X-Git-Url: https://piware.de/gitweb/?a=blobdiff_plain;f=backup;h=e181d467ee19802d0fbfa2c636858f53df4ec74b;hb=bdcaead4c10d0210a1423775ba0f306c34a01c30;hp=0518410024d7f5c2cd18c076bc970a08982bf49d;hpb=abd08d10c37904bfff0c8c53f225380c2bd37d03;p=bin.git diff --git a/backup b/backup index 0518410..e181d46 100755 --- a/backup +++ b/backup @@ -2,6 +2,13 @@ set -eu cd $HOME LOG=.cache/duplicity/log +PATH=$PATH:/sbin:/usr/sbin +RESTIC="restic --password-file $HOME/.config/backup-passphrase --repo sftp:piware.de:backup/restic" + +fail() { + notify-send -i /usr/share/icons/Adwaita/48x48/status/network-error-symbolic.symbolic.png -u critical -t 180000 "${1:-BACKUP FAILED!}" + exit 1 +} # do backup every day if [ -e "$LOG" ] && [ $(( `date +%s` - `stat -c %Y $LOG` )) -lt 86300 ]; then @@ -9,20 +16,36 @@ if [ -e "$LOG" ] && [ $(( `date +%s` - `stat -c %Y $LOG` )) -lt 86300 ]; then fi # figure out $DISPLAY when running from cron -if [ -z "${DISPLAY:-}" ]; then - socket="/run/user/`id -u`/X11-display" - if [ -L "$socket" ]; then - socket=$(readlink "$socket") - export DISPLAY=:${socket##*/X} - fi -fi +export DISPLAY="${DISPLAY:-:0}" -if ! ip route | grep -q '^default.*wlan'; then +if ! ip route show default | grep -Eq 'dev (enp|wl)'; then notify-send "Backup skipped, not on WLAN" exit 0 fi +# figure out ssh agent when running from cron +if [ -z "${SSH_AUTH_SOCK:-}" ]; then + ssh_socket=$(ls /run/user/`id -u`/keyring*/ssh 2>/dev/null) + if [ -S "$ssh_socket" ]; then + export SSH_AUTH_SOCK="$ssh_socket" + fi +fi + notify-send "Backup started" mkdir -p $(dirname $LOG) -env PASSPHRASE="$(cat ~/.backup-passphrase)" duplicity --full-if-older-than 1M --exclude-globbing-filelist .duplicity-ignore . rsync://piware.de/backup/donald >> $LOG || { notify-send "BACKUP FAILED!"; exit 1; } +env PASSPHRASE="$(cat ~/.config/backup-passphrase)" duplicity --allow-source-mismatch --full-if-older-than 1M --exclude-filelist ~/.config/backup-ignore . rsync://piware.de/backup/laptop >> $LOG || fail +duplicity remove-all-but-n-full 6 --force rsync://piware.de/backup/laptop + +$RESTIC backup --exclude-file=$HOME/.config/backup-ignore $HOME || fail +# TODO: forget --prune policy: https://restic.readthedocs.io/en/stable/060_forget.html notify-send "Backup finished successfully" + +scp .config/backup-passphrase piware.de:.cache/ +ssh piware.de chmod u+w .cache/backup-passphrase +trap "ssh piware.de shred -u .cache/backup-passphrase" EXIT INT QUIT PIPE + +ssh piware.de restic --password-file .cache/backup-passphrase --repo backup/restic forget --prune --keep-within-hourly 24h --keep-within-daily 7d --keep-within-weekly 30d --keep-within-monthly 12m +notify-send "Backup pruned successfully" + +ssh piware.de restic --password-file .cache/backup-passphrase --repo backup/restic check || fail "BACKUP CHECK FAILED!" +notify-send "Backup checked successfully"