luo/backupd
1
0
Fork 0
Code Issues Pull Requests Actions Activity
backupd/README.md
洛天依 575e940dde
All checks were successful
Lint / Lint (push) Successful in 14s
Details
add: systemd service
2025-01-20 03:01:20 +00:00

138 lines
3.3 KiB
Markdown
Raw Permalink Blame History

# BackupD
A simple backup script.
## Installation
Prerequisites:
- **OS MUST be Debian 12**
- CLI Tools:
- `rclone`
- `openssl`
- `tar`
- `zstd`
- `sha256sum`
- If you need to run the script as scheduled tasks, you need to use `cron` or `systemd-timer`.
Clone the repository:
```bash
git clone https://devops.lty.name/luo/backupd.git /opt/backupd
```
## Configuration
>
> **Note**
>
> You have to complete ALL FOLLOWING STEPS to make the script work properly.
>
**Permissions**
Don't forget to change the ownership and permissions of the files:
```bash
chown -R root:root /opt/backupd
cd /opt/backupd
for file in *.example; do
mv "$file" "${file%.example}"
done
chmod 600 rclone.conf passwd
```
**Rclone**
Run the following command to initialize Rclone:
```bash
export RCLONE_CONFIG=/opt/backupd/rclone.conf
rclone config
```
See `rclone.conf.example` for an example configuration.
Ensure `dest` section exist in `rclone.conf`. Otherwise, the script will **fail and work unexpectedly**.
**Includes and Excludes**
You also need to configure the `includes` and `excludes` files.
- `includes`: Files and directories to be backed up.
- `excludes`: Files and directories to be excluded from the backup.
See `includes.example` and `excludes.example` for example configurations.
**Encryption**
You **MUST** set the encryption password in the `passwd` file.
```bash
AES_PASSWD="your_password"
ITER_COUNT=100000
```
See `passwd.example` for an example configuration.
If you did not set the password, the script will encrypt your backup with your hostname, which **IS NOT SECURE**.
**Scheduled Tasks**
If you wish to run the script as scheduled tasks, copy the fillowing files to `/etc/systemd/system/`:
- `backupd.service`
- `backupd.timer`
```bash
cp /opt/backupd/backupd.service /etc/systemd/system/
cp /opt/backupd/backupd.timer /etc/systemd/system/
```
Then, enable and start the timer:
```bash
systemctl enable backupd.service
systemctl start backupd.service
systemctl enable --now backupd.timer
```
## Restore the Backup
First, ensure the required environment variables are set:
```bash
export RCLONE_CONFIG=/opt/backupd/rclone.conf
ITER_COUNT=100000
AES_PASSWD=
```
Then, view the list of backups:
```
rclone tree dest:
```
Fetch the backup you want to restore:
```bash
server=
rclone copy -P dest:server-$server/ ./restore-$server
cd ./restore-$server
```
Check the integrity of the backup:
```bash
for file in *.enc; do
rclone lsjson -M "dest:server-$server/$file" > "$file.metadata"
output=$(echo "$file" | cut -d"_" -f3-4 | cut -d"." -f1 | tr ':" ' '-').tar.zst
openssl enc -d -aes-256-cbc -pbkdf2 -iter $ITER_COUNT -k "$AES_PASSWD" -in "$file" -out "$output"
enc_hash=$(cat "$file.metadata" | jq -r '.[].Metadata."sha256-enc"')
zst_hash=$(cat "$file.metadata" | jq -r '.[].Metadata."sha256-zst"')
echo "$enc_hash $file" | sha256sum -c
echo "$zst_hash $output" | sha256sum -c
done
```
Decompress the backup:
```bash
for file in *.tar.zst; do
out=$server-${file%.tar.zst}
mkdir -p "$out" && tar -xvf "$file" -C "./$server-${file%.tar.zst}"
done
```
## Contributing Notice
If you wish to contribute to this project, please make sure you use `shellcheck` to lint the script.
```bash
shellcheck -x backupd
```
## License
This project is licensed under the MIT License. See the [LICENSE](LICENSE) file for details.
Reference in New Issue View Git Blame Copy Permalink