-
Hey, I'm currently trying to switch to resticprofile from a custom systemd setup with the goal of making it reusable across machines. I therefore want to put the base configuration into version control and customize it per machine with a file that contains secrets and potentially overrides some of the base. The way I tried this was to create a version = "1"
includes = ["config.toml"]
[shared]
[shared.backup]
source = "/"
password-command = "echo {{ $PASSWORD }}"
run-after-fail = "echo failed"
[rest]
inherit = "shared"
repository = "{{ $REST_URL }}"
[local]
inherit = "shared"
repository = "local:/mnt/backup-{{ .Profile.Name }}/restic"
run-before = [
"echo mounting /mnt/backup-{{ .Profile.Name }}",
"mkdir -p /mnt/backup-{{ .Profile.Name }}",
"mount /dev/disk/by-uuid/{{ $LOCAL_BACKUP_UUID }} /mnt/backup-{{ .Profile.Name }}"
]
run-finally = [
"echo unmounting /mnt/backup-{{ .Profile.Name }}",
"umount /mnt/backup-{{ .Profile.Name }}"
] And a corresponding
But this doesn't seem to work at all. Is there a nice way to implement this? |
Beta Was this translation helpful? Give feedback.
Replies: 5 comments 2 replies
-
Hi! Thanks for your message 😄 This is very much of the chicken and egg problem. Either we resolve the templates before the resulting TOML, or we try to parse the TOML before resolving the templates. In that case, we do parse the template before the TOML (which contain the In the meantime, you can use environment variables as such:
version = "1"
includes = ["config.toml"]
[shared]
[shared.backup]
source = "/"
password-command = "echo {{ .Env.PASSWORD }}"
run-after-fail = "echo failed"
[rest]
inherit = "shared"
repository = "{{ .Env.REST_URL }}"
[local]
inherit = "shared"
repository = "local:/mnt/backup-{{ .Profile.Name }}/restic"
run-before = [
"echo mounting /mnt/backup-{{ .Profile.Name }}",
"mkdir -p /mnt/backup-{{ .Profile.Name }}",
"mount /dev/disk/by-uuid/{{ .Env.LOCAL_BACKUP_UUID }} /mnt/backup-{{ .Profile.Name }}"
]
run-finally = [
"echo unmounting /mnt/backup-{{ .Profile.Name }}",
"umount /mnt/backup-{{ .Profile.Name }}"
] At that stage the template doesn't care if the environment variable is empty, the syntax is valid. These variables will be populated when merging the configuration after the
version = "1"
[shared.env]
PASSWORD = "1234"
REST_URL = "rest:some_url_with_password"
LOCAL_BACKUP_UUID = "1234"
Alternatively you can try to use the mixins 😄 |
Beta Was this translation helpful? Give feedback.
-
No sorry, it looks like I was wrong 🤔
I think at this stage, these are very unlikely to change much. Many people are using them already 👍🏻 |
Beta Was this translation helpful? Give feedback.
-
I found a trick: as opposed to local variables, go templates are all resolved together. To make it work, we have to declare a template before using it. The main
version = "1"
includes = ["config.toml"]
{{define "PASSWORD"}}1234{{end}}
{{define "REST_URL"}}rest:some_url_with_password{{end}}
{{define "LOCAL_BACKUP_UUID"}}1234{{end}}
version = "1"
[shared]
[shared.backup]
source = "/"
password-command = "echo {{template "PASSWORD"}}"
run-after-fail = "echo failed"
[rest]
inherit = "shared"
repository = "{{template "REST_URL"}}"
[local]
inherit = "shared"
repository = "local:/mnt/backup-{{ .Profile.Name }}/restic"
run-before = [
"echo mounting /mnt/backup-{{ .Profile.Name }}",
"mkdir -p /mnt/backup-{{ .Profile.Name }}",
"mount /dev/disk/by-uuid/{{template "LOCAL_BACKUP_UUID"}} /mnt/backup-{{ .Profile.Name }}"
]
run-finally = [
"echo unmounting /mnt/backup-{{ .Profile.Name }}",
"umount /mnt/backup-{{ .Profile.Name }}"
] |
Beta Was this translation helpful? Give feedback.
-
@Toizi, just for your info,
does echo (or run if echo is removed):
See also: https://restic.readthedocs.io/en/latest/040_backup.html#environment-variables |
Beta Was this translation helpful? Give feedback.
-
Thank you both @creativeprojects and @jkellerer. Inspired by your suggestions I improved the I'll mark the last suggestion by @jkellerer as the answer since that's really the simplest approach if injecting secrets is the main goal. |
Beta Was this translation helpful? Give feedback.
@Toizi, just for your info,
restic
and custom command hooks interpret environment variables, therefore:does echo (or run if echo is removed):
See also: https://restic.readthedocs.io/en/latest/040_backup.html#environment-variables