107 lines
3.4 KiB
Bash
Executable File
107 lines
3.4 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
BACKUP_DIR="/mnt/hardestdrive/gitea-backup"
|
|
LOG_DIR="/mnt/hardestdrive/gitea-backup-logs"
|
|
DATA_DIR="/mnt/hardestdrive/gitea"
|
|
DB_USER="root"
|
|
DB_NAME="gitea"
|
|
TIMESTAMP=$(date +"%Y%m%d-%H%M%S")
|
|
DB_BACKUP_FILE="${BACKUP_DIR}/gitea-database-backup-${TIMESTAMP}.sql.zst"
|
|
ARCHIVE_FILE="${BACKUP_DIR}/gitea-backup-${TIMESTAMP}.tar.zst"
|
|
ENCRYPTED_DB_BACKUP_FILE="${DB_BACKUP_FILE}.enc"
|
|
ENCRYPTED_ARCHIVE_FILE="${ARCHIVE_FILE}.enc"
|
|
KEY_FILE="/mnt/hardestdrive/gitea-backup.key"
|
|
REMOTE_USER="tom"
|
|
REMOTE_HOST="nordicdatarefinement.com"
|
|
REMOTE_PORT="23"
|
|
REMOTE_DIR="/mnt/hdd/gitea-backup"
|
|
REMOTE_KEEP_OLD=7
|
|
|
|
REQUIRED_PROGRAMS=("rsync" "mysqldump" "zstd" "tar" "systemctl" "openssl")
|
|
for prog in "${REQUIRED_PROGRAMS[@]}"; do
|
|
if ! command -v "$prog" &>/dev/null; then
|
|
echo "Error: $prog is not installed." >&2
|
|
exit 1
|
|
fi
|
|
done
|
|
|
|
if [[ ! -f "$KEY_FILE" ]]; then
|
|
printf "Key file doesn't exist at '%s'\n" "$KEY_FILE"
|
|
exit 1
|
|
fi
|
|
|
|
mkdir -p "${LOG_DIR}"
|
|
log() {
|
|
local msg
|
|
msg="$(date +"%Y-%m-%d %H:%M:%S") $1"
|
|
echo "$msg" | tee -a "${LOG_DIR}/$TIMESTAMP.log"
|
|
}
|
|
|
|
log "Stopping Gitea service..."
|
|
systemctl stop gitea
|
|
|
|
log "Creating backup directories..."
|
|
mkdir -p "$BACKUP_DIR"
|
|
|
|
log "Creating archive of Gitea..."
|
|
tar -cf - -C "${DATA_DIR}" . | zstd -o "${ARCHIVE_FILE}"
|
|
|
|
log "Backing up MySQL database..."
|
|
mysqldump --single-transaction -u "${DB_USER}" "${DB_NAME}" | zstd >"${DB_BACKUP_FILE}"
|
|
if [ $? -ne 0 ]; then
|
|
log "Error during database backup."
|
|
systemctl start gitea
|
|
exit 1
|
|
fi
|
|
|
|
log "Starting Gitea service..."
|
|
systemctl start gitea
|
|
|
|
log "Encrypting the SQL dump..."
|
|
openssl enc -aes-256-cbc -salt -pbkdf2 -in "${DB_BACKUP_FILE}" -out "${ENCRYPTED_DB_BACKUP_FILE}" -pass file:"${KEY_FILE}"
|
|
# openssl enc -aes-256-cbc -d -pbkdf2 -in "${ENCRYPTED_DB_BACKUP_FILE}" -out "gitea-database-backup-${TIMESTAMP}.sql.zst" -pass file:"${KEY_FILE}"
|
|
if [ $? -ne 0 ]; then
|
|
log "Error during SQL dump encryption."
|
|
exit 1
|
|
fi
|
|
rm "${DB_BACKUP_FILE}"
|
|
|
|
log "Encrypting the tarball..."
|
|
openssl enc -aes-256-cbc -salt -pbkdf2 -in "${ARCHIVE_FILE}" -out "${ENCRYPTED_ARCHIVE_FILE}" -pass file:"${KEY_FILE}"
|
|
# openssl enc -aes-256-cbc -d -pbkdf2 -in "${ENCRYPTED_ARCHIVE_FILE}" -out "gitea-backup-${TIMESTAMP}.tar.zst" -pass file:"${KEY_FILE}"
|
|
if [ $? -ne 0 ]; then
|
|
log "Error during tarball encryption."
|
|
exit 1
|
|
fi
|
|
rm "${ARCHIVE_FILE}"
|
|
|
|
log "Gitea backup completed successfully and encrypted."
|
|
|
|
log "Sending backups to remote server..."
|
|
rsync -av --progress -e "ssh -p ${REMOTE_PORT}" "${ENCRYPTED_DB_BACKUP_FILE}" "${ENCRYPTED_ARCHIVE_FILE}" "${REMOTE_USER}@${REMOTE_HOST}:${REMOTE_DIR}"
|
|
if [ $? -ne 0 ]; then
|
|
log "Error during rsync to remote server."
|
|
exit 1
|
|
fi
|
|
|
|
log "Backups sent successfully."
|
|
|
|
log "Removing dumps locally"
|
|
rm -r "${BACKUP_DIR}"
|
|
|
|
log "Cleaning up old backups on remote server, keeping ${REMOTE_KEEP_OLD}..."
|
|
|
|
ssh -p ${REMOTE_PORT} ${REMOTE_USER}@${REMOTE_HOST} <<EOF
|
|
REMOTE_KEEP_OLD=${REMOTE_KEEP_OLD}
|
|
REMOTE_DIR=${REMOTE_DIR}
|
|
|
|
sqls=\$(ls ${REMOTE_DIR}/gitea-database-backup-*.sql.zst.enc 2>/dev/null)
|
|
if [ \$(echo "\${sqls}" | wc -l) -gt ${REMOTE_KEEP_OLD} ]; then
|
|
echo "\${sqls}" | sort | head -n -${REMOTE_KEEP_OLD} | xargs -I {} rm -- {}
|
|
fi
|
|
tars=\$(ls ${REMOTE_DIR}/gitea-backup-*.tar.zst.enc 2>/dev/null)
|
|
if [ \$(echo "\${tars}" | wc -l) -gt ${REMOTE_KEEP_OLD} ]; then
|
|
echo "\${tars}" | sort | head -n -${REMOTE_KEEP_OLD} | xargs -I {} rm -- {}
|
|
fi
|
|
EOF
|