Add protected_only option to filter out unencrypted files

rclone/CHANGELOG.md

@@ -2,6 +2,7 @@
 
 ## next
 - Bump rclone version to v1.64.2
+- Add `protected_only` option to filter out unencrypted backups
 
 ## 1.5.5
 

rclone/Dockerfile

@@ -11,7 +11,7 @@ COPY install_rclone.sh /
 RUN /install_rclone.sh "${VERSION}" "${BUILD_ARCH}"
 
 # Add timegaps for pruning backups
-RUN apk add --no-cache python3 py3-pip && \
+RUN apk add --no-cache python3 py3-pip jq && \
        pip install --no-cache-dir timegaps==0.1.1 && \
        apk del py3-pip
 

rclone/config.yml

@@ -35,6 +35,7 @@ options:
     ssl: false
     certfile: fullchain.pem
     keyfile: privkey.pem
+  protected_only:: false
 schema:
   cron: str
   destination: str
@@ -50,3 +51,4 @@ schema:
     ssl: bool
     certfile: str
     keyfile: str
+  protected_only: bool

rclone/rootfs/etc/cont-init.d/rclone.sh

@@ -13,7 +13,12 @@ DESTINATION=$(bashio::config 'destination')
 
 USERNAME=$(bashio::config 'credentials.username')
 PASSWORD=$(bashio::config 'credentials.password')
+
 FILTER='{"IncludeRule": ["*.tar"]}'
+if bashio::config.true 'protected_only'; then
+    FILTER="{\"IncludeRule\": $(find /backup -name "*.tar" -exec tar -xOf "{}" ./backup.json \;| jq -sc 'map(select(.protected) | "/backup/\(.slug).tar")')}"
+    FILTER=
+fi
 
 command="rclone rc --user \"$USERNAME\" --pass \"$PASSWORD\" sync/$SYNC_COMMAND srcFs=/backup dstFs=$DESTINATION _async=true _filter='$FILTER'"