#!/bin/sh
# Nightly pg_dump → rustfs (S3-compatible).
# Required env: POSTGRES_USER, POSTGRES_PASSWORD, POSTGRES_DB,
#               RUSTFS_ENDPOINT, RUSTFS_ACCESS_KEY, RUSTFS_SECRET_KEY, RUSTFS_BUCKET.
# Optional:     BACKUP_KEEP_DAYS (default 30), PGHOST (default timescale_db).

set -eu

: "${POSTGRES_USER:?}"
: "${POSTGRES_PASSWORD:?}"
: "${POSTGRES_DB:?}"
: "${RUSTFS_ENDPOINT:?}"
: "${RUSTFS_ACCESS_KEY:?}"
: "${RUSTFS_SECRET_KEY:?}"
: "${RUSTFS_BUCKET:?}"

PGHOST="${PGHOST:-timescale_db}"
PGPORT="${PGPORT:-5432}"
KEEP_DAYS="${BACKUP_KEEP_DAYS:-30}"

TS="$(date +%Y%m%d_%H%M%S_%Z)"
FILE="${POSTGRES_DB}_${TS}.sql.gz"
TMP="/tmp/${FILE}"

export AWS_ACCESS_KEY_ID="$RUSTFS_ACCESS_KEY"
export AWS_SECRET_ACCESS_KEY="$RUSTFS_SECRET_KEY"
export AWS_DEFAULT_REGION="${RUSTFS_REGION:-us-east-1}"
export PGPASSWORD="$POSTGRES_PASSWORD"

echo "[$(date +%FT%T%z)] pg_dump ${POSTGRES_DB}@${PGHOST} -> ${FILE}"
pg_dump -h "$PGHOST" -p "$PGPORT" -U "$POSTGRES_USER" -d "$POSTGRES_DB" \
        --no-owner --no-privileges --format=plain \
  | gzip -9 > "$TMP"

SIZE=$(wc -c < "$TMP")
echo "[$(date +%FT%T%z)] dump size: ${SIZE} bytes"

KEY="daily/${FILE}"
echo "[$(date +%FT%T%z)] uploading s3://${RUSTFS_BUCKET}/${KEY}"
aws --endpoint-url "$RUSTFS_ENDPOINT" s3 cp "$TMP" "s3://${RUSTFS_BUCKET}/${KEY}"

rm -f "$TMP"

# Prune anything older than KEEP_DAYS.
CUTOFF="$(date -d "-${KEEP_DAYS} days" +%Y%m%d 2>/dev/null || date -v -"${KEEP_DAYS}"d +%Y%m%d)"
aws --endpoint-url "$RUSTFS_ENDPOINT" s3 ls "s3://${RUSTFS_BUCKET}/daily/" \
  | awk '{print $4}' \
  | while read -r OBJ; do
      [ -z "$OBJ" ] && continue
      OBJ_DATE=$(echo "$OBJ" | sed -n 's/.*_\([0-9]\{8\}\)_.*/\1/p')
      [ -z "$OBJ_DATE" ] && continue
      if [ "$OBJ_DATE" -lt "$CUTOFF" ]; then
        echo "[$(date +%FT%T%z)] prune s3://${RUSTFS_BUCKET}/daily/${OBJ}"
        aws --endpoint-url "$RUSTFS_ENDPOINT" s3 rm "s3://${RUSTFS_BUCKET}/daily/${OBJ}"
      fi
    done

echo "[$(date +%FT%T%z)] backup complete"