From e5e764ca416f29bcb51b42ac313b3f52f0ced9d9 Mon Sep 17 00:00:00 2001 From: lasimik Date: Mon, 17 May 2021 01:05:48 +0000 Subject: [PATCH] Delete 'README.md' --- README.md | 156 ------------------------------------------------------ 1 file changed, 156 deletions(-) delete mode 100644 README.md diff --git a/README.md b/README.md deleted file mode 100644 index e4c8898..0000000 --- a/README.md +++ /dev/null @@ -1,156 +0,0 @@ -# Desktop notifications from borgmatic when it is run from systemd - -How to set up desktop notifications to an arbitrary user, while borgmatic is automatically run from a systemd timer. That implies a Linux machine, of course. - -This includes workarounds for current (borgmatic 1.5.13, borg 1.1.16) limitations of borg/borgmatic. They may or may not be necessary in the future. This HowTo was written on 2021-05-17, some downloaded files may have changed since then. - --- - -The following needs to be set up for the notifications: - -- - -### In the systemd timer -The template from the borgmatic site (the`borgmatic.timer`) is fine, insert a string for `Description=…`, and set the `[Timer]` section if not already done. No special changes here. - -- - - -### In the systemd service -Again, the template from the borgmatic site (the `borgmatic.service`) is good, but needs an essential change: - -The line `CapabilityBoundingSet=…` must give the additional capabilities `AP_SETUID `and `CAP_SETGID`. This will allow borgmatic (and whatever is called from it!!) to impersonate a different user (other than root). - -*_This means a softening of security settings._ Make sure all permissions on borgmatic and scripts are set correctly!* - -- - -### In the borgmatic config - -#### Notifications directly from borgmatic -A notification sent by borgmatic itself is set in its `config.yaml` for each hook, impersonating (`sudo -u`) the target user with their user name (`NAME`) and user id (`UID`). (This is what the additional capabilities in the `timer` were needed for.) `NAME` and `UID` can be looked up with `userdbctl`. - -(Note: If the display is not ":0", the web knows a way to find the right value. This is not covered here.) - -The `notify-send` command sets the urgency of the notifications, and sends a headline and a body text. The latter may include (very rudimentary) HTML formatting (to varying degrees, depending on the desktop). In the `config.yaml` it looks like this (replace `NAME` and `UID`): - -``` -hooks: - before_backup: - - sudo -u NAME DISPLAY=:0 DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/UID/bus notify-send --urgency=normal 'Headline' 'Body text goes here.' - ``` - (Note: The config file is in YAML, you cannot use the shell line continuation (" \\"). And use spaces, not tabs.) - - - - - #### Notifications from a script - Borgmatic calls an executable script that can do more magic and send the notifications in the same way as explained above. - - ``` - hooks: - on_error: - - /etc/borgmatic/notify-error.sh "{configuration_filename}" "{repository}" "{error}" "{output}" - ``` - (Note: The placeholders (`{configuration_filename}`, `{repository}`, `{error}`, and `{output}`) are not all supported under all hooks.) - - (Note: Some scripts from the web can send notifications to *all* users. Also not covered here.) - - The notification command in the script: - - ``` - #!/usr/bin/bash - - sudo -u NAME DISPLAY=:0 \ - DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/UID/bus \ - notify-send --urgency=normal 'Headline' 'Body text goes here.'` - ``` - (Note: Line continuation and the use of variables make complexer notifications substantially easier to set up than in `config.yaml`.) - - --- - - ### Example for Overdue Backups Alert - #### In the borgmatic config - To know when the last complete backup was made, even if there is no connection to the repository, the date and time needs to be stored locally (here in a `last-successful-backup` file), after every successful backup (hook `after_backup`). - - This example uses date and time of the last *complete* backup. Borgmatic does not supply this in a placeholder, so it is identified with `borgmatic list --successful --last 1`, returning only date and time (`--format {time}`) and without control characters (`--no-color `), then the header line is skipped (`sed -n 2p`), and the timezone (that the borgmatic return lacks) is appended (`date +'%:z'`). - - It's a good idea to store this value together with the other files for that repository, so `/root/{repository}` would be nice. Unfortunately, `{repository}` is not resolved within borgmatic; the path must be manually copied from the top of the config file. - - If an error occurs during backup, a script (here, `notify-error.sh`) will read that date and time and do the subsequent processing. - - Example for a remote repository: - - ``` - location: - repositories: - - BackupUser@BackupServer:/path/to/repository - ... - hooks: - after_backup: - - echo "$(borgmatic list --successful --last 1 --format {time} --no-color | sed -n 2p) $(date +'%:z')" \ - > "/root/BackupUser@BackupServer:/path/to/repository/last-successful-backup" - ... - on_error: - - /etc/borgmatic/notify-error.sh "{configuration_filename}" "{repository}" "{error}" "{output}" - ``` - Note: Inside the quotes of `echo …` we can use line continuation (" \") for better readability. - - #### The notification script - For easy date and time calculations, this script makes use of `dateutils`. It will send slightly different notifications, depending on the age of the last successful backup: - - ``` - #!/usr/bin/bash - - # Notifies user of overdue borgmatic backups. - - # Is called by borgmatic on errors during a prune, create, or check action as - # /etc/borgmatic/notify.sh "{configuration_filename}" "{repository}" "{error}" "{output}" - - # Requires: dateutils - - - # set user to be notified (find name and id with userdbctl) - NOTIFYUSER=XXXXX - NOTIFYUSERID=NNNN - - # read date of last successful backup, get current datetime - LASTBACKUP=$(<"/root/BackupUser@BackupServer:/path/to/repository/last-successful-backup") - NOW=$(date +'%F %H:%M %Z') - - # time calculations: backup age... - # ...in full hours for branching by age - BACKUPAGEHOURS=$(datediff -i "%a, %F %T %Z" -f "%rH" \ - "$LASTBACKUP" now) - # ...as string for notifications, with removal of zero values - BACKUPAGESTRING=$(datediff -i "%a, %F %T %Z" -f "%rY years %rm months %rw weeks %rd days %rH hours %rM minutes" \ - "$LASTBACKUP" now | sed -E 's/(0 years |0 months |0 weeks |0 days |0 hours)//g') - - # set message text - NOTIFYTEXT="Backup attempted $NOW. - Last full backup: $BACKUPAGESTRING ago. - Error details (more info in systemd journal): - ⚫ Configuration file - $1 - ⚫ Repository - $2 - ⚫ Command output - $4 - ⚫ Error Message - $3" - - - # different actions depending on backup age - if [ "$BACKUPAGEHOURS" -gt 72 ] # backup is older than 72 hours - then - sudo -u "$NOTIFYUSER" DISPLAY=:0 "DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/$NOTIFYUSERID/bus" \ - notify-send --urgency=critical 'Borgmatic Backup SERIOUSLY OVERDUE!' "$NOTIFYTEXT" - elif [ "$BACKUPAGEHOURS" -gt 24 ] # backup is older than 24 hours - then - sudo -u "$NOTIFYUSER" DISPLAY=:0 "DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/$NOTIFYUSERID/bus" \ - notify-send --urgency=critical 'Borgmatic Backup Overdue' "$NOTIFYTEXT" - else # backup age is 24 hours or less - sudo -u "$NOTIFYUSER" DISPLAY=:0 "DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/$NOTIFYUSERID/bus" \ - notify-send --urgency=critical "Borgmatic Backup Failed" "$NOTIFYTEXT" - fi - ``` - \ No newline at end of file