src/pobsync_backend/config_source.py

from __future__ import annotations

import os
from pathlib import Path
from typing import Any

from django.conf import settings

from pobsync.config.merge import build_effective_config
from pobsync.paths import PobsyncPaths

from .config_repository import global_config_data, host_config_data
from .models import GlobalConfig, HostConfig, SshCredential
from .ssh_keys import identity_path


class DjangoConfigSource:
    def effective_config_for_host(self, host: str) -> dict[str, Any]:
        config = build_effective_config(global_config_data(), host_config_data(host))
        credential = _credential_for_host(host)
        if credential is not None:
            _attach_credential_options(config, credential)
        return config


def _credential_for_host(host: str) -> SshCredential | None:
    host_config = HostConfig.objects.select_related("ssh_credential").get(host=host, enabled=True)
    if host_config.ssh_credential_id:
        return host_config.ssh_credential

    global_config = GlobalConfig.objects.select_related("default_ssh_credential").get(name="default")
    return global_config.default_ssh_credential


def _attach_credential_options(config: dict[str, Any], credential: SshCredential) -> None:
    ssh = config.setdefault("ssh", {})
    options = list(ssh.get("options") or [])
    paths = _materialize_credential(credential)
    if not _has_ssh_option(options, "IdentityFile"):
        options.append(f"-oIdentityFile={paths['identity_file']}")
    if paths.get("known_hosts") and not _has_ssh_option(options, "UserKnownHostsFile"):
        options.append(f"-oUserKnownHostsFile={paths['known_hosts']}")
    if paths.get("accept_new_known_hosts"):
        if not _has_ssh_option(options, "UserKnownHostsFile"):
            options.append(f"-oUserKnownHostsFile={paths['accept_new_known_hosts']}")
        if not _has_ssh_option(options, "StrictHostKeyChecking"):
            options.append("-oStrictHostKeyChecking=accept-new")
    ssh["options"] = options
    config["ssh_credential"] = {
        "id": credential.pk,
        "name": credential.name,
        "identity_file": paths["identity_file"],
        "generated": credential.generated,
        "storage": "filesystem" if credential.key_path else "database",
    }


def _materialize_credential(credential: SshCredential) -> dict[str, str]:
    paths = PobsyncPaths(home=Path(settings.POBSYNC_HOME))
    credential_dir = paths.state_dir / "ssh-credentials" / str(credential.pk)
    credential_dir.mkdir(mode=0o700, parents=True, exist_ok=True)
    os.chmod(credential_dir, 0o700)

    identity_file = identity_path(credential)
    if credential.key_path:
        os.chmod(identity_file, 0o600)
    else:
        identity_file.write_text(_with_trailing_newline(credential.private_key), encoding="utf-8")
        os.chmod(identity_file, 0o600)

    result = {"identity_file": str(identity_file)}
    if credential.known_hosts.strip():
        known_hosts = credential_dir / "known_hosts"
        known_hosts.write_text(_with_trailing_newline(credential.known_hosts), encoding="utf-8")
        os.chmod(known_hosts, 0o600)
        result["known_hosts"] = str(known_hosts)
    else:
        known_hosts = paths.state_dir / "known_hosts"
        known_hosts.parent.mkdir(mode=0o700, parents=True, exist_ok=True)
        known_hosts.touch(mode=0o600, exist_ok=True)
        os.chmod(known_hosts, 0o600)
        result["accept_new_known_hosts"] = str(known_hosts)
    return result


def _has_ssh_option(options: list[str], name: str) -> bool:
    prefix = f"-o{name}="
    spaced = f"-o{name} "
    return any(option == name or option.startswith(prefix) or option.startswith(spaced) for option in options)


def _with_trailing_newline(value: str) -> str:
    return value if value.endswith("\n") else f"{value}\n"
refactor: inject config sources into scheduled backups Introduce a ConfigSource interface so scheduled backups no longer need to load host configuration directly from runtime YAML. Add a Django-backed config source for SQL-driven backup runs, keep file-based config as the CLI default, and make scheduled prune execution actually apply retention after successful runs. 2026-05-19 04:57:10 +02:00			`from __future__ import annotations`

(feature) Add Django-managed SSH credentials Add SSH credentials as first-class Django data so backup keys can be uploaded through the control panel instead of mounted into containers. Credentials can be selected globally or overridden per host. At runtime the selected key is materialized inside the container with restrictive file permissions and injected into the rsync SSH command via IdentityFile. Known hosts entries are handled the same way when configured. Add control panel views for creating and listing SSH keys, expose the fields in config forms and admin, document the workflow, and cover global and host credential selection with tests. 2026-05-19 14:37:38 +02:00			`import os`
			`from pathlib import Path`
refactor: inject config sources into scheduled backups Introduce a ConfigSource interface so scheduled backups no longer need to load host configuration directly from runtime YAML. Add a Django-backed config source for SQL-driven backup runs, keep file-based config as the CLI default, and make scheduled prune execution actually apply retention after successful runs. 2026-05-19 04:57:10 +02:00			`from typing import Any`

(feature) Add Django-managed SSH credentials Add SSH credentials as first-class Django data so backup keys can be uploaded through the control panel instead of mounted into containers. Credentials can be selected globally or overridden per host. At runtime the selected key is materialized inside the container with restrictive file permissions and injected into the rsync SSH command via IdentityFile. Known hosts entries are handled the same way when configured. Add control panel views for creating and listing SSH keys, expose the fields in config forms and admin, document the workflow, and cover global and host credential selection with tests. 2026-05-19 14:37:38 +02:00			`from django.conf import settings`

refactor: inject config sources into scheduled backups Introduce a ConfigSource interface so scheduled backups no longer need to load host configuration directly from runtime YAML. Add a Django-backed config source for SQL-driven backup runs, keep file-based config as the CLI default, and make scheduled prune execution actually apply retention after successful runs. 2026-05-19 04:57:10 +02:00			`from pobsync.config.merge import build_effective_config`
(feature) Add Django-managed SSH credentials Add SSH credentials as first-class Django data so backup keys can be uploaded through the control panel instead of mounted into containers. Credentials can be selected globally or overridden per host. At runtime the selected key is materialized inside the container with restrictive file permissions and injected into the rsync SSH command via IdentityFile. Known hosts entries are handled the same way when configured. Add control panel views for creating and listing SSH keys, expose the fields in config forms and admin, document the workflow, and cover global and host credential selection with tests. 2026-05-19 14:37:38 +02:00			`from pobsync.paths import PobsyncPaths`
refactor: inject config sources into scheduled backups Introduce a ConfigSource interface so scheduled backups no longer need to load host configuration directly from runtime YAML. Add a Django-backed config source for SQL-driven backup runs, keep file-based config as the CLI default, and make scheduled prune execution actually apply retention after successful runs. 2026-05-19 04:57:10 +02:00
			`from .config_repository import global_config_data, host_config_data`
(feature) Add Django-managed SSH credentials Add SSH credentials as first-class Django data so backup keys can be uploaded through the control panel instead of mounted into containers. Credentials can be selected globally or overridden per host. At runtime the selected key is materialized inside the container with restrictive file permissions and injected into the rsync SSH command via IdentityFile. Known hosts entries are handled the same way when configured. Add control panel views for creating and listing SSH keys, expose the fields in config forms and admin, document the workflow, and cover global and host credential selection with tests. 2026-05-19 14:37:38 +02:00			`from .models import GlobalConfig, HostConfig, SshCredential`
(feature) Generate filesystem-backed SSH credentials Add filesystem-backed SSH credentials for the native systemd deployment path. Generated keys are stored below POBSYNC_HOME with 0600 permissions, while Django keeps the public key, fingerprint, path, and selection metadata. Add a Django SSH key generation view, delete action for unused generated keys, and a management command used by the installer to ensure a default backup key exists. Update runtime config to use generated key paths directly as IdentityFile, extend host checks to verify key readability, and keep legacy uploaded keys available for compatibility. 2026-05-19 19:41:40 +02:00			`from .ssh_keys import identity_path`
refactor: inject config sources into scheduled backups Introduce a ConfigSource interface so scheduled backups no longer need to load host configuration directly from runtime YAML. Add a Django-backed config source for SQL-driven backup runs, keep file-based config as the CLI default, and make scheduled prune execution actually apply retention after successful runs. 2026-05-19 04:57:10 +02:00

			`class DjangoConfigSource:`
			`def effective_config_for_host(self, host: str) -> dict[str, Any]:`
(feature) Add Django-managed SSH credentials Add SSH credentials as first-class Django data so backup keys can be uploaded through the control panel instead of mounted into containers. Credentials can be selected globally or overridden per host. At runtime the selected key is materialized inside the container with restrictive file permissions and injected into the rsync SSH command via IdentityFile. Known hosts entries are handled the same way when configured. Add control panel views for creating and listing SSH keys, expose the fields in config forms and admin, document the workflow, and cover global and host credential selection with tests. 2026-05-19 14:37:38 +02:00			`config = build_effective_config(global_config_data(), host_config_data(host))`
			`credential = _credential_for_host(host)`
			`if credential is not None:`
			`_attach_credential_options(config, credential)`
			`return config`


			`def _credential_for_host(host: str) -> SshCredential \| None:`
			`host_config = HostConfig.objects.select_related("ssh_credential").get(host=host, enabled=True)`
			`if host_config.ssh_credential_id:`
			`return host_config.ssh_credential`

			`global_config = GlobalConfig.objects.select_related("default_ssh_credential").get(name="default")`
			`return global_config.default_ssh_credential`


			`def _attach_credential_options(config: dict[str, Any], credential: SshCredential) -> None:`
			`ssh = config.setdefault("ssh", {})`
			`options = list(ssh.get("options") or [])`
			`paths = _materialize_credential(credential)`
			`if not _has_ssh_option(options, "IdentityFile"):`
			`options.append(f"-oIdentityFile={paths['identity_file']}")`
			`if paths.get("known_hosts") and not _has_ssh_option(options, "UserKnownHostsFile"):`
			`options.append(f"-oUserKnownHostsFile={paths['known_hosts']}")`
(bugfix) Use service-level known_hosts for generated SSH keys When a selected SSH credential has no pinned known_hosts entries, create and use a pobsync service-level known_hosts file under POBSYNC_HOME/state. Pass UserKnownHostsFile and StrictHostKeyChecking=accept-new to SSH so unattended backups no longer depend on root's known_hosts or an interactive shell session. Keep pinned credential known_hosts behavior unchanged when entries are configured explicitly. 2026-05-19 20:01:39 +02:00			`if paths.get("accept_new_known_hosts"):`
			`if not _has_ssh_option(options, "UserKnownHostsFile"):`
			`options.append(f"-oUserKnownHostsFile={paths['accept_new_known_hosts']}")`
			`if not _has_ssh_option(options, "StrictHostKeyChecking"):`
			`options.append("-oStrictHostKeyChecking=accept-new")`
(feature) Add Django-managed SSH credentials Add SSH credentials as first-class Django data so backup keys can be uploaded through the control panel instead of mounted into containers. Credentials can be selected globally or overridden per host. At runtime the selected key is materialized inside the container with restrictive file permissions and injected into the rsync SSH command via IdentityFile. Known hosts entries are handled the same way when configured. Add control panel views for creating and listing SSH keys, expose the fields in config forms and admin, document the workflow, and cover global and host credential selection with tests. 2026-05-19 14:37:38 +02:00			`ssh["options"] = options`
(bugfix) Surface rsync SSH failure details in run results Include the selected SSH credential metadata and rsync log tail in dry-run and failed backup results so Django shows the actual SSH or rsync failure instead of only the exit code. Warn in host checks when a host still uses database-stored private key material, making it easier to spot old credentials after switching to generated filesystem keys. 2026-05-19 19:49:33 +02:00			`config["ssh_credential"] = {`
			`"id": credential.pk,`
			`"name": credential.name,`
			`"identity_file": paths["identity_file"],`
			`"generated": credential.generated,`
			`"storage": "filesystem" if credential.key_path else "database",`
			`}`
(feature) Add Django-managed SSH credentials Add SSH credentials as first-class Django data so backup keys can be uploaded through the control panel instead of mounted into containers. Credentials can be selected globally or overridden per host. At runtime the selected key is materialized inside the container with restrictive file permissions and injected into the rsync SSH command via IdentityFile. Known hosts entries are handled the same way when configured. Add control panel views for creating and listing SSH keys, expose the fields in config forms and admin, document the workflow, and cover global and host credential selection with tests. 2026-05-19 14:37:38 +02:00

			`def _materialize_credential(credential: SshCredential) -> dict[str, str]:`
			`paths = PobsyncPaths(home=Path(settings.POBSYNC_HOME))`
			`credential_dir = paths.state_dir / "ssh-credentials" / str(credential.pk)`
			`credential_dir.mkdir(mode=0o700, parents=True, exist_ok=True)`
			`os.chmod(credential_dir, 0o700)`

(feature) Generate filesystem-backed SSH credentials Add filesystem-backed SSH credentials for the native systemd deployment path. Generated keys are stored below POBSYNC_HOME with 0600 permissions, while Django keeps the public key, fingerprint, path, and selection metadata. Add a Django SSH key generation view, delete action for unused generated keys, and a management command used by the installer to ensure a default backup key exists. Update runtime config to use generated key paths directly as IdentityFile, extend host checks to verify key readability, and keep legacy uploaded keys available for compatibility. 2026-05-19 19:41:40 +02:00			`identity_file = identity_path(credential)`
			`if credential.key_path:`
			`os.chmod(identity_file, 0o600)`
			`else:`
			`identity_file.write_text(_with_trailing_newline(credential.private_key), encoding="utf-8")`
			`os.chmod(identity_file, 0o600)`
(feature) Add Django-managed SSH credentials Add SSH credentials as first-class Django data so backup keys can be uploaded through the control panel instead of mounted into containers. Credentials can be selected globally or overridden per host. At runtime the selected key is materialized inside the container with restrictive file permissions and injected into the rsync SSH command via IdentityFile. Known hosts entries are handled the same way when configured. Add control panel views for creating and listing SSH keys, expose the fields in config forms and admin, document the workflow, and cover global and host credential selection with tests. 2026-05-19 14:37:38 +02:00
			`result = {"identity_file": str(identity_file)}`
			`if credential.known_hosts.strip():`
			`known_hosts = credential_dir / "known_hosts"`
			`known_hosts.write_text(_with_trailing_newline(credential.known_hosts), encoding="utf-8")`
			`os.chmod(known_hosts, 0o600)`
			`result["known_hosts"] = str(known_hosts)`
(bugfix) Use service-level known_hosts for generated SSH keys When a selected SSH credential has no pinned known_hosts entries, create and use a pobsync service-level known_hosts file under POBSYNC_HOME/state. Pass UserKnownHostsFile and StrictHostKeyChecking=accept-new to SSH so unattended backups no longer depend on root's known_hosts or an interactive shell session. Keep pinned credential known_hosts behavior unchanged when entries are configured explicitly. 2026-05-19 20:01:39 +02:00			`else:`
			`known_hosts = paths.state_dir / "known_hosts"`
			`known_hosts.parent.mkdir(mode=0o700, parents=True, exist_ok=True)`
			`known_hosts.touch(mode=0o600, exist_ok=True)`
			`os.chmod(known_hosts, 0o600)`
			`result["accept_new_known_hosts"] = str(known_hosts)`
(feature) Add Django-managed SSH credentials Add SSH credentials as first-class Django data so backup keys can be uploaded through the control panel instead of mounted into containers. Credentials can be selected globally or overridden per host. At runtime the selected key is materialized inside the container with restrictive file permissions and injected into the rsync SSH command via IdentityFile. Known hosts entries are handled the same way when configured. Add control panel views for creating and listing SSH keys, expose the fields in config forms and admin, document the workflow, and cover global and host credential selection with tests. 2026-05-19 14:37:38 +02:00			`return result`


			`def _has_ssh_option(options: list[str], name: str) -> bool:`
			`prefix = f"-o{name}="`
			`spaced = f"-o{name} "`
			`return any(option == name or option.startswith(prefix) or option.startswith(spaced) for option in options)`


			`def _with_trailing_newline(value: str) -> str:`
			`return value if value.endswith("\n") else f"{value}\n"`