Client/Server mode: sending configuration profile to a remote server

[creativeprojects]

Work in progress

Proof of concept on how to send a configuration profile to a remote server (along necessary files like exclude list, restic password, etc.)

Suggestion of connection type:

• SSH: secure connection (would be the default)
• HTTP: basic http connection to be used within a VPN (do we want to provide that?)
• mTLS: secure connection with client/server certificates

SSH connection doesn't need to have a resticprofile server waiting for connections. The two other types would need to.

New commands:

• send: connects to a remote via SSH and push the specified configuration
• serve: serves configuration files (⚠️ no authentication, no encryption)

New flag:

• -r / --remote: download configuration files from the endpoint then run using the downloaded configuration (only). can be used with -w / --wait to inspect the mounted FS.

Other security consideration

Ideally we want the remote clients to never save the configuration that was pushed to them. They run the backup and forget everything about it.

• We could send a tar/zip file and the remote resticprofile opens a FUSE filesystem for restic to read all the configuration files from.
• The files are in memory only
• ~We should investigate how to ask the kernel not to swap the file contents~ <- doesn't seem to be possible in Go

Configuration

New entries in the configuration could look like:

# we don't need to specify a version as it could be a separate configuration file

remotes:
  remote-server:
    connection: ssh
    host: remote.example.com
    username: backup
    private-key: /home/user/.ssh/id_rsa
    known-hosts: /home/user/.ssh/known_hosts
    binary-path: /home/user/.bin/resticprofile
    configuration-file: ./dev.yaml
    profile-name: backup-root
    send-files:
      - ./key
      - ./excludes

  local:
    connection: http
    host: localhost:10001
    pre-shared-key: "super-secret-shhhhtt" # we could provide AES encryption?
    configuration-file: ./dev.yaml
    send-files:
      - ./key
      - ./excludes

  other:
    connection: mtls
    host: other-client.example.com:10003
    certificate: client.pem
    private-key: private.pem
    configuration-file: ./dev.yaml
    send-files:
      - ./key
      - ./excludes

Implementation details:

• I've chosen to open a redirected port inside the SSH connection to transfer the files. I suppose it could also be done using the unix pipes.
• in order to avoid saving the remotely loaded files to disk, I'm using afero to create a virtual disk in memory. I also looked at os/fs but it forbids using any rooted path, which sounds like it would be a massive refactoring.
• use go-fuse library to create a filesystem in memory from a tar stream (not sure how it's going to work on Windows yet)
• I was thinking about using this package to protect the backup configuration from a memory dump but as it is sent to restic, restic would need to implement the same protection

Demo of working SSH mode (logs from both the initiator and the remote)

% go run . -v -c examples/private/remotes.yml send vps01 backup
2024/07/04 21:16:44 resticprofile 0.28.0-dev compiled with go1.22.4 darwin/amd64
2024/07/04 21:16:44 loading: examples/private/remotes.yml
2024/07/04 21:16:44 files in configuration are relative to "examples/private"
2024/07/04 21:16:44 memory available: 6362MB
2024/07/04 21:16:44 using restic 0.16.4
2024/07/04 21:16:44 send: this command is experimental and its behaviour may change in the future
2024/07/04 21:16:44 file examples/key: written 25 bytes
2024/07/04 21:16:44 file examples/excludes: written 9 bytes
2024/07/04 21:16:44 file examples/root-excludes: written 5 bytes
2024/07/04 21:16:44 file examples/private/linux.yaml: written 3271 bytes
2024/07/04 21:16:44 manifest written 117 bytes
2024/07/04 21:16:44 resticprofile 0.28.0-dev compiled with go1.22.4 linux/amd64
2024/07/04 21:16:44 downloading file key (25 bytes)
2024/07/04 21:16:44 downloading file excludes (9 bytes)
2024/07/04 21:16:44 downloading file root-excludes (5 bytes)
2024/07/04 21:16:44 downloading file linux.yaml (3271 bytes)
2024/07/04 21:16:44 downloading manifest (117 bytes)
2024/07/04 21:16:44 mounting filesystem at /tmp/resticprofile-a02db72c
2024/07/04 21:16:44 loading: linux.yaml
2024/07/04 21:16:45 memory available: 2177MB
2024/07/04 21:16:45 setting process group priority to 10
2024/07/04 21:16:45 using restic 0.16.4
2024/07/04 21:16:45 the configuration contains relative "path" items which may lead to unstable results in restic commands that select snapshots. Consider using absolute paths in "path" (and "source"), set "base-dir" or "source-base" in the profile or use "tag" instead of "path" (path = false) to select snapshots for restic commands.
Affected paths are:
> path (from source) "~/go/src/github.com/creativeprojects/resticprofile" changes to "/home/user/go/src/github.com/creativeprojects/resticprofile"
2024/07/04 21:16:45 profile 'src': initializing repository (if not existing)
2024/07/04 21:16:45 command environment: reusing previous
2024/07/04 21:16:45 starting command: /usr/local/bin/restic init --password-file=key --repo=/tmp/backup/src --verbose=1
2024/07/04 21:16:45 profile 'src': checking repository consistency
2024/07/04 21:16:45 command environment: reusing previous
2024/07/04 21:16:45 starting command: /usr/local/bin/restic check --password-file=key --repo=/tmp/backup/src --verbose=1
using temporary cache in /tmp/restic-check-cache-4062915075
repository bdb1baa2 opened (version 2, compression level auto)
created new cache in /tmp/restic-check-cache-4062915075
create exclusive lock for repository
load indexes
[0:00] 100.00%  2 / 2 index files loaded
check all packs
check snapshots, trees and blobs
[0:00] 100.00%  5 / 5 snapshots
no errors were found
2024/07/04 21:16:45 profile 'src': starting 'backup'
2024/07/04 21:16:45 command environment: reusing previous
2024/07/04 21:16:45 starting command: /usr/local/bin/restic backup --exclude="/**/.git" --exclude-caches --password-file=key --repo=/tmp/backup/src --tag=test --tag=dev --verbose=1 /home/user/go/src/github.com/creativeprojects/resticprofile
open repository
repository bdb1baa2 opened (version 2, compression level auto)
lock repository
using parent snapshot 0a330d22
load index files

start scan on [/home/user/go/src/github.com/creativeprojects/resticprofile]
start backup on [/home/user/go/src/github.com/creativeprojects/resticprofile]
scan finished in 4.191s: 2359 files, 1.234 GiB

Files:           0 new,     0 changed,  2359 unmodified
Dirs:            0 new,     0 changed,   475 unmodified
Data Blobs:      0 new
Tree Blobs:      0 new
Added to the repository: 0 B   (0 B   stored)

processed 2359 files, 1.234 GiB in 0:04
snapshot 48c1f687 saved
2024/07/04 21:16:50 profile 'src': finished 'backup'
2024/07/04 21:16:50 profile 'src': cleaning up repository using retention information
2024/07/04 21:16:50 command environment: reusing previous
2024/07/04 21:16:50 starting command: /usr/local/bin/restic forget --keep-within=30d --password-file=key --path=/home/user/go/src/github.com/creativeprojects/resticprofile --prune --repo=/tmp/backup/src --verbose=1
repository bdb1baa2 opened (version 2, compression level auto)
Applying Policy: keep all snapshots within 30d of the newest
snapshots for (host [vps01], paths [/home/user/go/src/github.com/creativeprojects/resticprofile]):
keep 2 snapshots:
ID        Time                 Host        Tags        Reasons     Paths
----------------------------------------------------------------------------------------------------------------------------------
37789b1e  2024-07-04 21:01:15  vps01       test,dev    within 30d  /home/user/go/src/github.com/creativeprojects/resticprofile
48c1f687  2024-07-04 21:16:45  vps01       test,dev    within 30d  /home/user/go/src/github.com/creativeprojects/resticprofile
----------------------------------------------------------------------------------------------------------------------------------
2 snapshots

2024/07/04 21:16:51 unmounting filesystem
%

More information

Discussion here: https://github.com/creativeprojects/resticprofile/issues/69

[coderabbitai[bot]]

[!IMPORTANT]

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

- [X](https://twitter.com/intent/tweet?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A&url=https%3A//coderabbit.ai) - [Mastodon](https://mastodon.social/share?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A%20https%3A%2F%2Fcoderabbit.ai) - [Reddit](https://www.reddit.com/submit?title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&text=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code.%20Check%20it%20out%3A%20https%3A//coderabbit.ai) - [LinkedIn](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fcoderabbit.ai&mini=true&title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&summary=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code)

Tips

### Chat There are 3 ways to chat with [CodeRabbit](https://coderabbit.ai): - Review comments: Directly reply to a review comment made by CodeRabbit. Example: - `I pushed a fix in commit .` - `Generate unit testing code for this file.` - `Open a follow-up GitHub issue for this discussion.` - Files and specific lines of code (under the "Files changed" tab): Tag `@coderabbitai` in a new review comment at the desired location with your query. Examples: - `@coderabbitai generate unit testing code for this file.` - `@coderabbitai modularize this function.` - PR comments: Tag `@coderabbitai` in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples: - `@coderabbitai generate interesting stats about this repository and render them as a table.` - `@coderabbitai show all the console.log statements in this repository.` - `@coderabbitai read src/utils.ts and generate unit testing code.` - `@coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.` - `@coderabbitai help me debug CodeRabbit configuration file.` Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. ### CodeRabbit Commands (invoked as PR comments) - `@coderabbitai pause` to pause the reviews on a PR. - `@coderabbitai resume` to resume the paused reviews. - `@coderabbitai review` to trigger an incremental review. This is useful when automatic reviews are disabled for the repository. - `@coderabbitai full review` to do a full review from scratch and review all the files again. - `@coderabbitai summary` to regenerate the summary of the PR. - `@coderabbitai resolve` resolve all the CodeRabbit review comments. - `@coderabbitai configuration` to show the current CodeRabbit configuration for the repository. - `@coderabbitai help` to get help. Additionally, you can add `@coderabbitai ignore` anywhere in the PR description to prevent this PR from being reviewed. ### CodeRabbit Configuration File (`.coderabbit.yaml`) - You can programmatically configure CodeRabbit by adding a `.coderabbit.yaml` file to the root of your repository. - Please see the [configuration documentation](https://docs.coderabbit.ai/guides/configure-coderabbit) for more information. - If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: `# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json` ### Documentation and Community - Visit our [Documentation](https://coderabbit.ai/docs) for detailed information on how to use CodeRabbit. - Join our [Discord Community](https://discord.com/invite/GsXnASn26c) to get help, request features, and share feedback. - Follow us on [X/Twitter](https://twitter.com/coderabbitai) for updates and announcements.

[codecov[bot]]

Codecov Report

Attention: Patch coverage is 21.92817% with 413 lines in your changes missing coverage. Please review.

Project coverage is 70.24%. Comparing base (ccccfa2) to head (5d698ec). Report is 1 commits behind head on master.

Files	Patch %	Lines
ssh/ssh.go	0.00%	97 Missing :warning:
remote.go	0.00%	79 Missing :warning:
remote/tar.go	0.00%	57 Missing :warning:
serve.go	0.00%	53 Missing :warning:
send.go	0.00%	49 Missing :warning:
ssh/config.go	0.00%	23 Missing :warning:
fuse/memfs.go	75.41%	14 Missing and 1 partial :warning:
config/remote.go	0.00%	14 Missing :warning:
config/config.go	21.43%	11 Missing :warning:
fuse/file.go	33.33%	8 Missing :warning:
... and 5 more

Additional details and impacted files

```diff @@ Coverage Diff @@ ## master #377 +/- ## ========================================== - Coverage 72.24% 70.24% -2.00% ========================================== Files 127 139 +12 Lines 12925 13432 +507 ========================================== + Hits 9337 9434 +97 - Misses 3160 3567 +407 - Partials 428 431 +3 ``` | [Flag](https://app.codecov.io/gh/creativeprojects/resticprofile/pull/377/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Fred) | Coverage Δ | | |---|---|---| | [unittests](https://app.codecov.io/gh/creativeprojects/resticprofile/pull/377/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Fred) | `70.24% <21.93%> (-2.00%)` | :arrow_down: | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Fred#carryforward-flags-in-the-pull-request-comment) to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

[creativeprojects]

I got a fully working proof of concept for the SSH mode 🎉

What do you think @jkellerer ?

SSH mode should be secure enough:

• we transfer the configuration files inside a SSH tunnel
• we never save the configuration files on the other end

Obviously it still needs more work and also unit tests.

We'll see for the other modes later (with the security concerns)

[jkellerer]

will check it. Was a bit busy these days :)