diff options
Diffstat (limited to 'scripts/system-backup')
| -rwxr-xr-x | scripts/system-backup | 101 |
1 files changed, 79 insertions, 22 deletions
diff --git a/scripts/system-backup b/scripts/system-backup index 9d65cd2..52422bb 100755 --- a/scripts/system-backup +++ b/scripts/system-backup @@ -1,11 +1,31 @@ #!/bin/bash +encrypt= +destination= +while (( $# > 0 )); do + case "$1" in + --encrypt) + encrypt="$2" + shift + ;; + --destination) + destination="$2" + shift + ;; + *) + echo "Unknown option, '$1'" + exit 1 + ;; + esac + shift +done + if [ "$(whoami)" != "root" ]; then echo "Must be running as root!" exit 1 fi -DIR="/root/backup/$(date +%s)" +DIR="/tmp/bwlp-backup-$(date +%s)" if [ -d "$DIR" ]; then echo "Backup already running!?" @@ -15,48 +35,85 @@ fi mkdir -p "$DIR" cd "$DIR" || exit 1 -mysqldump --defaults-extra-file=/etc/mysql/debian.cnf --add-locks --add-drop-database --default-character-set=utf8 --databases openslx > openslx.sql +trap 'rm -rf -- "$DIR"' EXIT + +mysqldump --defaults-extra-file=/etc/mysql/debian.cnf --add-locks --add-drop-database --default-character-set=utf8mb4 --databases openslx > openslx.sql RET1=$? -mysqldump --defaults-extra-file=/etc/mysql/debian.cnf --add-locks --add-drop-database --default-character-set=utf8 --databases sat > sat.sql +mysqldump --defaults-extra-file=/etc/mysql/debian.cnf --add-locks --add-drop-database --default-character-set=utf8mb4 --databases sat > sat.sql RET2=$? -if [ $RET1 -ne 0 ] || [ $RET2 -ne 0 ]; then +if (( RET1 != 0 || RET2 != 0 )); then echo "Database dump failed with exit code $RET1/$RET2" exit 1 fi -FILELIST=" - /opt/openslx/configs - /etc/lighttpd/server.pem - /etc/lighttpd/chain.pem - /etc/lighttpd/pub-cert.pem -" +FILELIST=( + "/opt/openslx/configs" + "/etc/lighttpd/server.pem" + "/etc/lighttpd/chain.pem" + "/etc/lighttpd/pub-cert.pem" +) -tar --ignore-failed-read -k -c -p -z -f files.tgz $FILELIST # no quotes here! +tar --ignore-failed-read -k -c -p -z -f "files.tgz" "${FILELIST[@]}" RET=$? -if [ $RET -ne 0 ]; then +if (( RET != 0 )); then echo "WARNING: filesystem-tar exited with code $RET - backup might be incomplete!" fi -tar -k -c -z -f backup.tgz files.tgz openslx.sql sat.sql +ext="tgz" +tmpfile="/tmp/bwlp-${RANDOM}-$(date +%s)-backup.${ext}" +tar -k -c -z -f "backup.tgz" "files.tgz" "openslx.sql" "sat.sql" RET=$? -if [ ! -f backup.tgz ]; then +if ! [ -f "backup.tgz" ]; then echo "Creating backup.tgz failed!" exit 1 fi -if [ $RET -ne 0 ]; then +if (( RET != 0 )); then echo "WARNING: final tar exited with code $RET - backup might be incomplete!" fi -chown www-data backup.tgz -chmod 0600 backup.tgz - -FILE="/tmp/bwlp-backup-$(date +%s)-${RANDOM}.tgz" -if ! mv backup.tgz "$FILE"; then - echo "moving backup to $FILE failed." +chmod 0600 "backup.tgz" +if ! mv "backup.tgz" "$tmpfile"; then + echo "ERROR: Could not move backup.tgz to $tmpfile" exit 1 fi -rm -rf -- /root/backup/1* +if [ -n "$encrypt" ]; then + if ! openssl enc -aes-256-cbc -pbkdf2 -pass "env:$encrypt" -in "${tmpfile}" -out "${tmpfile}.aes" \ + && ! openssl enc -aes-256-cbc -pass "env:$encrypt" -in "${tmpfile}" -out "${tmpfile}.aes"; then + rm -f -- "$tmpfile" + echo "Error encrypting backup with openssl" + exit 1 + fi + rm -f -- "$tmpfile" + ext="${ext}.aes" + tmpfile="${tmpfile}.aes" +fi + +if [ -z "$destination" ]; then + # No destination given, as this is for download, give www-data user access to file + FILE="${tmpfile}" + chown www-data "${tmpfile}" +else + FILE="${destination}.${ext}" + dir="${destination%/*}" + for usr in "" "dmsd" "dnbd3" "FAIL"; do + [ "$usr" = "FAIL" ] && break + if [ -z "$usr" ]; then + mkdir -p "$dir" + mv "$tmpfile" "$FILE" && break + else + chown "$usr:$(id -g "$usr")" "$tmpfile" + sudo -n -u "$usr" mkdir -p "$dir" + sudo -n -u "$usr" cp "$tmpfile" "$FILE" && break + fi + done + if [ "$usr" = "FAIL" ] || ! [ -s "$FILE" ]; then + echo "Moving backup to '$FILE' failed." + exit 1 + fi +fi + +chmod 0600 "$FILE" echo "Location: $FILE" exit 0 |