anton
/
luksbackup
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

initial commit

Browse Source
master
Anton Lydike 4 years ago
commit fb37ba9d3d
2 changed files with 125 additions and 0 deletions
Show Stats Download Patch File Download Diff File

70
README.md
Unescape Escape View File

@ -0,0 +1,70 @@
# LUKS backup
Backup anything to any remote luks device!
## Usage:
Currently this script is only present in fish, but you can translate it quite easily I suppose. Note that it requires fish to be the default shell for the user on the server
**Step 1:** Create a LUKS device on the target:
connect per ssh to the device, then run these commands (replace the seek=100G with your preferred size):
```bash
dd if=/dev/zero of=storage bs=1 count=0 seek=100G
sudo cryptsetup luksFormat storage
sudo cryptsetup luksOpen storage luks_setup
sudo mkfs.ext4 /dev/mapper/luks_setup
mkdir backup
sudo mount /dev/mapper/luks_setup ~/backup
sudo chown -R --reference=. ~/backup
read -P \"check out this progress\"
sudo umount ~/backup
sudo cryptsetup luksClose luks_setup;
rmdir backup
```
you can replace the name (`storage`) with any filename you like. If you'd rather use a partition skip the `dd` part and run `luksFormat` directly on your partition and replace the file with the device at all other steps.
**step 2:** configure the backup script:
Replace these variables in the beginning with your own:
```fish
set REMOTE "your-backup-ssh-server" # ip/host where to backup to
set REMOTE_PATH "~/backup/current" # remote location where backup is mirrored
set USER username # ssh user
set KEY ~/.ssh/id_backup_key # ssh key
set SSH_OPT # possible ssh options
set LUKS_DEVICE "~/storage" # luks device or file to open
set LUKS_NAME "luks_"(random) # generate a random name for the luks groups
set LUKS_MOUNT "~/backup" # the mount point where the container is mounted to
set RSYNC_IGNORE_FILE "~/.backup-ignore" # the file containing the blacklist
```
**step 3:** configure your rsync ignore file:
use your editor to add all directories you'd like to skip to the `.backup-ignore` file (or whatever you named the `RSYNC_IGNORE_FILE` in the config)
**step 4:** run the backup script
`./backup.fish`
## Additional things:
Things you can do, but do not need to:
* symlink the `backup.fish` to a bin location
* call the `backup.fish` script automatically (cronjob etc)
* run `backup.fish --browse` to browse the remote files
* add a sudo policy to not require the server user to prompt for passwords

55
backup.fish
Unescape Escape View File

@ -0,0 +1,55 @@
#!/usr/bin/env fish
set REMOTE "your-backup-ssh-server" # ip/host where to backup to
set REMOTE_PATH "~/backup/current" # remote location where backup is mirrored
set USER username # ssh user
set KEY ~/.ssh/id_backup_key # ssh key
set SSH_OPT # possible ssh options
set LUKS_DEVICE "~/storage" # luks device or file to open
set LUKS_NAME "luks_"(random) # generate a random name for the luks groups
set LUKS_MOUNT "~/backup" # the mount point where the container is mounted to
set RSYNC_IGNORE_FILE "~/.backup-ignore" # the file containing the blacklist
# open luks container
set_color -o green
echo "Mounting luks container..."
set_color normal
ssh $SSH_OPT -t -i $KEY $USER@$REMOTE "
if [ -d $REMOTE_PATH ]
set_color -o green; echo \"backup already mounted!\"
set_color normal
exit
end
mkdir $LUKS_MOUNT
read x
sudo cryptsetup open --type luks $LUKS_DEVICE $LUKS_NAME
sudo mount /dev/mapper/$LUKS_NAME $LUKS_MOUNT
"
if test "$argv" = '--browse'
set_color -o green
echo "LUKS mounted, connecting..."
set_color normal
ssh -i $KEY $USER@$REMOTE
exit
end
# sync with rsync
set_color -o green
echo "Syncing filesystem..."
set_color normal
rsync --exclude-from=$RSYNC_IGNORE_FILE -rlptgozEP ~ $USER@$REMOTE:$REMOTE_PATH #TODO find more applicable options
# unmount luks container
set_color -o green
echo "Syncing complete - unmounting luks container..."
set_color normal
ssh -t -i $KEY $USER@$REMOTE "
sudo umount $LUKS_MOUNT
sudo cryptsetup close --type luks $LUKS_NAME
rmdir $LUKS_MOUNT
"
Write Preview
Loading…
Cancel
Save