# LUKS backup
Backup anything to any remote luks device!

## Usage:
Currently this script is only present in fish, but you can translate it quite easily I suppose. Note that it requires fish to be the default shell for the user on the server

**Step 1:** Create a LUKS device on the target:

connect per ssh to the device, then run these commands (replace the seek=100G with your preferred size):

```bash
dd if=/dev/zero of=storage bs=1 count=0 seek=100G

chmod go-rwx storage

sudo cryptsetup luksFormat storage

sudo cryptsetup luksOpen storage luks_setup

sudo mkfs.ext4 /dev/mapper/luks_setup

mkdir backup

sudo mount /dev/mapper/luks_setup ~/backup

sudo chown -R --reference=. ~/backup

read -P "check out this progress"

sudo umount ~/backup

sudo cryptsetup luksClose luks_setup;

rmdir backup
```

you can replace the name (`storage`) with any filename you like. If you'd rather use a partition skip the `dd` part and run `luksFormat` directly on your partition and replace the file with the device at all other steps.

*Note that the file will be shown to be 100GB in size, but it will not use 100GB of disk space. As the luks container fills up, the file will grow with it. If you don't want this, I would suggest filling the whole file with data from urandom. This will take a while on initialization though.*

**step 2:** configure the backup script:
Replace these variables in the beginning with your own:

```fish
set REMOTE "your-backup-ssh-server"         # ip/host where to backup to
set REMOTE_PATH "~/backup/current"          # remote location where backup is mirrored
set USER username                           # ssh user
set KEY ~/.ssh/id_backup_key                # ssh key
set SSH_OPT                                 # possible ssh options

set LUKS_DEVICE "~/storage"                 # luks device or file to open
set LUKS_NAME "luks_"(random)               # generate a random name for the luks groups
set LUKS_MOUNT "~/backup"                   # the mount point where the container is mounted to

set RSYNC_IGNORE_FILE "~/.backup-ignore"    # the file containing the blacklist
```

**step 3:** configure your rsync ignore file:

use your editor to add all directories you'd like to skip to the `.backup-ignore` file (or whatever you named the `RSYNC_IGNORE_FILE` in the config)


**step 4:** run the backup script

`./backup.fish`

## Additional things:

Things you can do, but do not need to:

* symlink the `backup.fish` to a location in your PATH (also rename it)
* call the `backup.fish` script automatically (cronjob etc)
* run `backup.fish --browse` to browse the remote files
* add a sudo policy to not require the server user to prompt for passwords