anton
/
luksbackup
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'fb37ba9d3d'
${ noResults }
luksbackup/README.md

2.3 KiB
Raw Blame History

LUKS backup

Backup anything to any remote luks device!

Usage:

Currently this script is only present in fish, but you can translate it quite easily I suppose. Note that it requires fish to be the default shell for the user on the server

Step 1: Create a LUKS device on the target:

connect per ssh to the device, then run these commands (replace the seek=100G with your preferred size):

dd if=/dev/zero of=storage bs=1 count=0 seek=100G

sudo cryptsetup luksFormat storage

sudo cryptsetup luksOpen storage luks_setup

sudo mkfs.ext4 /dev/mapper/luks_setup

mkdir backup

sudo mount /dev/mapper/luks_setup ~/backup

sudo chown -R --reference=. ~/backup

read -P \"check out this progress\"

sudo umount ~/backup

sudo cryptsetup luksClose luks_setup;

rmdir backup

you can replace the name (storage) with any filename you like. If you'd rather use a partition skip the dd part and run luksFormat directly on your partition and replace the file with the device at all other steps.

step 2: configure the backup script: Replace these variables in the beginning with your own:

set REMOTE "your-backup-ssh-server"         # ip/host where to backup to
set REMOTE_PATH "~/backup/current"          # remote location where backup is mirrored
set USER username                           # ssh user
set KEY ~/.ssh/id_backup_key                # ssh key
set SSH_OPT                                 # possible ssh options

set LUKS_DEVICE "~/storage"                 # luks device or file to open
set LUKS_NAME "luks_"(random)               # generate a random name for the luks groups
set LUKS_MOUNT "~/backup"                   # the mount point where the container is mounted to

set RSYNC_IGNORE_FILE "~/.backup-ignore"    # the file containing the blacklist

step 3: configure your rsync ignore file:

use your editor to add all directories you'd like to skip to the .backup-ignore file (or whatever you named the RSYNC_IGNORE_FILE in the config)

step 4: run the backup script

./backup.fish

Additional things:

Things you can do, but do not need to:

  • symlink the backup.fish to a bin location
  • call the backup.fish script automatically (cronjob etc)
  • run backup.fish --browse to browse the remote files
  • add a sudo policy to not require the server user to prompt for passwords