aboutsummaryrefslogtreecommitdiff
path: root/src/infrastructure/scripts/backup.sh
blob: bea63b2804574fb4f6b30dd083639eac4be37b9a (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
#!/bin/sh
set -eu

usage() {
	cat <<-'EOF'
		Usage:
		  backup [-q] [-C COMMENT] [-x] [ARCHIVE_TAG]
		  backup -h
	EOF
}

help() {
	cat <<-'EOF'


		Options:
		  -q            disable verbose mode, useful for batch sessions
		  -C COMMENT    the comment text to be attached to the archive
		  -x            enable checking the repository after creating the backup
		  -h, --help    show this message

		  ARCHIVE_TAG    the tag used to create the new
		                 backup (default: "manual")


		The repository is expected to have been create with:

		  $ borg init -e repokey-blake2

		The following environment variables are expected to be exported:

		  $BORG_PASSCOMMAND
		  $BORG_REPO
		  $BORG_REMOTE_PATH

		Password-less SSH access is required, usually done via adding
		/root/.ssh/id_rsa.pub to the ssh remote's
		$THE_REMOTE:.ssh/authorized_keys

		Root permission is also required.


		Examples:

		  Run backup from cronjob:

		    $ backup


		  Run backup from cronjob:

		    $ backup -q cronjob


		  Create backup with a comment, a tag, and verbose mode active, and do
		  verify the repository afterwards:

		    $ backup -xC 'The backup has a comment'
	EOF
}


for flag in "$@"; do
	case "$flag" in
		--)
			break
			;;
		--help)
			usage
			help
			exit
			;;
		*)
			;;
	esac
done

VERBOSE_FLAGS='--verbose --progress'
COMMENT=' '
CHECK=false
while getopts 'qC:xh' flag; do
	case "$flag" in
		q)
			VERBOSE_FLAGS=''
			;;
		C)
			COMMENT="$OPTARG"
			;;
		x)
			CHECK=true
			;;
		h)
			usage
			help
			exit
			;;
		*)
			usage >&2
			exit 2
			;;
	esac
done
shift $((OPTIND - 1))

ARCHIVE_TAG="${1:-manual}"


if [ "$(id -un)" != 'root' ]; then
	printf 'This script must be run as root.\n\n' >&2
	usage >&2
	exit 2
fi


run() {
	STATUS=0
	set -x
	# shellcheck disable=2086
	sudo -i borg create \
		$VERBOSE_FLAGS                               \
		--comment "$COMMENT"                         \
		--stats                                      \
		--compression lzma,9                         \
		"$BORG_REPO::$(hostname)-{now}-$ARCHIVE_TAG" \
		/mnt/production/                             \
		/root/                                       \
		/home/                                       \
		/etc/                                        \
		/var/                                        \
		/opt/                                        \
		/srv/ || STATUS=$?
	set +x

	if [ "$STATUS" = 0 ]; then
		return 0
	elif [ "$STATUS" = 1 ]; then
		printf 'WARNING, but no ERROR.\n' >&2
		return 0
	else
		return "$STATUS"
	fi
}

run

if [ "$CHECK" = true ]; then
	# shellcheck disable=2086
	sudo -i borg check $VERBOSE_FLAGS --verify-data "$BORG_REPO"
fi