(feature) Add Django-managed SSH credentials
Add SSH credentials as first-class Django data so backup keys can be uploaded through the control panel instead of mounted into containers. Credentials can be selected globally or overridden per host. At runtime the selected key is materialized inside the container with restrictive file permissions and injected into the rsync SSH command via IdentityFile. Known hosts entries are handled the same way when configured. Add control panel views for creating and listing SSH keys, expose the fields in config forms and admin, document the workflow, and cover global and host credential selection with tests.
This commit is contained in:
@@ -6,7 +6,26 @@ from django.urls import reverse
|
||||
from django.utils.html import format_html
|
||||
from django.utils.http import urlencode
|
||||
|
||||
from .models import BackupRun, GlobalConfig, HostConfig, ScheduleConfig, SnapshotRecord
|
||||
from .models import BackupRun, GlobalConfig, HostConfig, ScheduleConfig, SnapshotRecord, SshCredential
|
||||
|
||||
|
||||
@admin.register(SshCredential)
|
||||
class SshCredentialAdmin(admin.ModelAdmin):
|
||||
list_display = ("name", "has_public_key", "has_known_hosts", "updated_at")
|
||||
readonly_fields = ("created_at", "updated_at")
|
||||
search_fields = ("name", "notes")
|
||||
fieldsets = (
|
||||
(None, {"fields": ("name", "private_key", "public_key", "known_hosts", "notes")}),
|
||||
("Timestamps", {"fields": ("created_at", "updated_at"), "classes": ("collapse",)}),
|
||||
)
|
||||
|
||||
@admin.display(boolean=True, description="Public key")
|
||||
def has_public_key(self, obj: SshCredential) -> bool:
|
||||
return bool(obj.public_key.strip())
|
||||
|
||||
@admin.display(boolean=True, description="Known hosts")
|
||||
def has_known_hosts(self, obj: SshCredential) -> bool:
|
||||
return bool(obj.known_hosts.strip())
|
||||
|
||||
|
||||
@admin.register(GlobalConfig)
|
||||
@@ -15,7 +34,7 @@ class GlobalConfigAdmin(admin.ModelAdmin):
|
||||
readonly_fields = ("created_at", "updated_at")
|
||||
fieldsets = (
|
||||
(None, {"fields": ("name", "backup_root", "pobsync_home")}),
|
||||
("SSH", {"fields": ("ssh_user", "ssh_port", "ssh_options")}),
|
||||
("SSH", {"fields": ("default_ssh_credential", "ssh_user", "ssh_port", "ssh_options")}),
|
||||
(
|
||||
"Rsync",
|
||||
{
|
||||
@@ -52,7 +71,7 @@ class HostConfigAdmin(admin.ModelAdmin):
|
||||
readonly_fields = ("created_at", "updated_at")
|
||||
fieldsets = (
|
||||
(None, {"fields": ("host", "address", "enabled")}),
|
||||
("SSH override", {"fields": ("ssh_user", "ssh_port")}),
|
||||
("SSH override", {"fields": ("ssh_credential", "ssh_user", "ssh_port")}),
|
||||
("Source", {"fields": ("source_root", "includes", "excludes_add", "excludes_replace")}),
|
||||
("Rsync override", {"fields": ("rsync_extra_args",)}),
|
||||
("Retention", {"fields": ("retention_daily", "retention_weekly", "retention_monthly", "retention_yearly")}),
|
||||
|
||||
Reference in New Issue
Block a user