backupd/README.md

# BackupD

A simple backup script.

## Installation

Prerequisites:
 - **OS MUST be Debian 12**
 - CLI Tools:
   - `rclone`
   - `openssl`
   - `tar`
   - `zstd`
   - `sha256sum`
 - If you need to run the script as scheduled tasks, you need to use `cron` or `systemd-timer`.

Clone the repository:
```bash
git clone https://devops.lty.name/luo/backupd.git /opt/backupd
```

## Configuration
>
> **Note**
>
> You have to complete ALL FOLLOWING STEPS to make the script work properly.
>

**Permissions**

Don't forget to change the ownership and permissions of the files:
```bash
chown -R root:root /opt/backupd
cd /opt/backupd
for file in *.example; do
    mv "$file" "${file%.example}"
done
chmod 600 rclone.conf passwd
```

**Rclone**

Run the following command to initialize Rclone:
```bash
export RCLONE_CONFIG=/opt/backupd/rclone.conf
rclone config
```

See `rclone.conf.example` for an example configuration.

Ensure `dest` section exist in `rclone.conf`. Otherwise, the script will **fail and work unexpectedly**.

**Includes and Excludes**

You also need to configure the `includes` and `excludes` files.
 - `includes`: Files and directories to be backed up.
 - `excludes`: Files and directories to be excluded from the backup.
See `includes.example` and `excludes.example` for example configurations.

**Encryption**

You **MUST** set the encryption password in the `passwd` file.
```bash
AES_PASSWD="your_password"
ITER_COUNT=100000
```
See `passwd.example` for an example configuration.

If you did not set the password, the script will encrypt your backup with your hostname, which **IS NOT SECURE**.

**Scheduled Tasks**

If you wish to run the script as scheduled tasks, copy the fillowing files to `/etc/systemd/system/`:
 - `backupd.service`
 - `backupd.timer`

```bash
cp /opt/backupd/backupd.service /etc/systemd/system/
cp /opt/backupd/backupd.timer   /etc/systemd/system/
```

Then, enable and start the timer:
```bash
systemctl enable backupd.service
systemctl start  backupd.service
systemctl enable --now backupd.timer
```

## Restore the Backup
First, ensure the required environment variables are set:
```bash
export RCLONE_CONFIG=/opt/backupd/rclone.conf
ITER_COUNT=100000
AES_PASSWD=
```

Then, view the list of backups:
```
rclone tree dest:
```

Fetch the backup you want to restore:
```bash
server=
rclone copy -P dest:server-$server/ ./restore-$server
cd ./restore-$server
```

Check the integrity of the backup:
```bash
for file in *.enc; do
    rclone lsjson -M "dest:server-$server/$file" > "$file.metadata"
    output=$(echo "$file" | cut -d"_" -f3-4 | cut -d"." -f1 | tr ':" ' '-').tar.zst
    openssl enc -d -aes-256-cbc -pbkdf2 -iter $ITER_COUNT -k "$AES_PASSWD" -in "$file" -out "$output"
    enc_hash=$(cat "$file.metadata" | jq -r '.[].Metadata."sha256-enc"')
    zst_hash=$(cat "$file.metadata" | jq -r '.[].Metadata."sha256-zst"')
    echo "$enc_hash  $file"   | sha256sum -c
    echo "$zst_hash  $output" | sha256sum -c
done
```

Decompress the backup:
```bash
for file in *.tar.zst; do
    out=$server-${file%.tar.zst}
    mkdir -p "$out" && tar -xvf "$file" -C "./$server-${file%.tar.zst}"
done
```

## Contributing Notice
If you wish to contribute to this project, please make sure you use `shellcheck` to lint the script.
```bash
shellcheck -x backupd
```

## License
This project is licensed under the MIT License. See the [LICENSE](LICENSE) file for details.
initial commit 2025-01-20 02:50:30 +00:00			`# BackupD`

			`A simple backup script.`

			`## Installation`

			`Prerequisites:`
			`- OS MUST be Debian 12`
			`- CLI Tools:`
			- `rclone`
			- `openssl`
			- `tar`
			- `zstd`
			- `sha256sum`
			- If you need to run the script as scheduled tasks, you need to use `cron` or `systemd-timer`.

			`Clone the repository:`
			```bash
			`git clone https://devops.lty.name/luo/backupd.git /opt/backupd`
			```

			`## Configuration`
add: systemd service 2025-01-20 02:54:23 +00:00			`>`
			`> Note`
			`>`
			`> You have to complete ALL FOLLOWING STEPS to make the script work properly.`
			`>`
initial commit 2025-01-20 02:50:30 +00:00
add: systemd service 2025-01-20 02:54:23 +00:00			`Permissions`

			`Don't forget to change the ownership and permissions of the files:`
initial commit 2025-01-20 02:50:30 +00:00			```bash
			`chown -R root:root /opt/backupd`
add: systemd service 2025-01-20 02:54:23 +00:00			`cd /opt/backupd`
			`for file in *.example; do`
			`mv "$file" "${file%.example}"`
			`done`
			`chmod 600 rclone.conf passwd`
initial commit 2025-01-20 02:50:30 +00:00			```

			`Rclone`

			`Run the following command to initialize Rclone:`
			```bash
			`export RCLONE_CONFIG=/opt/backupd/rclone.conf`
			`rclone config`
			```

			See `rclone.conf.example` for an example configuration.

			Ensure `dest` section exist in `rclone.conf`. Otherwise, the script will fail and work unexpectedly.

			`Includes and Excludes`

			You also need to configure the `includes` and `excludes` files.
			- `includes`: Files and directories to be backed up.
			- `excludes`: Files and directories to be excluded from the backup.
			See `includes.example` and `excludes.example` for example configurations.

			`Encryption`

			You MUST set the encryption password in the `passwd` file.
			```bash
			`AES_PASSWD="your_password"`
			`ITER_COUNT=100000`
			```
			See `passwd.example` for an example configuration.

			`If you did not set the password, the script will encrypt your backup with your hostname, which IS NOT SECURE.`

			`Scheduled Tasks`

			If you wish to run the script as scheduled tasks, copy the fillowing files to `/etc/systemd/system/`:
			- `backupd.service`
			- `backupd.timer`

			```bash
			`cp /opt/backupd/backupd.service /etc/systemd/system/`
add: systemd service 2025-01-20 02:54:23 +00:00			`cp /opt/backupd/backupd.timer /etc/systemd/system/`
initial commit 2025-01-20 02:50:30 +00:00			```

			`Then, enable and start the timer:`
			```bash
			`systemctl enable backupd.service`
			`systemctl start backupd.service`
			`systemctl enable --now backupd.timer`
			```

			`## Restore the Backup`
			`First, ensure the required environment variables are set:`
			```bash
			`export RCLONE_CONFIG=/opt/backupd/rclone.conf`
			`ITER_COUNT=100000`
			`AES_PASSWD=`
			```

			`Then, view the list of backups:`
			```
			`rclone tree dest:`
			```

			`Fetch the backup you want to restore:`
			```bash
			`server=`
			`rclone copy -P dest:server-$server/ ./restore-$server`
			`cd ./restore-$server`
			```

			`Check the integrity of the backup:`
			```bash
			`for file in *.enc; do`
			`rclone lsjson -M "dest:server-$server/$file" > "$file.metadata"`
			`output=$(echo "$file" \| cut -d"_" -f3-4 \| cut -d"." -f1 \| tr ':" ' '-').tar.zst`
			`openssl enc -d -aes-256-cbc -pbkdf2 -iter $ITER_COUNT -k "$AES_PASSWD" -in "$file" -out "$output"`
			`enc_hash=$(cat "$file.metadata" \| jq -r '.[].Metadata."sha256-enc"')`
			`zst_hash=$(cat "$file.metadata" \| jq -r '.[].Metadata."sha256-zst"')`
			`echo "$enc_hash $file" \| sha256sum -c`
			`echo "$zst_hash $output" \| sha256sum -c`
			`done`
			```

			`Decompress the backup:`
			```bash
			`for file in *.tar.zst; do`
			`out=$server-${file%.tar.zst}`
			`mkdir -p "$out" && tar -xvf "$file" -C "./$server-${file%.tar.zst}"`
			`done`
			```

			`## Contributing Notice`
			If you wish to contribute to this project, please make sure you use `shellcheck` to lint the script.
			```bash
			`shellcheck -x backupd`
			```

			`## License`
			`This project is licensed under the MIT License. See the [LICENSE](LICENSE) file for details.`