# LUKS backup
Backup anything to any remote luks device!

## Usage:
Currently this script is only present in fish, but you can translate it quite easily I suppose. Note that it requires fish to be the default shell for the user on the server

**Step 1:** Create a LUKS device on the target:

connect per ssh to the device, then run these commands (replace the seek=100G with your preferred size):

```bash
dd if=/dev/zero of=storage bs=1 count=0 seek=100G

sudo cryptsetup luksFormat storage

sudo cryptsetup luksOpen storage luks_setup

sudo mkfs.ext4 /dev/mapper/luks_setup

mkdir backup

sudo mount /dev/mapper/luks_setup ~/backup

sudo chown -R --reference=. ~/backup

read -P "check out this progress"

sudo umount ~/backup

sudo cryptsetup luksClose luks_setup;

rmdir backup
```

you can replace the name (`storage`) with any filename you like. If you'd rather use a partition skip the `dd` part and run `luksFormat` directly on your partition and replace the file with the device at all other steps.

**step 2:** configure the backup script:
Replace these variables in the beginning with your own:

```fish
set REMOTE "your-backup-ssh-server"         # ip/host where to backup to
set REMOTE_PATH "~/backup/current"          # remote location where backup is mirrored
set USER username                           # ssh user
set KEY ~/.ssh/id_backup_key                # ssh key
set SSH_OPT                                 # possible ssh options

set LUKS_DEVICE "~/storage"                 # luks device or file to open
set LUKS_NAME "luks_"(random)               # generate a random name for the luks groups
set LUKS_MOUNT "~/backup"                   # the mount point where the container is mounted to

set RSYNC_IGNORE_FILE "~/.backup-ignore"    # the file containing the blacklist
```

**step 3:** configure your rsync ignore file:

use your editor to add all directories you'd like to skip to the `.backup-ignore` file (or whatever you named the `RSYNC_IGNORE_FILE` in the config)


**step 4:** run the backup script

`./backup.fish`

## Additional things:

Things you can do, but do not need to:

* symlink the `backup.fish` to a location in your PATH (also rename it)
* call the `backup.fish` script automatically (cronjob etc)
* run `backup.fish --browse` to browse the remote files
* add a sudo policy to not require the server user to prompt for passwords