#
# Cookbook Name:: backup
# Recipe:: default
#
# Copyright 2012, Appcache Ltd / 5apps.com
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files (the
# "Software"), to deal in the Software without restriction, including
# without limitation the rights to use, copy, modify, merge, publish,
# distribute, sublicense, and/or sell copies of the Software, and to
# permit persons to whom the Software is furnished to do so, subject to
# the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

build_essential 'backup gem'

# Don't try to install packages on older Ubuntu, the repositories are 404
package ["ruby", "ruby-dev"] if node[:platform_version].to_f >= 16.04

gem_package 'backup' do
  version '5.0.0.beta.2'
end

backup_data = Chef::EncryptedDataBagItem.load('credentials', 'backup')
backup_dir = node["backup"]["dir"]
directory backup_dir
directory "#{backup_dir}/models"
directory "#{backup_dir}/log"

template "#{backup_dir}/config.rb" do
  source    "config.rb.erb"
  mode      0640
  sensitive true
  variables s3_access_key_id: backup_data["s3_access_key_id"],
            s3_secret_access_key: backup_data["s3_secret_access_key"],
            s3_region: backup_data["s3_region"],
            encryption_password: backup_data["encryption_password"],
            mail_to: "ops@5apps.com",
            mail_from: "backups@kosmos.org"
end

template "#{backup_dir}/models/default.rb" do
  source    "backup.rb.erb"
  mode      0640
end

cron "default backup model" do
  hour node['backup']['cron']['hour']
  minute node['backup']['cron']['minute']
  command "/usr/bin/env HOME=/root /bin/sh -l -c '/usr/local/bin/backup perform -t default --root-path #{backup_dir} >> /var/log/backup.log 2>&1'"
end

include_recipe 'logrotate'
# Install MySQL client (includes mysqldump)
mysql_client 'default' do
  action :create
  version '5.7' if node[:platform_version].to_f == 18.04
  not_if { node["backup"]["mysql"]["databases"].empty? }
end

# Write the credentials file to allow dumps without password for the root
# user (https://dev.mysql.com/doc/refman/5.7/en/option-files.html)
file "/root/.my.cnf" do
  mode "600"
  content lazy { <<-EOF
[client]
user=#{node["backup"]["mysql"]["username"]}
password=#{node["backup"]["mysql"]["password"]}
  EOF
  }
  not_if { node["backup"]["mysql"]["password"].nil? }
end

logrotate_app 'backup' do
  path '/var/log/backup.log'
  frequency 'daily'
  rotate 10
  create '640 root root'
end