Release 6.0.0 - See CHANGELOG.md

tiredofit · Dec 5, 2022 · 7e1dbc1 · 7e1dbc1
1 parent 7a7b978
commit 7e1dbc1
Show file tree

Hide file tree

Showing 9 changed files with 223 additions and 173 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,21 @@
+## 6.0.0 2022-12-05 <dave at tiredofit dot ca>
+
+This introduces breaking changes due to the deprecation of the BACKUPPC_UUID and BACKUPPC_GID environment variables. They have now been replaced with USER_BACKUPPC and GROUP_BACKUPPC respectively.
+Additionally, the defaults for volume mappings is going to change in an upcoming release. This release introduces the capabilities of altering them from current locations
+
+   ### Added
+      - Introduce CONFIG_PATH, DATA_PATH, LOG_PATH, SSH_KEY_PATH for customization on where you want to store bits related to this image. See README or code for defaults
+      - Switch to using container base image User and Group ID modifications (USER_BACKUPPC + GROUP_BACKUPPC)
+
+   ### Changed
+      - Rework Dockerfile to cleanup issues relating to installation, home directory creation (#13)
+      - Rework container initialization scripts splitting into functions / modernizing to latest tiredfoit base image
+
+   ### Reverted
+      - Removal of BACKUPPC_UUID variable (see New features for replacement)
+      - Removal of BACKUPPC_GUID variable (see new features for replacement)
+
+
 ## 5.3.16 2022-12-01 <dave at tiredofit dot ca>
 
    ### Changed

diff --git a/Dockerfile b/Dockerfile
@@ -13,7 +13,11 @@ ENV BACKUPPC_VERSION=${BACKUPPC_VERSION:-"4.4.0"} \
     BACKUPPC_XS_VERSION=${BACKUPPC_XS_VERSION:-"0.62"} \
     PAR2_VERSION=${PAR2_VERSION:-"v0.8.0"} \
     RSYNC_BPC_VERSION=${RSYNC_BPC_VERSION:-"3.1.3.0"} \
+    CONTAINER_ENABLE_PERMISSIONS=TRUE \
+    USER_BACKUPPC=1000 \
+    GROUP_BACKUPPC=1000 \
     NGINX_ENABLE_CREATE_SAMPLE_HTML=FALSE \
+    NGINX_LISTEN_PORT=80 \
     NGINX_USER=backuppc \
     NGINX_GROUP=backuppc \
     NGINX_SITE_ENABLED=backuppc \
@@ -23,6 +27,13 @@ ENV BACKUPPC_VERSION=${BACKUPPC_VERSION:-"4.4.0"} \
 
 RUN source /assets/functions/00-container && \
     set -x && \
+    addgroup -S -g ${GROUP_BACKUPPC} backuppc && \
+    adduser -D \
+            -S \
+            -h /home/backuppc \
+            -s /sbin/nologin -G backuppc -g "backuppc" -u ${USER_BACKUPPC} backuppc \
+             && \
+    addgroup zabbix backuppc && \
     package update && \
     package upgrade && \
     package install .backuppc-build-deps \
@@ -65,56 +76,43 @@ RUN source /assets/functions/00-container && \
                 ttf-dejavu \
                 && \
     \
-    # Install Perl Modules not included in package
     cpanm -M https://cpan.metacpan.org install \
-    Net::FTP \
-    Net::FTP::AutoReconnect \
-    && \
+            Net::FTP \
+            Net::FTP::AutoReconnect \
+            && \
     \
-    # Compile and install Parallel BZIP
     mkdir -p /usr/src/pbzip2 && \
     curl -ssL https://launchpad.net/pbzip2/1.1/1.1.13/+download/pbzip2-1.1.13.tar.gz | tar xvfz - --strip=1 -C /usr/src/pbzip2 && \
     cd /usr/src/pbzip2 && \
     make -j$(nproc)&& \
     make install && \
     \
-    # Compile and install BackupPC:XS
     clone_git_repo https://github.com/backuppc/backuppc-xs.git ${BACKUPPC_XS_VERSION} && \
     perl Makefile.PL && \
     make -j$(nproc)&& \
     make test && \
     make install && \
     \
-    # Compile and install Rsync (BPC version)
     clone_git_repo https://github.com/backuppc/rsync-bpc.git ${RSYNC_BPC_VERSION} && \
     ./configure && \
     make reconfigure && \
     make -j$(nproc)&& \
     make install && \
     \
-    # Compile and install PAR2
     clone_git_repo https://github.com/Parchive/par2cmdline.git ${PAR2_VERSION} && \
     ./automake.sh && \
     ./configure && \
     make -j$(nproc)&& \
     make check && \
     make install && \
     \
-    # Get BackupPC, it will be installed at runtime to allow dynamic upgrade of existing config/pool
-    curl -o /usr/src/BackupPC-$BACKUPPC_VERSION.tar.gz -L https://github.com/backuppc/backuppc/releases/download/$BACKUPPC_VERSION/BackupPC-$BACKUPPC_VERSION.tar.gz && \
+    mkdir -p /assets/install && \
+    curl -sSL https://github.com/backuppc/backuppc/releases/download/$BACKUPPC_VERSION/BackupPC-$BACKUPPC_VERSION.tar.gz | tar xvfz - --strip 1 -C /assets/install && \
     \
-    # Prepare backuppc home
-    mkdir -p /home/backuppc && \
-    \
-    # Mark the docker as not runned yet, to allow entrypoint to do its stuff
-    touch /firstrun && \
-    \
-    # Cleanup
     package remove .backuppc-build-deps && \
     package cleanup && \
     rm -rf /root/.cpanm \
            /tmp/* \
-           /usr/src/* \
-           /tmp/*
+           /usr/src/*
 
 COPY install/ /
diff --git a/LICENSE b/LICENSE
@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2021 Dave Conroy
+Copyright (c) 2022 Dave Conroy
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

diff --git a/README.md b/README.md
@@ -10,7 +10,7 @@
 * * *
 
 ## About
-This will build a Docker image for [BackupPC](https://backuppc.github.io/backuppc/) - A backup system.
+This will build a Docker image for [BackupPC](https://backuppc.github.io/backuppc/) - A highly performant backup system.
 
 ## Maintainer
 - [Dave Conroy](https://github.com/tiredofit)
@@ -25,11 +25,11 @@ This will build a Docker image for [BackupPC](https://backuppc.github.io/backupp
   - [Shell Access](#shell-access)
 
 ## Prerequisites and Assumptions
-*  Assumes you are using some sort of SSL terminating reverse proxy such as:
-   *  [Traefik](https://github.com/tiredofit/docker-traefik)
-   *  [Nginx](https://github.com/jc21/nginx-proxy-manager)
-   *  [Caddy](https://github.com/caddyserver/caddy)
-* Make sure there is adequate storage available to perform deduplicated backups!
+-  Assumes you are using some sort of SSL terminating reverse proxy such as:
+   -  [Traefik](https://github.com/tiredofit/docker-traefik)
+   -  [Nginx](https://github.com/jc21/nginx-proxy-manager)
+   -  [Caddy](https://github.com/caddyserver/caddy)
+- Make sure there is adequate storage available to perform deduplicated backups!
 
 
 ## Installation
@@ -66,12 +66,12 @@ The following image tags are available along with their tagged release based on
 
 The following directories are used for configuration and can be mapped for persistent storage.
 
-| Directory           | Description                                       |
-| ------------------- | ------------------------------------------------- |
-| `/var/lib/backuppc` | The backed up Data                                |
-| `/etc/backuppc`     | Configuration Files                               |
-| `/home/backuppc`    | Home Directory for Backuppc (SSH Keys)            |
-| `/www/logs`         | Logfiles for Nginx, Supervisord, BackupPC, Zabbix |
+| Directory           | Description                            |
+| ------------------- | -------------------------------------- |
+| `/etc/backuppc`     | Configuration Files                    |
+| `/home/backuppc`    | Home Directory for Backuppc (SSH Keys) |
+| `/var/lib/backuppc` | The backed up Data                     |
+| `/www/logs`         | Logfiles for Nginx, BackupPC           |
 
 ### Environment Variables
 
@@ -86,14 +86,21 @@ Be sure to view the following repositories to understand all the customizable op
 | [OS Base](https://github.com/tiredofit/docker-alpine/) | Customized Image based on Alpine Linux |
 | [Nginx](https://github.com/tiredofit/docker-nginx/)    | Nginx webserver                        |
 
-| Variable        | Description                                |
-| --------------- | ------------------------------------------ |
-| `BACKUPPC_UUID` | The uid for the backuppc user e.g. `10000` |
-| `BACKUPPC_GUID` | The gid for the backuppc user e.g. `10000` |
+#### Container Options
+
+| Variable         | Description                            | Default                |
+| ---------------- | -------------------------------------- | ---------------------- |
+| `USER_BACKUPPC`  | The uid for the backuppc user  | `1000`                 |
+| `GROUP_BACKUPPC` | The gid for the backuppc user | `1000`                 |
+| `CONFIG_PATH`    | BackupPC Configuration Files           | `/etc/backuppc`        |
+| `DATA_PATH`      | BackupPC data backups                  | `/var/lib/backuppc`    |
+| `LOG_PATH`       | Logfiles for BackupPC                  | `/www/logs/backuppc`   |
+| `SSH_KEYS_PATH`  | SSH Keys Path                          | `/home/.backuppc/.ssh` |
+
 
 #### Authentication
 
-By default, this image does not use authentication. This is definitely not recommended on a production environment! Based on the environment variables from the Nginx Base Image you can set them here:
+By default, this image does not use authentication. This is definitely not recommended on a production environment! Based on the environment variables from the [Nginx Base Image](https://github.com/tiredofit/docker-nginx/) you can set them here:
 
 It's highly recommend you set at minimum:
 
@@ -131,6 +138,7 @@ When working with `NGINX_AUTHENTICATION_LLNG_ATTRIBUTE2` you will need to omit a
 #### SMTP Options
 
 See the [MSMTP Configuration Options](https://marlam.de/msmtp/msmtp.html) for further information on options to configure MSMTP.
+
 | Parameter             | Description                                       | Default         |
 | --------------------- | ------------------------------------------------- | --------------- |
 | `SMTP_AUTO_FROM`      | Add setting to support sending through Gmail SMTP | `FALSE`         |
@@ -144,6 +152,7 @@ See the [MSMTP Configuration Options](https://marlam.de/msmtp/msmtp.html) for fu
 | `SMTP_TLS`            | Use TLS                                           | `FALSE`         |
 | `SMTP_STARTTLS`       | Start TLS from within session                     | `FALSE`         |
 | `SMTP_TLSCERTCHECK`   | Check remote certificate                          | `FALSE`         |
+
 ### Networking
 
 The following ports are exposed and available to public interfaces
@@ -160,15 +169,18 @@ The following ports are exposed and available to public interfaces
 
 For debugging and maintenance purposes you may want access the containers shell.
 
-``bash
+````bash
 docker exec -it (whatever your container name is) bash
-``
+````
+
 ## Support
 
 These images were built to serve a specific need in a production environment and gradually have had more functionality added based on requests from the community.
+
 ### Usage
 - The [Discussions board](../../discussions) is a great place for working with the community on tips and tricks of using this image.
 - Consider [sponsoring me](https://github.com/sponsors/tiredofit) personalized support.
+
 ### Bugfixes
 - Please, submit a [Bug Report](issues/new) if something isn't working as expected. I'll do my best to issue a fix in short order.
 

diff --git a/examples/docker-compose.yml b/examples/docker-compose.yml
@@ -1,30 +1,27 @@
-version: '3.7'
+version: '2.4'
 services:
 
   backuppc-app:
     image: tiredofit/backuppc
     container_name: backuppc-app
     labels:
       - traefik.enable=true
-      - traefik.frontend.rule=Host:backuppc.example.com
-      - traefik.port=80
-      - traefik.protocol=http
-      - traefik.docker.network=proxy
-      - traefik.backend=backuppc-app
+      - traefik.http.routers.backuppc.rule=Host(`backuppc.example.com`)
+      - traefik.http.services.backuppc.loadbalancer.server.port=80
     volumes:
       - ./data:/var/lib/backuppc
       - ./conf/etc/:/etc/backuppc
       - ./conf/home/:/home/backuppc
       - ./logs:/www/logs
     environment:
       - CONTAINER_NAME=backuppc-app
-      - BACKUPPC_UUID=10000
-      - BACKUPPC_GUID=10000
-      
+      - USER_BACKUPPC=1000
+      - GROUP_BACKUPPC=1000
+
       - NGINX_AUTHENTICATION_TYPE=BASIC
       - NGINX_AUTHENTICATION_BASIC_USER1=backuppc
       - NGINX_AUTHENTICATION_BASIC_PASS1=backuppc
-      - DEBUG_MODE=TRUE
+      - DEBUG_MODE=FALSE
     networks:
       - proxy
       - services

diff --git a/install/assets/defaults/20-backuppc b/install/assets/defaults/20-backuppc
@@ -1,5 +1,7 @@
 #!/command/with-contenv bash
 
 BACKUPPC_ADMIN_USER=${BACKUPPC_ADMIN_USER:-"backuppc"}
-BACKUPPC_UUID=${BACKUPPC_UUID:-1000}
-BACKUPPC_GUID=${BACKUPPC_GUID:-1000}
+CONFIG_PATH=${CONFIG_PATH:-"/etc/backuppc/"}
+DATA_PATH=${DATA_PATH:-"/var/lib/backuppc/"}
+LOG_PATH=${LOG_PATH:-"/www/logs/"}
+SSH_KEYS_PATH=${SSH_KEYS_PATH:-"/home/backuppc/.ssh"}
diff --git a/install/assets/functions/20-backuppc b/install/assets/functions/20-backuppc
@@ -0,0 +1,70 @@
+#!/command/with-contenv bash
+
+bootstrap_filesystem() {
+    print_debug "[bootstrap_filesystem] Creating Configuration directory"
+    if [ ! -d "${CONFIG_PATH}" ]; then
+        mkdir -p "${CONFIG_PATH}"
+    fi
+    if [ "$(stat -c '%u' "${CONFIG_PATH}")" != "$(id -u backuppc)" ] ; then chown -R backuppc:backuppc "${CONFIG_PATH}" ; fi
+    if dir_empty "${CONFIG_PATH}" ; then
+        print_notice "[bootstrap_filesystem] Detected New Installation - Generating default configuration"
+    fi
+
+    print_debug "[bootstrap_filesystem] Creating Configuration directory"
+    if [ ! -d "${DATA_PATH}" ]; then
+        mkdir -p "${DATA_PATH}"
+    fi
+    if [ "$(stat -c '%u' "${DATA_PATH}")" != "$(id -u backuppc)" ] ; then chown backuppc:backuppc "${DATA_PATH}" ; fi
+
+
+    print_debug "[bootstrap_filesystem] Creating SSH Keys directory"
+    if [ ! -d "${SSH_KEYS_PATH}" ]; then
+        mkdir -p "${SSH_KEYS_PATH}"
+    fi
+
+    if [ "$(stat -c '%u' "${SSH_KEYS_PATH}")" != "$(id -u backuppc)" ] ; then chown -R backuppc:backuppc "${SSH_KEYS_PATH}" ; fi
+    if [ "$(stat -c '%a' "${SSH_KEYS_PATH}")" != "700" ] ; then chmod 700 "${SSH_KEYS_PATH}" ; fi
+    if [[ "${SSH_KEYS_PATH}" =~ "/home/backupppc".* ]] ; then
+        if [ "$(stat -c '%u' "/home/backuppc")" != "$(id -u backuppc)" ] ; then chown -R backuppc:backuppc "/home/backuppc" ; fi
+    fi
+    if [ ! -d "/home/backuppc/.ssh" ] ; then
+        ln -sf "${SSH_KEYS_PATH}" /home/backuppc/.ssh
+    fi
+
+    print_debug "[bootstrap_filesystem] Creating Logfiles"
+    if [ ! -d "${LOG_PATH}" ]; then
+        mkdir -p "${LOG_PATH}"
+    fi
+    if [ "$(stat -c '%u' "${LOG_PATH}")" != "$(id -u backuppc)" ] ; then chown -R backuppc:backuppc "${LOG_PATH}" ; fi
+}
+
+configure_ui() {
+    sed -ie "s/^\$Conf{CgiAdminUsers}\s*=\s*'\w*'/\$Conf{CgiAdminUsers} = 'backuppc'/g" "${CONFIG_PATH}"/config.pl
+}
+
+generate_ssh_keys() {
+    if [ ! -f "${SSH_KEYS_PATH}"/id_rsa ]; then
+        print_notice "[generate_ssh_keys] Creating RSA SSH key"
+        silent su backuppc -s /bin/sh -c "ssh-keygen -t rsa -b 4096 -N '' -f ${SSH_KEYS_PATH}/id_rsa"
+    fi
+
+    if [ ! -f "${SSH_KEYS_PATH}"/id_ed25519 ]; then
+        print_notice "[generate_ssh_keys] Creating ed25519 SSH key"
+        silent su backuppc -s /bin/sh -c "ssh-keygen -t ed25519 -o -a 100 -q -N '' -f ${SSH_KEYS_PATH}/id_ed25519"
+    fi
+}
+
+install_backuppc() {
+    print_debug "[install_backuppc] Installing BackupPC ${BACKUPPC_VERSION}"
+    cd /assets/install || exit
+    silent perl configure.pl \
+        --batch \
+        --config-dir "${CONFIG_PATH}" \
+        --cgi-dir /www/cgi-bin/BackupPC \
+        --data-dir "${DATA_PATH}" \
+        --hostname localhost \
+        --html-dir /www/html/BackupPC \
+        --html-dir-url /BackupPC \
+        --install-dir /usr/local/BackupPC \
+        --log-dir "${LOG_PATH}"
+}