bryan
/
borgwrapper
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add init and exec modes

dev
hk 2017-03-18 12:49:26 +01:00
parent fbf8b16c22
commit 967a4bb922
3 changed files with 67 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
README.md
View File

@ -1,38 +1,67 @@
# borgwrapper # borgwrapper
Wrapper to simplify backups with borgbackup Wrapper to simplify backups with borgbackup
# Installation
Put the script somewhere practical
cp borgwrapper.sh /usr/local/bin/borgwrapper
chown root. /usr/local/bin/borgwrapper
chmod 750 /usr/local/bin/borgwrapper
# Configuration # Configuration
By default borgwrapper expects the configuration to be located at `/etc/borgwrapper/config.sh`. By default borgwrapper expects the configuration to be located at `/etc/borgwrapper/config.sh`.
Ensure restrictive permissions on this file as it exposes the passphrase. Ensure restrictive permissions on this file as it exposes the passphrase.
chown root:root config.sh chown root. config.sh
chmod 600 config.sh chmod 600 config.sh
Example cron jobs: Example cron jobs:
# Run the backup daily # Run the backup daily
23 1 * * * /usr/local/sbin/borgwrapper.sh backup 23 1 * * * /usr/local/bin/borgwrapper backup
# Verify the backups once a month # Verify the backups once a month
40 17 23 * * /usr/local/sbin/borgwrapper.sh verify 40 17 23 * * /usr/local/bin/borgwrapper verify
# Borg server preparation
Install borg and then
adduser --system --group --shell /bin/bash borg
mkdir /srv/borg
chown borg. /srv/borg
chmod 755 /srv/borg
Generate the needed passwordless ssh-keys as root (the user you run the backup as) on the client
ssh-keygen
Copy the content of the generated public key in /root/.ssh/ to `/home/borg/.ssh/authorized_keys` on the server, with
some restrictions so it looks something like this:
command="borg serve --restrict-to-path /srv/borg/<hostname>",no-pty,no-agent-forwarding,no-port-forwarding,no-X11-forwarding, no-user-rc ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDeCInOLjv0hgzI0u1b/p4yYnCEV5n89HIXF1hrLor+ZQ7lSUii21tpn47Aw8RJJAjfDCwCdQ27MXjpzNelBf4KrlAiN1K3FcnGGIiE3XFNoj4LW7oAjzjFgOKC/ea/hXaCI6E8M/Pn5+MhdNN1ZsWNm/9Zp0+jza+l74DQgOE33XhSBjckUchqtBci7BqoCejy2lVvboFA231mSEpPValcKmG2qaNphAkCgAPjtDOx3V6DGQ8e7jfA2McQYxfju6HlpWPUx/li6VJhRa5huczfJ3J/sdfu123s/lgTW4rG5QNng1vt1FOIZ/TkaEsPt2wzD2Qxdwo70qVts3hrd+r root@client
# Usage # Usage
## Initialize backup repo ## Initialize backup repo
(. /etc/borgwrapper/config.sh; export BORG_PASSPHRASE; borg init "$REPO") borgwrapper init
## Backup ## Backup
borgwrapper.sh backup borgwrapper backup
## Verify backups ## Verify backups
borgwrapper.sh verify borgwrapper verify
## Unlock after unclean exit ## Unlock after unclean exit
borgwrapper.sh unlock borgwrapper unlock
## Run other borg commands ## Run other borg commands
Run in subshell if you do not want the passphrase stored in the current shell even after the commands have exited. ### Wrapped and easy
Use `exec <borg arguments>`. `BORG_REPO` is exported to the environment so use `::` when the repo
argument is required.
Example:
borgwrapper exec mount :: /mnt
### Borg directly
Run in subshell if you do not want the passphrase stored in the current shell after the command have exited.
Examples: Examples:
(. /etc/borgwrapper/config.sh; export BORG_PASSPHRASE; borg list "$REPO") (. /etc/borgwrapper/config.sh; export BORG_PASSPHRASE; borg mount "$BORG_REPO" /mnt)
(. /etc/borgwrapper/config.sh; export BORG_PASSPHRASE; borg mount "$REPO" /mnt)

29
src/borgwrapper.sh
View File

@ -11,6 +11,11 @@ print_usage () {
echo " MODE backup|verify|unlock" echo " MODE backup|verify|unlock"
} }
borg_init () {
${BORG} init "${BORG_REPO}"
}
borg_backup () { borg_backup () {
EXCLUDE_CMD=() EXCLUDE_CMD=()
@ -21,7 +26,7 @@ borg_backup () {
${BORG} create --info --stats \ ${BORG} create --info --stats \
--compression lz4 \ --compression lz4 \
--numeric-owner \ --numeric-owner \
"${REPO}"::"{hostname}-$(date -u +'%Y%m%dT%H%M%SZ')" \ "${BORG_REPO}"::"{hostname}-$(date -u +'%Y%m%dT%H%M%SZ')" \
"${PATHS[@]}" \ "${PATHS[@]}" \
"${EXCLUDE_CMD[@]}" "${EXCLUDE_CMD[@]}"
} }
@ -36,29 +41,43 @@ borg_prune () {
--keep-weekly=${KEEP_WEEKLY} \ --keep-weekly=${KEEP_WEEKLY} \
--keep-monthly=${KEEP_MONTHLY} \ --keep-monthly=${KEEP_MONTHLY} \
--keep-yearly=${KEEP_YEARLY} \ --keep-yearly=${KEEP_YEARLY} \
"${REPO}" "${BORG_REPO}"
} }
borg_verify () { borg_verify () {
${BORG} check --info "${REPO}" ${BORG} check --info "${BORG_REPO}"
} }
borg_unlock () { borg_unlock () {
# Use if borgbackup is not shut down cleanly and complains about lock files # Use if borgbackup is not shut down cleanly and complains about lock files
${BORG} break-lock "${REPO}" ${BORG} break-lock "${BORG_REPO}"
} }
borg_exec () {
export BORG_REPO
${BORG} "$@"
}
source "${CONFIG}" || exit 1 source "${CONFIG}" || exit 1
export BORG_PASSPHRASE export BORG_PASSPHRASE
if [[ ${MODE} == "backup" ]]; then if [[ ${MODE} == "init" ]]; then
borg_init
elif [[ ${MODE} == "backup" ]]; then
borg_backup borg_backup
borg_prune borg_prune
elif [[ ${MODE} == "verify" ]]; then elif [[ ${MODE} == "verify" ]]; then
borg_verify borg_verify
elif [[ ${MODE} == "unlock" ]]; then elif [[ ${MODE} == "unlock" ]]; then
borg_unlock borg_unlock
elif [[ ${MODE} == "exec" ]]; then
if [[ $# -le 1 ]]; then
echo "ERROR: No borg arguments given"
exit 1
fi
shift
borg_exec "$@"
else else
print_usage print_usage
fi fi

2
src/config.sh.example
View File

@ -1,5 +1,5 @@
BORG="/usr/bin/borg" BORG="/usr/bin/borg"
REPO="user@reposerver:/srv/borg/$(hostname -f)" BORG_REPO="user@reposerver:/srv/borg/$(hostname -f)"
BORG_PASSPHRASE="longandcomplexpassphrase" BORG_PASSPHRASE="longandcomplexpassphrase"
PATHS=( PATHS=(
"/etc" "/etc"