Timemachine/cloud-sync
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
aba64722920287b64808c57c448e3337e0cd7bd2
cloud-sync/cloud_sync/sync.py
T
claude-timemachine fe26ed309c
CI / test (3.10) (push) Successful in 8s
Details
CI / test (3.11) (push) Successful in 6s
Details
CI / test (3.12) (push) Successful in 7s
Details
CI / build-pyz (push) Successful in 4s
Details
CI / release (push) Has been skipped
Details
feat(ui): Qt progress window with Prism-Launcher-inspired dark palette 
cloud-sync now ships a real Qt UI alongside the tkinter fallback.

Architecture:
  - HeadlessProgress: --no-gui path, plain stdout
  - TkProgressWindow: stdlib fallback when Qt isn't installed
  - QtProgressWindow: preferred path; supports both PySide6 and PyQt6
    (interchangeable APIs for our subset)

The factory in ui.py picks Qt → tkinter → headless. Tk stays so the
zipapp still works on bare Python with no extras.

Threading: QApplication runs on the main thread (started by run_with
via QDialog.exec). The restic worker runs on a daemon threading.Thread.
Cross-thread UI updates go via a Signal on a bridge QObject so Qt
auto-marshals them onto the main thread via a queued connection.

Cancellation: WM close + Cancel button both set a flag. sync.pull/push
pass ui.is_cancelled as restic.run's cancel_check; the subprocess gets
killed and returns -1 → exit 1.

Theme: Fusion style + Prism's dark palette (RGB values copied as facts
from PrismLauncher's DarkTheme.cpp). Override with PRISM_THEME=off.

Pyz size went 20 KB → 36 KB (added ui.py + ui_qt.py).
33 tests still green.
2026-06-04 23:12:58 +02:00

164 lines
5.1 KiB
Python
Raw Blame History

"""pull + push entry points.
Both subprocess restic against ``rest:<scheme>://<id>:<password>@<host>/<id>/``
where the password is HTTP basic auth ONLY. Restic repos are initialised with
``--insecure-no-password`` so no encryption-at-rest password exists; protection
relies on:
1. TLS in transit at the reverse proxy
2. ``--private-repos`` + htpasswd per user at restic-rest-server
3. ``--append-only`` to prevent client-side deletion
4. Disk-level encryption (LUKS) on the host
Defense-in-depth via repo encryption was dropped because the threat model
(homelab, operator-trusted) doesn't justify the password-coordination cost.
"""
from __future__ import annotations
import sys
import urllib.parse
from pathlib import Path
from . import restic, scope as scopemod
from .cli import Args
from .creds import read_credentials
from .ui import HeadlessProgress, Progress
def pull(args: Args, progress: Progress | None = None) -> int:
"""Restore latest snapshot's files into pack_folder.
If the repo has no snapshots yet, this is a no-op (first run on this
machine; nothing to restore).
"""
ui = progress or HeadlessProgress()
ui.set_status("Reading credentials…")
discord_id, password = read_credentials(args.token_file)
ui.set_status("Resolving restic binary…")
binary = restic.resolve_binary(args)
repo = _restic_repo(args.url, discord_id, password)
env = _restic_env()
ui.set_status("Checking remote snapshots…")
code, out = restic.run(
binary,
["-r", repo, "--insecure-no-password", "snapshots", "--json", "--latest", "1"],
env=env,
cancel_check=ui.is_cancelled,
)
if code == -1:
return 1
if code != 0:
print(
f"cloud-sync: failed to list snapshots (restic exit {code})",
file=sys.stderr,
)
return 2
stripped = out.strip()
if stripped in ("", "null", "[]"):
ui.set_status("No snapshots yet — nothing to pull")
print(
"cloud-sync: no snapshots yet for this user "
"(first run on this machine?); nothing to pull"
)
return 0
scope = scopemod.load(args.pack_folder)
_, exclude_from = scopemod.materialize_for_restic(args.pack_folder, scope)
ui.set_status("Restoring files…")
code, _ = restic.run(
binary,
[
"-r", repo, "--insecure-no-password",
"restore", "latest",
"--target", str(args.pack_folder),
"--exclude-file", str(exclude_from),
],
env=env,
cancel_check=ui.is_cancelled,
)
if code == -1:
return 1
if code != 0:
print(f"cloud-sync: restic restore failed (exit {code})", file=sys.stderr)
return 2
ui.set_status("Pull complete")
print("cloud-sync: pull ok")
return 0
def push(args: Args, progress: Progress | None = None) -> int:
"""Snapshot the in-scope files into the user's repo."""
ui = progress or HeadlessProgress()
ui.set_status("Reading credentials…")
discord_id, password = read_credentials(args.token_file)
ui.set_status("Resolving restic binary…")
binary = restic.resolve_binary(args)
repo = _restic_repo(args.url, discord_id, password)
env = _restic_env()
scope = scopemod.load(args.pack_folder)
files_from, exclude_from = scopemod.materialize_for_restic(args.pack_folder, scope)
ui.set_status("Uploading snapshot…")
code, _ = restic.run(
binary,
[
"-r", repo, "--insecure-no-password",
"backup",
"--files-from", str(files_from),
"--exclude-file", str(exclude_from),
"--host", "cloud-sync",
"--tag", "auto",
],
env=env,
cwd=args.pack_folder,
cancel_check=ui.is_cancelled,
)
if code == -1:
return 1
if code != 0:
print(f"cloud-sync: restic backup failed (exit {code})", file=sys.stderr)
return 2
ui.set_status("Push complete")
print("cloud-sync: push ok")
return 0
# ---------------------------------------------------------------------------
# helpers
# ---------------------------------------------------------------------------
def _restic_repo(base_url: str, discord_id: str, password: str) -> str:
"""Build rest:<scheme>://<id>:<pw>@<host>/<id>/
URL-embedded basic auth is universally supported by restic; alternative
env vars (RESTIC_REST_USERNAME, RESTIC_REST_PASSWORD) require 0.16+.
"""
raw = base_url.strip()
if raw.startswith("rest:"):
raw = raw[len("rest:"):]
raw = raw.rstrip("/")
scheme_end = raw.find("://")
if scheme_end <= 0:
raise ValueError(
f"--url must include scheme (http:// or https://): {base_url!r}"
)
scheme = raw[: scheme_end + 3]
host_and_path = raw[scheme_end + 3 :]
u = urllib.parse.quote(discord_id, safe="")
p = urllib.parse.quote(password, safe="")
return f"rest:{scheme}{u}:{p}@{host_and_path}/{discord_id}/"
def _restic_env() -> dict[str, str]:
return {
# No RESTIC_PASSWORD — repos use --insecure-no-password.
"RESTIC_PROGRESS_FPS": "0",
}
Reference in New Issue View Git Blame Copy Permalink