You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

2.6 KiB

LUKS backup

Backup anything to any remote luks device!

Usage:

Currently this script is only present in fish, but you can translate it quite easily I suppose. Note that it requires fish to be the default shell for the user on the server

Step 1: Create a LUKS device on the target:

connect per ssh to the device, then run these commands (replace the seek=100G with your preferred size):

dd if=/dev/zero of=storage bs=1 count=0 seek=100G

chmod go-rwx storage

sudo cryptsetup luksFormat storage

sudo cryptsetup luksOpen storage luks_setup

sudo mkfs.ext4 /dev/mapper/luks_setup

mkdir backup

sudo mount /dev/mapper/luks_setup ~/backup

sudo chown -R --reference=. ~/backup

read -P "check out this progress"

sudo umount ~/backup

sudo cryptsetup luksClose luks_setup;

rmdir backup

you can replace the name (storage) with any filename you like. If you'd rather use a partition skip the dd part and run luksFormat directly on your partition and replace the file with the device at all other steps.

Note that the file will be shown to be 100GB in size, but it will not use 100GB of disk space. As the luks container fills up, the file will grow with it. If you don't want this, I would suggest filling the whole file with data from urandom. This will take a while on initialization though.

step 2: configure the backup script: Replace these variables in the beginning with your own:

set REMOTE "your-backup-ssh-server"         # ip/host where to backup to
set REMOTE_PATH "~/backup/current"          # remote location where backup is mirrored
set USER username                           # ssh user
set KEY ~/.ssh/id_backup_key                # ssh key
set SSH_OPT                                 # possible ssh options

set LUKS_DEVICE "~/storage"                 # luks device or file to open
set LUKS_NAME "luks_"(random)               # generate a random name for the luks groups
set LUKS_MOUNT "~/backup"                   # the mount point where the container is mounted to

set RSYNC_IGNORE_FILE "~/.backup-ignore"    # the file containing the blacklist

step 3: configure your rsync ignore file:

use your editor to add all directories you'd like to skip to the .backup-ignore file (or whatever you named the RSYNC_IGNORE_FILE in the config)

step 4: run the backup script

./backup.fish

Additional things:

Things you can do, but do not need to:

  • symlink the backup.fish to a location in your PATH (also rename it)
  • call the backup.fish script automatically (cronjob etc)
  • run backup.fish --browse to browse the remote files
  • add a sudo policy to not require the server user to prompt for passwords