From 27a6fd02cabd3b98b0d87040aa88ff6502518575 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Mon, 20 Aug 2018 14:07:01 +0200
Subject: [borgbackup] Add script to create repos

This script is used on out backup server and
handy to set up file system structure, generate
keys and deploy script/key to the remote machine
intended to be backed up.
---
 borgbackup/create-repo | 121 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 121 insertions(+)
 create mode 100755 borgbackup/create-repo

diff --git a/borgbackup/create-repo b/borgbackup/create-repo
new file mode 100755
index 0000000..79a4c65
--- /dev/null
+++ b/borgbackup/create-repo
@@ -0,0 +1,121 @@
+#!/bin/bash
+
+MYPID=$$
+ROOT_DIR="/mnt/storage1_loop/borg"
+BORG_GROUP="borg-backup"
+THIS_HOST="132.230.4.17"
+BORG_VERSION="1.1.7" # What is deployed to remote machines...
+# Should match the local installed version
+
+perror() {
+	echo "[ERROR] $*"
+	[ "$$" != "$MYPID" ] && kill "$MYPID"
+	exit 1
+}
+
+declare -rg MYPID ROOT_DIR BORG_GROUP
+
+[ -d "$ROOT_DIR" ] || perror "No such directory: $ROOT_DIR"
+
+echo -n "Please enter host name or address of machine to back up (pref. a host name): "
+read -r name trash || perror "Nothing entered"
+[ -n "$name" ] || perror "Nothing entered"
+[ -z "$trash" ] || perror "Must not contain spaces"
+host=$name
+basedir="$ROOT_DIR/$name"
+
+[ -d "$basedir" ] && perror "Target $basedir already exists"
+mkdir "$basedir" || perror "Cannot create $basedir"
+
+echo -n "Please enter system user to create for this repo: "
+read -r name trash || perror "Nothing entered"
+[ -n "$name" ] || perror "Nothing entered"
+[ -z "$trash" ] || perror "Must not contain spaces"
+user=$name
+
+adduser --home "$basedir" --no-create-home --disabled-password --gecos "Backupuser for $host" "$user" || perror "Could not create user $user"
+adduser "$user" "$BORG_GROUP" || perror "Could not add user $user to group $BORG_GROUP"
+mkdir "$basedir/repo" "$basedir/.ssh" || perror "Could not create .ssh and repo"
+ssh-keygen -N '' -q -f "$basedir/id_borg" || perror "could not create ssh keypair"
+pubkey=$(cat "$basedir/id_borg.pub")
+[ -n "$pubkey" ] || perror "Borked pubkey $basedir/id_borg.pub"
+echo 'command="borg serve --append-only --restrict-to-path '"$basedir"'/repo",no-port-forwarding,no-X11-forwarding,no-pty,no-agent-forwarding,no-user-rc' \
+	"$pubkey" > "$basedir/.ssh/authorized_keys"
+rm "$basedir/id_borg.pub"
+
+chown -R "${user}:${user}" "$basedir"
+
+echo "Deploying borg to $host now (ssh root@$host)...."
+cat > "$basedir/deployscript" <<HERED
+# WARNING
+# MAKE SURE TO RUN THIS ON THE MACHINE TO BE BACKED UP ($host)
+# INVOKE EXPLICITLY VIA "bash ...." ON TARGET MACHINE
+echo "Connected, placing privkey..."
+mkdir -p ".ssh"
+echo "$(cat "$basedir/id_borg")" > ".ssh/id_borgbackup"
+chmod 0600 ".ssh/id_borgbackup"
+if ! grep -q 'Host ${THIS_HOST}' ".ssh/config"; then
+echo "Appending section to .ssh/config..."
+cat >> ".ssh/config" <<SSHC
+Host $THIS_HOST
+IdentityFile ~/.ssh/id_borgbackup
+SSHC
+fi
+mkdir -p "/opt/scripts"
+echo "Dumping script..."
+cat > "/opt/scripts/borg-backup.sh" <<SCRIPT
+#!/bin/bash
+export BORG_PASSPHRASE=hello
+export BORG_REPO="ssh://${user}@${THIS_HOST}${basedir}/repo"
+borg create --filter AME --list --stats --show-rc \\
+	--exclude-caches \\
+	--exclude '/home/*/.cache/*' \\
+	--exclude '/var/cache/*' \\
+	--exclude '/var/tmp/*' \\
+	--exclude '/var/run/*' \\
+	'::main-{now}' /etc /home /root /var /opt /srv
+SCRIPT
+chmod 0700 "/opt/scripts/borg-backup.sh"
+echo "Dumping cron-job...."
+cat > /etc/cron.d/borg-backup <<BLUB
+$(( RANDOM % 60 )) $(( RANDOM % 5 ))	* * *	root	/opt/scripts/borg-backup.sh
+BLUB
+echo "Downloading borg 1.1.7....."
+mkdir -p "/usr/local/bin"
+ARC=32
+[ "\$(uname -m)" = "x86_64" ] && ARC=64
+[ -x "/usr/local/bin/borg" ] || wget -O "/usr/local/bin/borg" "https://github.com/borgbackup/borg/releases/download/1.1.7/borg-linux\$ARC"
+chmod +x "/usr/local/bin/borg"
+export BORG_RSH="ssh -a -k -oStrictHostKeyChecking=no"
+export BORG_PASSPHRASE=hello
+export BORG_REPO="ssh://${user}@${THIS_HOST}${basedir}/repo"
+echo "Trying to connect back to backup server now to create borg repo (\$BORG_REPO)"
+if ! borg --progress init -e none; then
+	echo "CONNECTION FAILED"
+	echo "!!!!!!"
+	exit 1
+fi
+HERED
+ssh "root@$host" 'bash' < "$basedir/deployscript"
+retv=$?
+echo "."
+echo "."
+
+if [ "$retv" != 0 ]; then
+	echo "Apparently deploying stuff to the remote host failed. Please setup borg manually there."
+	echo "-> Install borg binary (matching version!), add backup script + cron job, add ssh keys."
+	echo "Most importantly, initialize the repo via: borg --progress init -e none"
+	echo ""
+	echo "You can copy $basedir/deployscript to the machine to be backed up and run it there"
+	echo "(NOT on this host, which is RECEIVING the backup data)"
+else
+	rm "$basedir/deployscript"
+	echo "Default backup script has been deployed to $host at /opt/scripts. Make changes as needed"
+	echo "(include/exclude dirs)"
+fi
+
+echo ""
+rm "$basedir/id_borg"
+
+echo "Over and out"
+
-- 
cgit v1.2.3-55-g7522