#!/usr/bin/env nix-shell
#!nix-shell -i bash -p bash -p nettools -p openssh -p rsync -p sane-scripts.vpn

# rsync password auth doesn't work with rsync.net.
# ssh keyfile auth *does* work, so i use that.
# for setup, see: <https://www.rsync.net/resources/howto/ssh_keys.html>
# - requires my pubkey to be copied to .ssh/authorized_keys on the remote.

set -xeu

# secret should include RN_USER
source /run/secrets/rsync-net-env
RN_ID=/run/secrets/rsync-net-id_ed25519
PREFIX=$(hostname)

test -n "$PREFIX" && test -n "$RN_USER" && test -f "$RN_ID"

rc=
for dir in "$@"; do
  if [[ "$dir" != */ ]]; then
    dir="$dir/"
  fi
  remote_dir="$RN_USER@$RN_USER.rsync.net:$PREFIX$dir"

  now=$(date '+%s')
  echo "syncing '$dir' to '$remote_dir'"
  echo "$now" > "$dir"/zzz-rsync-net/last-attempted
  # N.B.: manual flags instead of `-a -> -rlptgoD` because device files have a max path length which is too restricted
  # TODO: add `sane-vpn do unmetered --`, after fixing pasta/sane-vpn to preserve capabilities + not create a new user namespace unconditionally.
  # until then, don't run over cellular!
  if rsync --exclude="$RN_ID" -e "ssh -i $RN_ID" --mkpath -rlptgov --delete "$dir" "$remote_dir"; then
    echo "$now" > "$dir"/zzz-rsync-net/last-completed
    rc=0$rc
  else
    rc=1
    echo "FAILED TO BACKUP $dir"
  fi
done

test -n "$rc" && exit $rc