#!/bin/bash
#
# This configuration file was auto-generated by the Puppet configuration
# management system. Any changes you make to this file will be overwritten
# the next time Puppet runs. Please make configuration changes to this
# service in Puppet.
#
# TODO: custom log file

BACKUP_FOLDER="<%= @directory %>"
FULL_IF_OLDER_THAN="<%= @full_if_older_than %>"
REMOVE_OLDER_THAN="<%= @remove_older_than %>"
REMOVE_ALL_BUT_N_FULL="<%= @remove_all_but_n_full %>"
ENCRYPT_KEY="<%= @encryptkey %>"
SIGN_KEY="<%= @encryptkey %>"
<% @exclude_unencrypted.each do |del| -%>
EXCLUDE="$EXCLUDE --exclude <%= del %>"
<% end -%>
<% @include_unencrypted.each do |add| -%>
INCLUDE="$INCLUDE --include <%= add %>"
<% end -%>

# some systems have a limited /tmp folder
TMP="/var/tmp"
mkdir -p $TMP

export PASSPHRASE='<%= @password %>'
mkdir -p $BACKUP_FOLDER

# adds support for checking the existing backup
if [ "$1" == "--check" ]; then
  duplicity collection-status file:////$BACKUP_FOLDER
else
  # cleanup any previous broken backups
  duplicity cleanup file:////$BACKUP_FOLDER --force

  # remove dangling lockfiles
  if [ -z "`pidof duplicity`" ]; then
    rm /root/.cache/duplicity/*/lockfile.lock
  fi

  # it's important to let $EXCLUDE come before $INCLUDE to
  # have greater precedence; see duplicity(1) for more info
  duplicity -v6 --full-if-older-than $FULL_IF_OLDER_THAN                    \
            --tempdir $TMP --encrypt-key $ENCRYPT_KEY --sign-key $SIGN_KEY  \
            --exclude $TMP $EXCLUDE $INCLUDE --exclude '**' / file:////$BACKUP_FOLDER

  if [ "$?" != "0" ]; then
    fatal "Duplicity backup failed."
  fi

  duplicity remove-older-than $REMOVE_OLDER_THAN file:////$BACKUP_FOLDER --force || exit 1
  duplicity remove-all-but-n-full $REMOVE_ALL_BUT_N_FULL file:////$BACKUP_FOLDER --force || exit 1

  if [ "$?" != "0" ]; then
    fatal "Removal of old backups failed."
  fi
fi