got mounting working, added needed params to exmaple docker-compose

modified:   README.md
	deleted:    docker/README.md

.gitea/workflows/build_image.yaml

@@ -0,0 +1,31 @@
+#
+# .gitea/gitea-ci.yaml
+#
+
+name: Build And Test
+run-name: ${{ gitea.actor }} is runs ci pipeline
+on: [ push ]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: https://github.com/actions/checkout@v4
+      - name: Set up Docker Buildx
+        uses: https://github.com/docker/setup-buildx-action@v3
+        with:
+          config-inline: |
+            [registry."images.physi.uni-heidelberg.de"]
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: images.physi.uni-heidelberg.de/pibackup
+      - name: Build and push Docker image
+        uses: https://github.com/docker/build-push-action@v6
+        with:
+          context: ./docker
+          push: true
+          #tags: "images.physi.uni-heidelberg.de/pibackup,images.physi.uni-heidelberg.de/pibackup:latest"
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

README.md

@@ -1,8 +1,6 @@
 # Proxmox Backup Server: Client Docker
 
-[![Build and Publish Docker Image](https://github.com/Aterfax/pbs-client-docker/actions/workflows/docker-publish.yml/badge.svg)](https://github.com/Aterfax/pbs-client-docker/actions/workflows/docker-publish.yml)
-![Docker Image Size (tag)](https://img.shields.io/docker/image-size/aterfax/pbs-client/latest)
-![Docker Pulls](https://img.shields.io/docker/pulls/aterfax/pbs-client)
+![Build and Publish Docker Image](https://git.physi.uni-heidelberg.de/tmueller/pbs-client-docker/actions/workflows/build_image.yaml/badge.svg)
 
 ## **tl;dr?**
 
@@ -23,6 +21,7 @@ For more in depth instructions, see: [Using-the-DockerHub-provided-image](#Using
 
 ## Table of Contents
 
+- [PI Customs](#PI)
 - [Quickstart](#Quickstart)
 - [Configuration](#Configuration)
 - [FAQ](#FAQ)
@@ -30,6 +29,14 @@ For more in depth instructions, see: [Using-the-DockerHub-provided-image](#Using
 - [Contributing](#Contributing)
 - [License](#License)
 
+## PI
+
+### Changes
+
+Encryption can be turned off.
+Most of the Data is scientific related and does not contain any secrets and it would be a waste of ressources to encrypt that and loose the deduplication of it because older backups of similar data arent encrypted.
+For sensible data you can and should enable the encryption with its own set of keypairs and keep them stored seperate from the backups.
+
 ## Quickstart
 
 ### Prerequisites
@@ -81,9 +88,17 @@ The following environment variables can be configured to customize the behavior
 
 | Variable Name      | Default Docker Compose Value | Valid Values           | Description                                                                                                           |
 |--------------------|------------------------------|------------------------|-----------------------------------------------------------------------------------------------------------------------|
-| Variable Name      | Default Docker Compose Value | Valid Values           | Description                                                                                                           |
-
-
+| PBS_ENDPOINT       | none                         | fqdn                   | target PBS-server                                                                                                     |
+| PBS_FINGERPRINT    | none                         | XX:XX:XX:XX...         | your fringerprint of your pbs instance                                                                                |
+| PBS_DATASTORE      | none                         | string                 | name of your pbs datastore                                                                                            |
+| PBS_DATASTORE_ns   | none                         | string                 | name of your pbs namespace                                                                                            |
+| CRON_SCHEDULE      | none                         | * * * * *              | cron expression to define the shedule for backups                                                                     |
+| CRON_BACKUP_ONLY   | none                         | boolean                | controls if first backup will be done at the first start                                                              |
+| PBS_API_KEY_NAME or PBS_USER | none               | string                 | credentials for pbs either define an api token or specify user                                                        | 
+| PBS_API_KEY_SECRET or PBS_PASSWORD | none         | string                 | password or secret                                                                                                    |
+| TZ                 | none                         | IANA's time zone database long | Timezone to use for tuimestamps in backup                                                                     |
+| UNENCRYPTED        | 0                            | boolean                | disables encryption if set to 1                                                                                       |
+| CHANGE_DETECT_MODE | metadata                     | metadata, data, legacy | Let you choose the desired mode for detecting file changes between backups                                            |
 
 ## FAQ
 

docker-compose/.env.example

@@ -27,3 +27,6 @@ HEALTHCHECKSUUID="aa7b0de3-2c17-4fce-b051-388a5415e656"
 HEALTHCHECKSHOSTNAME="https://healthchecks.mydomain.com"
 
 TZ=Etc/UTC
+
+# Disable Encryption
+ENCRYPTION=1

docker-compose/docker-compose.yml

@@ -1,7 +1,6 @@
-version: '3.3'
 services:
   pbs-client:
-    image: aterfax/pbs-client
+    image: tmueller/pbs-client
     container_name: pbs-client
     hostname: pbs-client
     restart: unless-stopped
@@ -12,8 +11,17 @@ services:
       - /run:exec
     volumes:
       - ./pbsconfig/:/root/.config/proxmox-backup/
-      # Note - if you want to restore backups make sure to change to read write below.
-      # See the 'restore-backup' command inside the container.
       - ./backups/test1:/backups/test1:ro
       - ./backups/test2:/backups/test2:ro
       - ./backups/test3:/backups/test3:ro
+      - type: bind
+        source: /restore
+        target: /restore
+        bind:
+          propagation: rshared
+    cap_add:
+      - SYS_ADMIN
+    devices:
+      - /dev/fuse:/dev/fuse
+    security_opt:
+      - apparmor:unconfined

docker/src/helper_scripts/mount-backup

@@ -0,0 +1,73 @@
+#!/usr/bin/with-contenv bash
+# shellcheck shell=bash
+
+source /etc/s6-overlay/s6-rc.d/setup_check/run_include
+
+# We need to build this command in case namespaces are in use.
+MOUNTCMD="proxmox-backup-client mount"
+LISTCMD="proxmox-backup-client snapshot list"
+if [ -n "$PBS_DATASTORE_NS" ]; then
+    LISTCMD+=" --ns ${PBS_DATASTORE_NS}"
+    MOUNTCMD+=" --ns ${PBS_DATASTORE_NS}"
+fi
+LISTCMD+=" --output-format json"
+
+data=$(${LISTCMD})
+host_name=$(hostname)
+
+# Backups in einer nummerierten Liste ausgeben
+options=$(echo "$data" | jq -r --arg host "$host_name" '
+    .[] |
+    select(.["backup-id"] == $host) |
+    "\(.["backup-type"])/\($host)/\(.["backup-time"] | tonumber | strftime("%Y-%m-%dT%H:%M:%SZ"))"')
+
+# Array erstellen und anzeigen
+echo "Verfügbare Backups:"
+IFS=$'\n' read -d '' -r -a backups <<< "$options"
+for i in "${!backups[@]}"; do
+    echo "$((i + 1)). ${backups[i]}"
+done
+
+# Benutzereingabe für die Auswahl
+read -p "Wählen Sie ein Backup aus (Nummer eingeben): " selection
+
+# Überprüfen, ob die Eingabe gültig ist
+if [[ "$selection" -ge 1 && "$selection" -le "${#backups[@]}" ]]; then
+    selected_backup="${backups[$((selection - 1))]}"
+    MOUNTCMD+=" $selected_backup"
+    echo "Ausgewähltes Backup: $selected_backup"
+
+    # Dateien des ausgewählten Backups abrufen
+    backup_index=$((selection - 1))
+    files=$(echo "$data" | jq -r --argjson index "$backup_index" '
+        .[$index].files[].filename | select(test("\\.pxar.didx$|\\.mpxar.didx$"))')
+
+    # Dateien in einer nummerierten Liste ausgeben
+    echo "Verfügbare Dateien:"
+    IFS=$'\n' read -d '' -r -a file_list <<< "$files"
+    for i in "${!file_list[@]}"; do
+        echo "$((i + 1)). ${file_list[i]}"
+    done
+
+    # Benutzereingabe für die Dateiauswahl
+    read -p "Wählen Sie eine Datei aus (Nummer eingeben): " file_selection
+
+    # Überprüfen, ob die Eingabe gültig ist
+    if [[ "$file_selection" -ge 1 && "$file_selection" -le "${#file_list[@]}" ]]; then
+        selected_file="${file_list[$((file_selection - 1))]}"
+        MOUNTCMD+=" $selected_file"
+        echo "Ausgewählte Datei: $selected_file"
+        echo "DEBUG: $MOUNTCMD"
+        MOUNTCMD+=" /restore"
+        $(${MOUNTCMD})
+        echo "Dont forget to unmount when finished (just umount /path/on/the/host i.e. /restore)"
+    else
+        echo "Ungültige Auswahl. Abbruch."
+        exit 1
+    fi
+else
+    echo "Ungültige Auswahl. Abbruch."
+    exit 1
+fi
+
+

docker/src/s6-services/backup/run_include

@@ -47,6 +47,21 @@ if [ -n "$PBS_DATASTORE_NS" ]; then
     BACKUPCMD+=" --ns ${PBS_DATASTORE_NS}"
 fi
 
+# Add possibility to exlude paths
+if [ -n "$EXCLUDE" ]; then
+    IFS=', ' read -r -a array <<< "$EXCLUDE"
+    for element in "${array[@]}"
+    do
+        BACKUPCMD+=" --exclude ${element}"
+    done
+fi
+
+if [ -n "$CHANGE_DETECT_MODE" ]; then
+    BACKUPCMD+=" --change-detection-mode=${CHANGE_DETECT_MODE}"
+else
+    BACKUPCMD+=" --change-detection-mode=metadata"
+fi
+
 # Source the variables from the setup_check scripting include file.
 source /etc/s6-overlay/s6-rc.d/setup_check/run_include
 

docker/src/s6-services/cron-backup/run

@@ -32,7 +32,7 @@ fi
 
 CRONLOG_FILE="/root/.config/proxmox-backup/cron.log"
 CRON_FILE="/etc/cron.d/cron-backup"
-CRON_LINE="${CRON_SCHEDULE} root bash -c '/etc/s6-overlay/s6-rc.d/backup/run_include'  >> $CRONLOG_FILE 2>&1 "
+CRON_LINE="${CRON_SCHEDULE} root bash -c '/etc/s6-overlay/s6-rc.d/backup/run_include'  >> $CRONLOG_FILE || curl -d \"Archsync failed\" ntfy-server/pbs 2>&1"
 TIMEOUT=60
 
 touch "${CRONLOG_FILE}"

docker/src/s6-services/key_setup/run

@@ -26,25 +26,29 @@ master_public_keyfile="/root/.config/proxmox-backup/master-public.pem"
 
 expect="/usr/bin/expect"
 
-# Check if client encryption keyfile exists and do stuff.
-if [ -f "$client_encryption_keyfile" ]; then
-    echo "Client encryption keyfile exists. Skipping client encryption keyfile creation."
+if [ "$UNENCRYPTED" = "1" ]; then
+        echo "Encryption set to false not gonna create any Keys."
 else
-    echo "Client encryption keyfile does not exist. Creating new client encryption keyfile."
-    $expect /etc/s6-overlay/s6-rc.d/key_setup/client_key
-fi
-
-# Check if both Master keyfiles exist and do stuff.
-if [ -f "$master_private_keyfile" ] && [ -f "$master_public_keyfile" ]; then
-    echo "Both master private and public keys exist. Skipping client Master keyfiles creation."
-    
-elif [ ! -f "$master_private_keyfile" ] && [ ! -f "$master_public_keyfile" ]; then
-    echo "Both master private and public keys do not exist. Creating master keyfiles new pair."
-    cd /root/.config/proxmox-backup/ && $expect /etc/s6-overlay/s6-rc.d/key_setup/client_master_key
-    
-elif [ ! -f "$master_private_keyfile" ] || [ ! -f "$master_public_keyfile" ]; then
-    echo "One of the master keyfiles is missing. Error! User intervention required. Ensure correct files present, or remove both: \n"
-    echo "$master_private_keyfile \n"
-    echo "$master_oublic_keyfile \n"
-    echo "To allow for automatic key recreation."
+    # Check if client encryption keyfile exists and do stuff.
+    if [ -f "$client_encryption_keyfile" ]; then
+        echo "Client encryption keyfile exists. Skipping client encryption keyfile creation."
+    else
+        echo "Client encryption keyfile does not exist. Creating new client encryption keyfile."
+        $expect /etc/s6-overlay/s6-rc.d/key_setup/client_key
+    fi
+
+    # Check if both Master keyfiles exist and do stuff.
+    if [ -f "$master_private_keyfile" ] && [ -f "$master_public_keyfile" ]; then
+        echo "Both master private and public keys exist. Skipping client Master keyfiles creation."
+        
+    elif [ ! -f "$master_private_keyfile" ] && [ ! -f "$master_public_keyfile" ]; then
+        echo "Both master private and public keys do not exist. Creating master keyfiles new pair."
+        cd /root/.config/proxmox-backup/ && $expect /etc/s6-overlay/s6-rc.d/key_setup/client_master_key
+        
+    elif [ ! -f "$master_private_keyfile" ] || [ ! -f "$master_public_keyfile" ]; then
+        echo "One of the master keyfiles is missing. Error! User intervention required. Ensure correct files present, or remove both: \n"
+        echo "$master_private_keyfile \n"
+        echo "$master_oublic_keyfile \n"
+        echo "To allow for automatic key recreation."
+    fi
 fi

docker/src/s6-services/setup_check/run_include

@@ -30,8 +30,15 @@ if [ -z "$PBS_PASSWORD" ]; then
     exit 1
 fi
 
+if [ -n "$UNENCRYPTED" ]; then
+    UNENCRYPTED="${UNENCRYPTED}"
+else
+    UNENCRYPTED="0"
+fi
+
 HEALTHCHECKSURL="${HEALTHCHECKSHOSTNAME}/ping/${HEALTHCHECKSUUID}"
 
+export UNENCRYPTED
 export HEALTHCHECKSURL="${HEALTHCHECKSURL}"
 export PBS_PASSWORD="${PBS_PASSWORD}"
 export PBS_REPOSITORY="${PBS_USER}@${PBS_ENDPOINT}:${PBS_DATASTORE}"