BackupD
A simple backup script.
Installation
Prerequisites:
- OS MUST be Debian 12
- CLI Tools:
rcloneopenssltarzstdsha256sum
- If you need to run the script as scheduled tasks, you need to use
cronorsystemd-timer.
Clone the repository:
git clone https://devops.lty.name/luo/backupd.git /opt/backupd
Configuration
Note
You have to complete ALL FOLLOWING STEPS to make the script work properly.
Permissions
Don't forget to change the ownership and permissions of the files:
chown -R root:root /opt/backupd
cd /opt/backupd
for file in *.example; do
mv "$file" "${file%.example}"
done
chmod 600 rclone.conf passwd
Rclone
Run the following command to initialize Rclone:
export RCLONE_CONFIG=/opt/backupd/rclone.conf
rclone config
See rclone.conf.example for an example configuration.
Ensure dest section exist in rclone.conf. Otherwise, the script will fail and work unexpectedly.
Includes and Excludes
You also need to configure the includes and excludes files.
includes: Files and directories to be backed up.excludes: Files and directories to be excluded from the backup. Seeincludes.exampleandexcludes.examplefor example configurations.
Encryption
You MUST set the encryption password in the passwd file.
AES_PASSWD="your_password"
ITER_COUNT=100000
See passwd.example for an example configuration.
If you did not set the password, the script will encrypt your backup with your hostname, which IS NOT SECURE.
Scheduled Tasks
If you wish to run the script as scheduled tasks, copy the fillowing files to /etc/systemd/system/:
backupd.servicebackupd.timer
cp /opt/backupd/backupd.service /etc/systemd/system/
cp /opt/backupd/backupd.timer /etc/systemd/system/
Then, enable and start the timer:
systemctl enable backupd.service
systemctl start backupd.service
systemctl enable --now backupd.timer
Restore the Backup
First, ensure the required environment variables are set:
export RCLONE_CONFIG=/opt/backupd/rclone.conf
ITER_COUNT=100000
AES_PASSWD=
Then, view the list of backups:
rclone tree dest:
Fetch the backup you want to restore:
server=
rclone copy -P dest:server-$server/ ./restore-$server
cd ./restore-$server
Check the integrity of the backup:
for file in *.enc; do
rclone lsjson -M "dest:server-$server/$file" > "$file.metadata"
output=$(echo "$file" | cut -d"_" -f3-4 | cut -d"." -f1 | tr ':" ' '-').tar.zst
openssl enc -d -aes-256-cbc -pbkdf2 -iter $ITER_COUNT -k "$AES_PASSWD" -in "$file" -out "$output"
enc_hash=$(cat "$file.metadata" | jq -r '.[].Metadata."sha256-enc"')
zst_hash=$(cat "$file.metadata" | jq -r '.[].Metadata."sha256-zst"')
echo "$enc_hash $file" | sha256sum -c
echo "$zst_hash $output" | sha256sum -c
done
Decompress the backup:
for file in *.tar.zst; do
out=$server-${file%.tar.zst}
mkdir -p "$out" && tar -xvf "$file" -C "./$server-${file%.tar.zst}"
done
Contributing Notice
If you wish to contribute to this project, please make sure you use shellcheck to lint the script.
shellcheck -x backupd
License
This project is licensed under the MIT License. See the LICENSE file for details.