From c8239571de0a74ef245dad9aa6762afaaf36ae4a Mon Sep 17 00:00:00 2001
From: Udo Waechter <udo@maketank.net>
Date: Fri, 21 Nov 2025 13:27:07 +0100
Subject: [PATCH] starting disk when borg runs

---
 roles/_handlers/handlers/main.yaml            |  5 ++-
 .../backup_server/files/backup-disk-onoff.py  | 39 +++++++------------
 .../files/backup-disk-onoff@.service          |  2 +-
 roles/backup_server/files/backup-disks.sh     | 29 --------------
 .../files/sshd-borg-start-backupdisk.conf     |  3 ++
 roles/backup_server/tasks/main.yaml           | 21 +++++++++-
 6 files changed, 39 insertions(+), 60 deletions(-)
 delete mode 100644 roles/backup_server/files/backup-disks.sh
 create mode 100644 roles/backup_server/files/sshd-borg-start-backupdisk.conf

diff --git a/roles/_handlers/handlers/main.yaml b/roles/_handlers/handlers/main.yaml
index 0295242..531e562 100644
--- a/roles/_handlers/handlers/main.yaml
+++ b/roles/_handlers/handlers/main.yaml
@@ -1,12 +1,13 @@
 - name: reload systemd
   command: systemctl daemon-reload
   
-  
+- name: reload sshd
+  command: systemctl reload sshd
+
 - name: Restart NGINX
   service:
     name: nginx
     state: restarted
     
-    
 - name: Run APT update
   command: apt update -y
\ No newline at end of file
diff --git a/roles/backup_server/files/backup-disk-onoff.py b/roles/backup_server/files/backup-disk-onoff.py
index 9c8cef8..56f04ce 100644
--- a/roles/backup_server/files/backup-disk-onoff.py
+++ b/roles/backup_server/files/backup-disk-onoff.py
@@ -5,6 +5,11 @@ import sys
 import paho.mqtt.client as mqtt
 import time
 
+def check_backup_vg():
+    result = subprocess.run(["vgdisplay", "-cA"], stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True, check=True)
+    vgdisplay_output = result.stdout.strip().split("\n")
+    return any(line.split(":")[0].strip() == "backup" for line in vgdisplay_output)
+
 def send_mqtt_message(topic, payload):
     client = mqtt.Client(mqtt.CallbackAPIVersion.VERSION2)  # Use the latest API version
     client.connect("mqtt.chaos", 1883, 60)
@@ -57,44 +62,26 @@ for unit in running_units:
     print(f"  - {unit['unit']}: {unit['description']}")
 
 # Send MQTT message based on mode
-if mode == "on" or (mode == "off" and running_units):
-    # Send ON MQTT message
+if mode == "on":
     print(f"Turning backup Disk ON")
     send_mqtt_message("switch_backup/switch/switch_backup_power/command", "on")
     time.sleep(15)
-    # ON case: Send ON message after waiting 5 seconds and running vgchange -ay backup if needed
-    if mode == "on":
-        # Check if 'backup' VG is active
+    if not check_backup_vg():
         try:
-            result = subprocess.run(
-                ["vgdisplay", "-cA"],
-                stdout=subprocess.PIPE,
-                stderr=subprocess.PIPE,
-                text=True,
-                check=True
-            )
-            vgdisplay_output = result.stdout.strip().split("\n")
-            print(f"vgdisplay: {vgdisplay_output}")
-            backup_present = any(line.split(":")[0].strip() == "backup" for line in vgdisplay_output)
-            print(f"backup VG active? {backup_present}")
-            if not backup_present:
-                try:
-                    print(f"Activating VG backup")
-                    subprocess.run(["vgchange", "-ay", "backup"], check=True)
-                except subprocess.CalledProcessError as e:
-                    print(f"Error executing vgchange: {e.stderr}")
-                    exit(1)
+            print(f"Activating VG backup")
+            subprocess.run(["vgchange", "-ay", "backup"], check=True)
         except subprocess.CalledProcessError as e:
-            print(f"Error executing vgdisplay: {e.stderr}")
+            print(f"Error executing vgchange: {e.stderr}")
             exit(1)
 else:
     # OFF case: Only execute if nothing is mounted
-    if not running_units:
+    if not running_units and check_backup_vg():
         print(f"Turning backup Disk OFF")
         subprocess.run(["sync"], check=True)
         try:
             subprocess.run(["vgchange", "-an", "backup"], check=True)
+            subprocess.run(["sync"], check=True)
         except subprocess.CalledProcessError as e:
             print(f"Error executing vgchange: {e.stderr}")
             exit(1)
-        send_mqtt_message("switch_backup/switch/switch_backup_power/command", "off")
\ No newline at end of file
+        send_mqtt_message("switch_backup/switch/switch_backup_power/command", "off")
diff --git a/roles/backup_server/files/backup-disk-onoff@.service b/roles/backup_server/files/backup-disk-onoff@.service
index f1d404f..9248275 100644
--- a/roles/backup_server/files/backup-disk-onoff@.service
+++ b/roles/backup_server/files/backup-disk-onoff@.service
@@ -4,8 +4,8 @@ After=network.target
 
 [Service]
 Type=oneshot
+RemainAfterExit=no
 ExecStart=/usr/local/bin/backup-disk-onoff.py %I
-RemainAfterExit=yes
 
 [Install]
 WantedBy=timers.target
\ No newline at end of file
diff --git a/roles/backup_server/files/backup-disks.sh b/roles/backup_server/files/backup-disks.sh
deleted file mode 100644
index 4f6ea9f..0000000
--- a/roles/backup_server/files/backup-disks.sh
+++ /dev/null
@@ -1,29 +0,0 @@
-#!/usr/bin/bash
-#
-#set -Eeuo pipefail
-#
-MQTT='mosquitto_pub -h mqtt.chaos -t switch_backup/switch'
-BASEDIR="/backup"
-
-
-#${MQTT}/debug -m "ARGS: \"$@\""
-
-#check for an unmount event
-if [[ "$@" == "CHECK-MOUNTS-AND-SHUTDOWN" ]]; then
-	OPEN_FILES=$(lsof ${BASEDIR}/* |grep -c ${BASEDIR})
-	[[ ${OPEN_FILES} -eq 0 ]] && umount ${BASEDIR}/*
-	MOUNTS=$(grep -e ${BASEDIR} /proc/self/mounts | grep -v autofs -c)
-	[[ ${MOUNTS} -gt 0 ]] &&  exit 0 #We still have mounts
-	#No mounts left, shutdown disk
-	vgchange -an backup >/dev/null
-	sync
-	sleep 5
-	${MQTT}/switch_backup_power/command -m OFF
-	exit 0
-fi
-#default case, echo mount string for autofs
-${MQTT}/switch_backup_power/command -m ON
-sleep 15 
-vgchange -ay backup >/dev/null
-
-echo "-fstype=btrfs,defaults,compress=lzo :/dev/backup/${1}"
diff --git a/roles/backup_server/files/sshd-borg-start-backupdisk.conf b/roles/backup_server/files/sshd-borg-start-backupdisk.conf
new file mode 100644
index 0000000..27a5939
--- /dev/null
+++ b/roles/backup_server/files/sshd-borg-start-backupdisk.conf
@@ -0,0 +1,3 @@
+#Ansible
+Match User borg
+    ForceCommand /bin/bash -c 'sudo /usr/local/bin/backup-disk-onoff.py on >/dev/null; borg serve'
\ No newline at end of file
diff --git a/roles/backup_server/tasks/main.yaml b/roles/backup_server/tasks/main.yaml
index c874678..8d0a9b0 100644
--- a/roles/backup_server/tasks/main.yaml
+++ b/roles/backup_server/tasks/main.yaml
@@ -18,8 +18,7 @@
             Type: btrfs
             Options: defaults,compress=lzo,space_cache=v2
           Unit:
-            After: network.target backup-disk-onoff@on.service
-            Requires: backup-disk-onoff@on.service
+            After: network.target
           Install:
             WantedBy: network.target
     catena_automount:
@@ -70,5 +69,23 @@
         name: backup-disk-off.timer
         enabled: true
         state: started
+
+# Setup ssh and sudo
+- name: Allow borg user to start disk
+  community.general.sudoers:
+    name: borg-start-disk
+    nopassword: true
+    user: borg
+    commands:
+      - /usr/local/bin/backup-disk-onoff.py
+
+- name: start disk on login
+  copy:
+    dest: /etc/ssh/sshd_config.d/borg-start-backupdisk.conf
+    src: sshd-borg-start-backupdisk.conf
+  notify: reload sshd
+
+    
+
   
         
\ No newline at end of file