luksbackup/README.md

# LUKS backup
Backup anything to any remote luks device!

## Usage:
Currently this script is only present in fish, but you can translate it quite easily I suppose. Note that it requires fish to be the default shell for the user on the server

**Step 1:** Create a LUKS device on the target:

connect per ssh to the device, then run these commands (replace the seek=100G with your preferred size):

```bash
dd if=/dev/zero of=storage bs=1 count=0 seek=100G

sudo cryptsetup luksFormat storage

sudo cryptsetup luksOpen storage luks_setup

sudo mkfs.ext4 /dev/mapper/luks_setup

mkdir backup

sudo mount /dev/mapper/luks_setup ~/backup

sudo chown -R --reference=. ~/backup

read -P \"check out this progress\"

sudo umount ~/backup

sudo cryptsetup luksClose luks_setup;

rmdir backup
```

you can replace the name (`storage`) with any filename you like. If you'd rather use a partition skip the `dd` part and run `luksFormat` directly on your partition and replace the file with the device at all other steps.

**step 2:** configure the backup script:
Replace these variables in the beginning with your own:

```fish
set REMOTE "your-backup-ssh-server"         # ip/host where to backup to
set REMOTE_PATH "~/backup/current"          # remote location where backup is mirrored
set USER username                           # ssh user
set KEY ~/.ssh/id_backup_key                # ssh key
set SSH_OPT                                 # possible ssh options

set LUKS_DEVICE "~/storage"                 # luks device or file to open
set LUKS_NAME "luks_"(random)               # generate a random name for the luks groups
set LUKS_MOUNT "~/backup"                   # the mount point where the container is mounted to

set RSYNC_IGNORE_FILE "~/.backup-ignore"    # the file containing the blacklist
```

**step 3:** configure your rsync ignore file:

use your editor to add all directories you'd like to skip to the `.backup-ignore` file (or whatever you named the `RSYNC_IGNORE_FILE` in the config)


**step 4:** run the backup script

`./backup.fish`

## Additional things:

Things you can do, but do not need to:

* symlink the `backup.fish` to a bin location
* call the `backup.fish` script automatically (cronjob etc)
* run `backup.fish --browse` to browse the remote files
* add a sudo policy to not require the server user to prompt for passwords
initial commit 4 years ago			`# LUKS backup`
			`Backup anything to any remote luks device!`

			`## Usage:`
			`Currently this script is only present in fish, but you can translate it quite easily I suppose. Note that it requires fish to be the default shell for the user on the server`

			`Step 1: Create a LUKS device on the target:`

			`connect per ssh to the device, then run these commands (replace the seek=100G with your preferred size):`

			```bash
			`dd if=/dev/zero of=storage bs=1 count=0 seek=100G`

			`sudo cryptsetup luksFormat storage`

			`sudo cryptsetup luksOpen storage luks_setup`

			`sudo mkfs.ext4 /dev/mapper/luks_setup`

			`mkdir backup`

			`sudo mount /dev/mapper/luks_setup ~/backup`

			`sudo chown -R --reference=. ~/backup`

			`read -P \"check out this progress\"`

			`sudo umount ~/backup`

			`sudo cryptsetup luksClose luks_setup;`

			`rmdir backup`
			```

			you can replace the name (`storage`) with any filename you like. If you'd rather use a partition skip the `dd` part and run `luksFormat` directly on your partition and replace the file with the device at all other steps.

			`step 2: configure the backup script:`
			`Replace these variables in the beginning with your own:`

			```fish
			`set REMOTE "your-backup-ssh-server" # ip/host where to backup to`
			`set REMOTE_PATH "~/backup/current" # remote location where backup is mirrored`
			`set USER username # ssh user`
			`set KEY ~/.ssh/id_backup_key # ssh key`
			`set SSH_OPT # possible ssh options`

			`set LUKS_DEVICE "~/storage" # luks device or file to open`
			`set LUKS_NAME "luks_"(random) # generate a random name for the luks groups`
			`set LUKS_MOUNT "~/backup" # the mount point where the container is mounted to`

			`set RSYNC_IGNORE_FILE "~/.backup-ignore" # the file containing the blacklist`
			```

			`step 3: configure your rsync ignore file:`

			use your editor to add all directories you'd like to skip to the `.backup-ignore` file (or whatever you named the `RSYNC_IGNORE_FILE` in the config)


			`step 4: run the backup script`

			`./backup.fish`

			`## Additional things:`

			`Things you can do, but do not need to:`

			* symlink the `backup.fish` to a bin location
			* call the `backup.fish` script automatically (cronjob etc)
			* run `backup.fish --browse` to browse the remote files
			`* add a sudo policy to not require the server user to prompt for passwords`