rest-server icon indicating copy to clipboard operation
rest-server copied to clipboard
verified publisher icon restic

WIP: Add configuration file

Open wojas opened this issue 5 years ago • 4 comments

What is the purpose of this change? What does it change?

This implements a YAML config file mechanism for rest-server. See #139 for details.

Was the change discussed in an issue or in the forum before?

Closes #139 (config file) Closes #94 (TLS hot reload) Closes #74 (per-user config overrides) TODO: Closes #73 (TLS client auth): still need to actually use the client TLS info

Try it out

To build this branch, you need git and a recent Go compiler installed and run the following:

git clone -b config-file https://github.com/wojas/rest-server.git
cd rest-server
go build -o rest-server ./cmd/rest-server

You will then have a rest-server binary in this directory.

Checklist

  • [x] I have enabled maintainer edits for this PR
  • [ ] I have added tests for all changes in this PR
  • [ ] I have added documentation for the changes (in the manual)
  • [ ] There's a new file in changelog/unreleased/ that describes the changes for our users (template here)
  • [x] I have run gofmt on the code in all commits
  • [x] All commit messages are formatted in the same style as the other commits in the repo
  • [ ] I'm done, this Pull Request is ready for review

wojas avatar Jan 08 '21 12:01 wojas

I am willing to update this PR to the latest version of restic if there is interest in merging this.

wojas avatar Oct 30 '24 08:10 wojas

@wojas Please update to the latest version, if you could find time - even if there is no apparent interest in merging, there is definitely interest in using it.

And thank you for such a nice feature 👍

aldem avatar Jan 04 '25 01:01 aldem

Some friends and I had a tackle at rebasing this patch to master on my fork We are not golang devs, so we just fumbled our way through and it took about about 3h30m to get there :D There is still a few things to work out (such as loading in the correct config file path with args) but setting append_only or private_repos under specific users seems to work. This paves the way to adding per user quotas or creating maintenance users that can do the prune and forget remotely without having the encryption keys stored with the backup server accessing the files directly possible. (mentioned in https://github.com/restic/rest-server/issues/74)

In the coming days I'll open another PR once i've figured out the little things

theraspb3rry avatar Jun 03 '25 15:06 theraspb3rry

This would be huge if it were merged. Among other things using --append-only on an untrusted rest-server is a mess, since prune needs to be done by a separate user. Which currently means everyone has to cobble together their own solutions for running a repo under two server instances, while also making sure they don't conflict in a way that risks data loss. Having a nice example page we could just tweak and drop into docker/podman would be incredible. Plus it would probably save a ton of time onboarding new users & sharing config recipes.

didgerer avatar Oct 26 '25 08:10 didgerer