#!/bin/sh
# Nico Schottelius, 2024-09-18, Deokso
# Mainly written for my notebooks

set -x

# Run before: restic -r s3:${endpoint}/${bucket_name}/restic init

name=nico
endpoint=s3.k8s.place5.ungleich.ch

export KUBECONFIG=~/k8s/p5-admin.conf

bucket_name=$(kubectl -n rook-ceph get configmap -o yaml ${name}-bucket-claim | yq .data.BUCKET_NAME)

export AWS_ACCESS_KEY_ID=$(kubectl -n rook-ceph get secrets -o yaml ${name}-bucket-claim | yq .data.AWS_ACCESS_KEY_ID | base64 -d ; echo "")
export AWS_SECRET_ACCESS_KEY=$(kubectl -n rook-ceph get secrets -o yaml ${name}-bucket-claim | yq .data.AWS_SECRET_ACCESS_KEY | base64 -d ; echo "")


repo=s3:${endpoint}/${bucket_name}/restic

export RESTIC_PASSWORD="$(pass git co nico-privat >/dev/null 2>&1; pass notebook/restic-password)"

# Allow sing restic directly
if [ $# -ge 1 ]; then
    restic -r ${repo} "$@"
else
    restic -r ${repo} backup \
       --exclude ~/Nextcloud \
       --exclude ~/Downloads \
       --exclude ~/movies/ \
       --exclude ~/.cdist \
       --exclude ~/.cache \
       --exclude ~/.config/**/cache \
       --exclude ~/.config/**/logs \
       ~/

    restic -r ${repo} forget --keep-last 20 --prune
fi