4 LOG=.cache/duplicity/log
5 PATH=$PATH:/sbin:/usr/sbin
6 RESTIC="restic --password-file $HOME/.config/backup-passphrase --repo sftp:piware.de:backup/restic"
9 notify-send -i /usr/share/icons/Adwaita/48x48/status/network-error-symbolic.symbolic.png -u critical -t 180000 "${1:-BACKUP FAILED!}"
14 if [ -e "$LOG" ] && [ $(( `date +%s` - `stat -c %Y $LOG` )) -lt 86300 ]; then
18 # figure out $DISPLAY when running from cron
19 export DISPLAY="${DISPLAY:-:0}"
21 if ! ip route show default | grep -Eq 'dev (enp|wl)'; then
22 notify-send "Backup skipped, not on WLAN"
26 # figure out ssh agent when running from cron
27 if [ -z "${SSH_AUTH_SOCK:-}" ]; then
28 ssh_socket=$(ls /run/user/`id -u`/keyring*/ssh 2>/dev/null)
29 if [ -S "$ssh_socket" ]; then
30 export SSH_AUTH_SOCK="$ssh_socket"
34 notify-send "Backup started"
35 mkdir -p $(dirname $LOG)
36 env PASSPHRASE="$(cat ~/.config/backup-passphrase)" duplicity --allow-source-mismatch --full-if-older-than 1M --exclude-filelist ~/.config/backup-ignore . rsync://piware.de/backup/laptop >> $LOG || fail
37 duplicity remove-all-but-n-full 6 --force rsync://piware.de/backup/laptop
39 $RESTIC backup --exclude-file=$HOME/.config/backup-ignore $HOME || fail
40 # TODO: forget --prune policy: https://restic.readthedocs.io/en/stable/060_forget.html
41 notify-send "Backup finished successfully"
43 scp .config/backup-passphrase piware.de:.cache/
44 ssh piware.de chmod u+w .cache/backup-passphrase
45 trap "ssh piware.de shred -u .cache/backup-passphrase" EXIT INT QUIT PIPE
47 ssh piware.de restic --password-file .cache/backup-passphrase --repo backup/restic forget --prune --keep-within-hourly 24h --keep-within-daily 7d --keep-within-weekly 30d --keep-within-monthly 12m
48 notify-send "Backup pruned successfully"
50 ssh piware.de restic --password-file .cache/backup-passphrase --repo backup/restic check || fail "BACKUP CHECK FAILED!"
51 notify-send "Backup checked successfully"
projects / bin.git / blob