2.3 KiB
LUKS backup
Backup anything to any remote luks device!
Usage:
Currently this script is only present in fish, but you can translate it quite easily I suppose. Note that it requires fish to be the default shell for the user on the server
Step 1: Create a LUKS device on the target:
connect per ssh to the device, then run these commands (replace the seek=100G with your preferred size):
dd if=/dev/zero of=storage bs=1 count=0 seek=100G
sudo cryptsetup luksFormat storage
sudo cryptsetup luksOpen storage luks_setup
sudo mkfs.ext4 /dev/mapper/luks_setup
mkdir backup
sudo mount /dev/mapper/luks_setup ~/backup
sudo chown -R --reference=. ~/backup
read -P "check out this progress"
sudo umount ~/backup
sudo cryptsetup luksClose luks_setup;
rmdir backup
you can replace the name (storage
) with any filename you like. If you'd rather use a partition skip the dd
part and run luksFormat
directly on your partition and replace the file with the device at all other steps.
step 2: configure the backup script: Replace these variables in the beginning with your own:
set REMOTE "your-backup-ssh-server" # ip/host where to backup to
set REMOTE_PATH "~/backup/current" # remote location where backup is mirrored
set USER username # ssh user
set KEY ~/.ssh/id_backup_key # ssh key
set SSH_OPT # possible ssh options
set LUKS_DEVICE "~/storage" # luks device or file to open
set LUKS_NAME "luks_"(random) # generate a random name for the luks groups
set LUKS_MOUNT "~/backup" # the mount point where the container is mounted to
set RSYNC_IGNORE_FILE "~/.backup-ignore" # the file containing the blacklist
step 3: configure your rsync ignore file:
use your editor to add all directories you'd like to skip to the .backup-ignore
file (or whatever you named the RSYNC_IGNORE_FILE
in the config)
step 4: run the backup script
./backup.fish
Additional things:
Things you can do, but do not need to:
- symlink the
backup.fish
to a location in your PATH (also rename it) - call the
backup.fish
script automatically (cronjob etc) - run
backup.fish --browse
to browse the remote files - add a sudo policy to not require the server user to prompt for passwords