From fb37ba9d3dc8fc541789a0dd047a7d4202687437 Mon Sep 17 00:00:00 2001
From: Anton Lydike <me@antonlydike.de>
Date: Mon, 11 Jan 2021 12:37:53 +0100
Subject: [PATCH] initial commit

---
 README.md   | 70 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 backup.fish | 55 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 125 insertions(+)
 create mode 100644 README.md
 create mode 100755 backup.fish

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..9a40c05
--- /dev/null
+++ b/README.md
@@ -0,0 +1,70 @@
+# LUKS backup
+Backup anything to any remote luks device!
+
+## Usage:
+Currently this script is only present in fish, but you can translate it quite easily I suppose. Note that it requires fish to be the default shell for the user on the server
+
+**Step 1:** Create a LUKS device on the target:
+
+connect per ssh to the device, then run these commands (replace the seek=100G with your preferred size):
+
+```bash
+dd if=/dev/zero of=storage bs=1 count=0 seek=100G
+
+sudo cryptsetup luksFormat storage
+
+sudo cryptsetup luksOpen storage luks_setup
+
+sudo mkfs.ext4 /dev/mapper/luks_setup
+
+mkdir backup
+
+sudo mount /dev/mapper/luks_setup ~/backup
+
+sudo chown -R --reference=. ~/backup
+
+read -P \"check out this progress\"
+
+sudo umount ~/backup
+
+sudo cryptsetup luksClose luks_setup;
+
+rmdir backup
+```
+
+you can replace the name (`storage`) with any filename you like. If you'd rather use a partition skip the `dd` part and run `luksFormat` directly on your partition and replace the file with the device at all other steps.
+
+**step 2:** configure the backup script:
+Replace these variables in the beginning with your own:
+
+```fish
+set REMOTE "your-backup-ssh-server"         # ip/host where to backup to
+set REMOTE_PATH "~/backup/current"          # remote location where backup is mirrored
+set USER username                           # ssh user
+set KEY ~/.ssh/id_backup_key                # ssh key
+set SSH_OPT                                 # possible ssh options
+
+set LUKS_DEVICE "~/storage"                 # luks device or file to open
+set LUKS_NAME "luks_"(random)               # generate a random name for the luks groups
+set LUKS_MOUNT "~/backup"                   # the mount point where the container is mounted to
+
+set RSYNC_IGNORE_FILE "~/.backup-ignore"    # the file containing the blacklist
+```
+
+**step 3:** configure your rsync ignore file:
+
+use your editor to add all directories you'd like to skip to the `.backup-ignore` file (or whatever you named the `RSYNC_IGNORE_FILE` in the config)
+
+
+**step 4:** run the backup script
+
+`./backup.fish`
+
+## Additional things:
+
+Things you can do, but do not need to:
+
+* symlink the `backup.fish` to a bin location
+* call the `backup.fish` script automatically (cronjob etc)
+* run `backup.fish --browse` to browse the remote files
+* add a sudo policy to not require the server user to prompt for passwords
\ No newline at end of file
diff --git a/backup.fish b/backup.fish
new file mode 100755
index 0000000..ec10673
--- /dev/null
+++ b/backup.fish
@@ -0,0 +1,55 @@
+#!/usr/bin/env fish
+
+set REMOTE "your-backup-ssh-server"         # ip/host where to backup to
+set REMOTE_PATH "~/backup/current"          # remote location where backup is mirrored
+set USER username                           # ssh user
+set KEY ~/.ssh/id_backup_key                # ssh key
+set SSH_OPT                                 # possible ssh options
+
+set LUKS_DEVICE "~/storage"                 # luks device or file to open
+set LUKS_NAME "luks_"(random)               # generate a random name for the luks groups
+set LUKS_MOUNT "~/backup"                   # the mount point where the container is mounted to
+
+set RSYNC_IGNORE_FILE "~/.backup-ignore"    # the file containing the blacklist
+
+
+# open luks container
+set_color -o green
+echo "Mounting luks container..."
+set_color normal
+ssh $SSH_OPT -t -i $KEY $USER@$REMOTE "
+if [ -d $REMOTE_PATH ]
+    set_color -o green; echo \"backup already mounted!\"
+    set_color normal
+    exit
+end
+mkdir $LUKS_MOUNT
+read x
+sudo cryptsetup open --type luks $LUKS_DEVICE $LUKS_NAME
+sudo mount /dev/mapper/$LUKS_NAME $LUKS_MOUNT
+"
+
+if test "$argv" = '--browse'
+    set_color -o green
+    echo "LUKS mounted, connecting..."
+    set_color normal 
+    ssh -i $KEY $USER@$REMOTE
+    exit
+end
+
+# sync with rsync
+set_color -o green
+echo "Syncing filesystem..."
+set_color normal
+
+rsync --exclude-from=$RSYNC_IGNORE_FILE -rlptgozEP ~ $USER@$REMOTE:$REMOTE_PATH #TODO find more applicable options 
+
+# unmount luks container
+set_color -o green
+echo "Syncing complete - unmounting luks container..."
+set_color normal
+ssh -t -i $KEY $USER@$REMOTE "
+sudo umount $LUKS_MOUNT
+sudo cryptsetup close --type luks $LUKS_NAME
+rmdir $LUKS_MOUNT
+"
\ No newline at end of file