add: document asset tags, prepare unifi asset export archive

.github/workflows/golang.yml

@@ -8,7 +8,7 @@ jobs:
   build:
     strategy:
       matrix:
-        go-version: [1.22]
+        go-version: [1.23]
         os: [ubuntu-latest, macos-latest, windows-latest]
     env:
       CGO_ENABLED: 0

README.md

@@ -107,10 +107,9 @@ see opnborg-prometheus-grafana.nix
 - OPN_APIKEY           - OPNsense Backup User APIKEY [string, base64 encoded]
 - OPN_APISECRET        - OPNsense Backup User APISECRET [string, base64 encoded]
 - OPN_TARGETS          - list of OPNSense Target Server to Backup [string, hostnames, comma separated] [optional: add asset-tag, via # as seprator for each host]
-- OPN_TARGETS_*        - alternative: custom groups for OPNSense Target server [example: OPN_TARGETS_INTRANET="opn-int-01.lan:8443,..."]
+- OPN_TARGETS_*        - alternative: custom groups for OPNSense Target server [example: OPN_TARGETS_INTRANET="opn-int-01.lan:8443,..."], add a '#' after hostname for asset tags
 - OPN_TARGETS_IMGURL_* - alternative: custom image url for customs groups within WebUI [example: OPN_TARGETS_IMGURL_INTRANET="https://paepcke.de/img/intra.png"]
 
-
 # Optional
 - OPN_PATH        - specify a target path (absolut or releative) to store backups [string: defaults to '.']
 - OPN_TLSKEYPIN   - OPNsense TLS MitM proof Certificate Keypin [string]
@@ -147,6 +146,7 @@ see opnborg-prometheus-grafana.nix
 - OPN_UNIFI_BACKUP_USER   - Unifi Backup User Account
 - OPN_UNIFI_BACKUP_SECRET - Unifi Backup User Account Password
 - OPN_UNIFI_BACKUP_IMGURL - Unifi Backup Group Image URL [example: OPN_UNIFI_BACKUP_IMGURL="https://paepcke.de/img/unifi.png"]
+- OPN_UNIFI_MONGO_URL     - Unifi MongoDB URI [example:]
 
 # Wazuh 
 - OPN_WAZUH_WEBUI - Wazuh Web Console target & port [example: http://localhost:8446]

api.go

@@ -11,7 +11,8 @@ const SemVer = "v0.1.52"
 // global var
 var (
 	tg                                                         []OPNGroup
-	unifiEnable, unifiBackupNow                                atomic.Bool
+	unifiBackupEnable, unifiExportEnable                       atomic.Bool
+	unifiBackupNow, unifiExportNow                             atomic.Bool
 	sleep, borg, pkgmaster, pkghost                            string
 	wazuhWebUI, unifiWebUI, prometheusWebUI                    *url.URL
 	grafanaWebUI, grafanaFreeBSD, grafanaUnifi, grafanaHAProxy *url.URL
@@ -63,6 +64,10 @@ type OPNCall struct {
 			User   string
 			Secret string
 		}
+		Export struct {
+			Enable bool
+			URI    *url.URL
+		}
 	}
 	Wazuh struct {
 		WebUI *url.URL

example-env-config-unifi.sh

@@ -1,8 +1,8 @@
 #!/bin/sh
 # export OPN_TARGETS='opn00.lan:8443,opn01.lan:8443#RACK-PROD01,opn02.lan:8443#RACK-PROD02'
-export OPN_TARGETS_STANDBY='opn00.lan:8443#RACK-LAB'
+export OPN_TARGETS_STANDBY='opn00.lan:8443#RACK-LAB-2ND-FLOOR'
 export OPN_TARGETS_INTRANET='opn01.lan:8443#RACK-PROD01,opn02.lan:8443#RACK-PROD02'
-export OPN_TARGETS_EXTERNAL='opn03.lan:8443#RACK-DMZ01,opn04.lan:8443#RACK-DMZ02'
+export OPN_TARGETS_EXTERNAL='opn03.lan:8443#RACK-DMZ01-VODAFONE,opn04.lan:8443#RACK-DMZ02-TELEKOM'
 export OPN_TARGETS_IMGURL_STANDBY='https://paepcke.de/res/hot.png'
 export OPN_TARGETS_IMGURL_INTRANET='https://paepcke.de/res/int.png'
 export OPN_TARGETS_IMGURL_EXTERNAL='https://paepcke.de/res/ext.png'
@@ -26,3 +26,5 @@ export OPN_UNIFI_VERSION='8.5.6'
 export OPN_UNIFI_BACKUP_USER='admin'
 export OPN_UNIFI_BACKUP_SECRET='start'
 export OPN_UNIFI_BACKUP_IMGURL='https://paepcke.de/res/uni.png'
+export OPN_UNIFI_EXPORT='1'
+export OPN_UNIFI_MONGO_URL='mongodb://127.0.0.1:27117'

httpd-handler.go

@@ -21,9 +21,13 @@ const (
 func getForceHandler() http.Handler {
 	h := func(r http.ResponseWriter, q *http.Request) {
 		updateOPN <- true
-		if unifiEnable.Load() {
+		if unifiBackupEnable.Load() {
 			unifiBackupNow.Store(true)
-			updateUnifi <- true
+			updateUnifiBackup <- true
+		}
+		if unifiExportEnable.Load() {
+			unifiExportNow.Store(true)
+			updateUnifiExport <- true
 		}
 		r = headHTML(r)
 		_, _ = r.Write([]byte(_forceRedirect))
@@ -188,7 +192,7 @@ func getNavi() string {
 		s.WriteString(_nwin)
 		s.WriteString("><button><b>[ Unifi Dashboard ]</b></button></a> ")
 	}
-	if unifiWebUI != nil && !unifiEnable.Load() {
+	if unifiWebUI != nil && !unifiBackupEnable.Load() {
 		s.WriteString(" <a href=\"")
 		s.WriteString(unifiWebUI.String())
 		s.WriteString("/")

setup.go

@@ -17,7 +17,8 @@ var (
 	hive                  []string
 	hiveMutex, unifiMutex sync.Mutex
 	updateOPN             = make(chan bool, 1)
-	updateUnifi           = make(chan bool, 1)
+	updateUnifiBackup     = make(chan bool, 1)
+	updateUnifiExport     = make(chan bool, 1)
 	unifiStatus           string
 )
 
@@ -134,7 +135,8 @@ func Setup() (*OPNCall, error) {
 	if config.Unifi.WebUI, err = checkURL("OPN_UNIFI_WEBUI"); err != nil {
 		return config, err
 	}
-	unifiEnable.Store(false)
+	unifiBackupEnable.Store(false)
+	unifiExportEnable.Store(false)
 	if config.Unifi.WebUI != nil {
 		unifiWebUI = config.Unifi.WebUI
 		config.Unifi.Backup.Enable = false
@@ -145,12 +147,22 @@ func Setup() (*OPNCall, error) {
 			config.Unifi.Backup.Secret = os.Getenv("OPN_UNIFI_BACKUP_SECRET")
 		}
 		if config.Unifi.Backup.User != "" && config.Unifi.Backup.Secret != "" {
-			unifiEnable.Store(true)
+			unifiBackupEnable.Store(true)
 			config.Unifi.Backup.Enable = true
 			if _, ok := os.LookupEnv("OPN_UNIFI_VERSION"); !ok {
 				return config, errors.New("OPN_UNIFI_VERSION must contain the unifi controller version number (eg.: '5.6.9') when backup is enabled")
 			}
 			config.Unifi.Version = os.Getenv("OPN_UNIFI_VERSION")
+			if _, ok := os.LookupEnv("OPN_UNIFI_EXPORT"); ok {
+				unifiExportEnable.Store(true)
+				config.Unifi.Export.Enable = true
+				if config.Unifi.Export.URI, err = url.Parse("mongodb://127.0.0.1:27117"); err != nil {
+					panic(err) // unreachable
+				}
+				if config.Unifi.Export.URI, err = checkURL("OPN_UNIFI_MONGODB_URI"); err != nil {
+					return config, err
+				}
+			}
 		}
 	}
 

srv.go

@@ -28,8 +28,11 @@ func srv(config *OPNCall) error {
 	go func() {
 		time.Sleep(time.Duration(config.Sleep) * time.Second)
 		updateOPN <- true
-		if unifiEnable.Load() {
-			updateUnifi <- true
+		if unifiBackupEnable.Load() {
+			updateUnifiBackup <- true
+		}
+		if unifiExportEnable.Load() {
+			updateUnifiExport <- true
 		}
 	}()
 

srvUnifi.go → unifiBackup.go

@@ -59,7 +59,7 @@ func unifiBackupServer(config *OPNCall) {
 	// enfore init backup
 	unifiBackupNow.Store(true)
 
-	// loop
+	// loop forever
 	for {
 		// reset default state
 		isReachable, backupOK, notice = true, false, "status:ok"
@@ -178,6 +178,7 @@ func unifiBackupServer(config *OPNCall) {
 		// set unifi status
 		setUnifiStatus(config, time.Now(), notice, isReachable, backupOK)
 
-		<-updateUnifi
+		// wait for next round trigger
+		<-updateUnifiBackup
 	}
 }

unifiExport.go

@@ -0,0 +1,18 @@
+package opnborg
+
+// unfi Export Server
+func unifiExportServer(config *OPNCall) {
+
+	// info
+	displayChan <- []byte("[UNIFI][EXPORT][START][MONGODB-URI] " + config.Unifi.Export.URI.String())
+
+	// loop forever
+	for {
+
+		displayChan <- []byte("[UNIFI][EXPORT][START]")
+		displayChan <- []byte("[UNIFI][EXPORT][END]")
+
+		// wait for next round trigger
+		<-updateUnifiExport
+	}
+}