From 9473670423223f74561ad57c89d5acce00a2496f Mon Sep 17 00:00:00 2001
From: Edoardo Spadoni <edoardo.spadoni@nethesis.it>
Date: Wed, 22 Apr 2026 15:29:39 +0200
Subject: [PATCH] feat(ns-plug): dual-send backup to my-new proxy

Adds a second upload to https://my.nethesis.it/proxy/backup after
remote-backup finishes its upload to backupd.nethesis.it. Same
transitional pattern already used by send-heartbeat and send-inventory:
the proxy accepts the existing system_id:secret Basic Auth pair and
translates it into the my-new system_key:system_secret on its way to
the new collect endpoint, so no UCI or registration change is needed
on the appliance.

Gated to enterprise subscriptions via `TYPE = enterprise` to stay in
sync with the other dual-send scripts. Best-effort (`|| :`): a proxy
outage does not block the primary upload that already completed
against backupd, and the md5 marker is still updated so the same
backup is not re-uploaded the next night.

X-Filename is propagated so the user-facing filename ends up as S3
object metadata on my-new.

Refs: NethServer/my#82 NethServer/my#83
---
 packages/ns-plug/files/send-backup | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/packages/ns-plug/files/send-backup b/packages/ns-plug/files/send-backup
index fe92dabd0..b17cb8e85 100755
--- a/packages/ns-plug/files/send-backup
+++ b/packages/ns-plug/files/send-backup
@@ -21,6 +21,19 @@ function send {
         # send encrypted backup
         gpg --batch -c --yes --passphrase-file $PASSPHRASE $BACKUP
         remote-backup upload "$BACKUP.gpg"
+
+        # Temporary dual-send to new my.nethesis.it via the translation
+        # proxy, same pattern used by send-heartbeat / send-inventory.
+        # To be removed once the migration is complete.
+        if [ "$TYPE" = "enterprise" ]; then
+            /usr/bin/curl -m 900 --retry 3 -L -s -X POST \
+                --user "$SYSTEM_ID:$SYSTEM_SECRET" \
+                -H "Content-Type: application/octet-stream" \
+                -H "X-Filename: $(basename $BACKUP.gpg)" \
+                --data-binary "@$BACKUP.gpg" \
+                https://my.nethesis.it/proxy/backup >/dev/null || :
+        fi
+
         mv $MD5 $MD5_LAST
     else
         # password not set, abort upload
@@ -32,6 +45,7 @@ function send {
 
 SYSTEM_ID=$(uci -q get ns-plug.config.system_id)
 SYSTEM_SECRET=$(uci -q get ns-plug.config.secret)
+TYPE=$(uci -q get ns-plug.config.type)
 
 if [ -z "$SYSTEM_ID" ] || [ -z "$SYSTEM_SECRET" ]; then
     # System ID and System secret not found, configure ns-plug to enable it