commit 1aa90c40b3559e41b280d251a8f1d54d78215f71
Author: JayVii <jayvii[AT]posteo[DOT]de>
Date: Sat, 27 Apr 2024 15:03:53 +0200
initial script and description
Diffstat:
| A | README | | | 37 | +++++++++++++++++++++++++++++++++++++ |
| A | backup.sh | | | 67 | +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ |
2 files changed, 104 insertions(+), 0 deletions(-)
diff --git a/README b/README
@@ -0,0 +1,37 @@
+Encrypted Backup via rsync and gocryptfs
+-----
+
+Atomic and encrypted backups made easy with a simple bash script.
+
+Detailed description can be found here:
+https://www.jayvii.de/posts/backups/
+
+Uses well-known tools, following the UNIX-philosophy:
+- rsnc https://rsync.samba.org/
+- gocryptfs https://nuetzlich.net/gocryptfs/
+
+Preparation
+-----
+
+Initilize gocryptfs with the Backup-source directory. If you want to backup
+(subdirectories of) your home-folder, do the following:
+
+gocryptfs \
+ --init \ # initilise the volume
+ --reverse \ # use "reverse mode"
+ --plaintextnames \ # do not obfuscate names of files and directories
+ "$HOME" # target directory. Here: our home-folder
+
+This will create a .gocryptfs.reverse.conf file with the encryption meta data.
+Do not lose this file or your encryption password.
+
+Usage
+-----
+
+To backup your home directory to a remote server via SSH, use following syntax:
+
+./backup.sh "$HOME" "user[AT]example[DOT]com"
+
+Backups are stored on the remote end in the folder named after the hostname of
+your source machine and the current month. If you do monthly updates, this leads
+to 12 backup versions before the first backup is overwritten.
diff --git a/backup.sh b/backup.sh
@@ -0,0 +1,67 @@
+#!/usr/bin/env bash
+
+# Define functions -------------------------------------------------------------
+function send_notify {
+ gdbus call --session \
+ --dest=org.freedesktop.Notifications \
+ --object-path=/org/freedesktop/Notifications \
+ --method=org.freedesktop.Notifications.Notify \
+ "$1" $2 "$3" "$1" "$4" "$5" \
+ '{"category": <"im.received">}' 3000
+}
+
+# Configuration ----------------------------------------------------------------
+
+# Extra Options for rsync
+EXOP=""
+# EXOP+="-e 'ssh -p23'" # use ssh via port 23
+
+# Excluded Directories
+EXCL="--exclude=.cache/*"
+EXCL+=" --exclude=.var/*"
+EXCL+=" --exclude=.local/share/Trash/*"
+
+# Define Source and Target directories
+SOURCE_PLAIN="${1}/"
+SOURCE_CRYPT="$(mktemp --directory)/"
+TARGET="${2}:${HOSTNAME}_$(date +%m)/"
+
+# Ask User for password of remote storage --------------------------------------
+echo "PLEASE TYPE IN PASSWORD FOR REMOTE STORAGE"
+read -s PASSWORD
+
+# Mount Source directory as encrypted ------------------------------------------
+echo "[INFO] Attempting to mount source as encrypted dir."
+gocryptfs --ro --reverse "$SOURCE_PLAIN" "$SOURCE_CRYPT" || exit 1;
+
+# Start Backup Procedure -------------------------------------------------------
+send_notify \
+ "BackUpr" \
+ 0 \
+ "document-send" \
+ "Starting backup procedure to $TARGET" \
+ "[]"
+
+SSHPASS="$PASSWORD" sshpass -e \
+ rsync \
+ --archive \ # recursively and retaining user permissions
+ --update \ # only write if file is different to version on target
+ --verbose \ # print output to console
+ --progress \ # show progress of transmission
+ ${EXCL} \ # insert previously defined exclusions
+ ${EXOP} \ # extra options
+ "$SOURCE_CRYPT" \ # encrypted source directory
+ "$TARGET" # target directory
+
+# Send Status-Message on exit --------------------------------------------------
+if [[ "$?" == "0" ]]; then
+ send_notify "BackUpr" 0 "document-send" "Backup finished successfully." "[]"
+else
+ send_notify "BackUpr" 0 "document-send" "Backup failed!" "[]"
+fi
+
+# Unmount encrypted Source directory again -------------------------------------
+fusermount -u "$SOURCE_CRYPT"
+
+# Exit Program -----------------------------------------------------------------
+echo "[INFO] Done."
