#!/bin/sh set -eu usage() { cat <<-'EOF' Usage: backup [-q] [-C COMMENT] [-x] [ARCHIVE_TAG] backup -h EOF } help() { cat <<-'EOF' Options: -q disable verbose mode, useful for batch sessions -C COMMENT the comment text to be attached to the archive -x disable checking the repository after creating the backup -h, --help show this message ARCHIVE_TAG the tag used to create the new backup (default: "manual") The repository is expected to have been create with: $ borg init -e repokey-blake2 The following environment variables are expected to be exported: $BORG_PASSCOMMAND $BORG_REPO $BORG_REMOTE_PATH Password-less SSH access is required, usually done via adding /root/.ssh/id_rsa.pub to the ssh remote's $THE_REMOTE:.ssh/authorized_keys Root permission is also required. Examples: Run backup from cronjob: $ backup Run backup from cronjob: $ backup -q cronjob Create backup with a comment, a tag, and verbose mode active, and do not verify the repository afterwards: $ backup -xC 'The backup has a comment' EOF } for flag in "$@"; do case "$flag" in --) break ;; --help) usage help exit ;; *) ;; esac done VERBOSE_FLAGS='--verbose --progress' COMMENT=' ' CHECK=true while getopts 'qC:xh' flag; do case "$flag" in q) VERBOSE_FLAGS='' ;; C) COMMENT="$OPTARG" ;; x) CHECK=false ;; h) usage help exit ;; *) usage >&2 exit 2 ;; esac done shift $((OPTIND - 1)) ARCHIVE_TAG="${1:-manual}" if [ "$(id -un)" != 'root' ]; then printf 'This script must be run as root.\n\n' >&2 usage >&2 exit 2 fi run() { STATUS=0 set -x # shellcheck disable=2086 sudo -i borg create \ $VERBOSE_FLAGS \ --comment "$COMMENT" \ --stats \ --compression lzma,9 \ "$BORG_REPO::$(hostname)-{now}-$ARCHIVE_TAG" \ /mnt/production/ \ /root/ \ /home/ \ /etc/ \ /var/ \ /opt/ \ /srv/ || STATUS=$? set +x if [ "$STATUS" = 0 ]; then return 0 elif [ "$STATUS" = 1 ]; then printf 'WARNING, but no ERROR.\n' >&2 return 0 else return "$STATUS" fi } run if [ "$CHECK" = true ]; then # shellcheck disable=2086 sudo -i borg check $VERBOSE_FLAGS --verify-data "$BORG_REPO" fi