-.Em post
+will execute those instead of its inbuilt defaults.
+.Pp
+By default,
+.Nm
+will honor the given include and exclude directives, retain 7 daily,
+5 weekly, 12 monthly, and 2 yearly backups,
+verify and clean up the repository using
+.Xr restic-check 1
 and
-.Em sync ,
-if they exist.
+.Xr restic-prune 1 ,
+and sync the repo to the given synchronization targets.
+.Pp
+Note that by default,
+.Nm
+will look for a binary named
+.Em restic-priv
+with which to run the backup job itself.
+As per upstream recommendation this is the restic binary with the
+.Em cap_dac_read_search
+capability set.
+This allows restic to access any file on the system without
+needing root permissions.
 .Sh ENVIRONMENT
 .Nm
 will export the following environment variables for use in the
 .Em run ,
-.Em post ,
+.Em retain ,
+.Em clean ,
 and
 .Em sync
 scripts: