]> piware.de Git - bin.git/blobdiff - backup
projects / bin.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
build-cockpit-toolbox: tasks container moved to ghcr.io
[bin.git] / backup
diff --git a/backup b/backup
index 8d553c5cac6779e02f7e6f2df434c383be9a38b6..f1bef09ac625c834ffd3e2ba3417fdbbd47fd000 100755 (executable)
--- a/backup
+++ b/backup
@@ -1,7 +1,14 @@
 #!/bin/sh
 set -eu
 cd $HOME
-LOG=.cache/duplicity/log
+LOG=.cache/backup/log
+PATH=$PATH:/sbin:/usr/sbin
+RESTIC="restic --password-file $HOME/.config/backup-passphrase --repo sftp:piware.de:backup/restic"
+
+fail() {
+    notify-send -i /usr/share/icons/Adwaita/48x48/status/network-error-symbolic.symbolic.png -u critical -t 180000 "${1:-BACKUP FAILED!}"
+    exit 1
+}
 
 # do backup every day
 if [ -e "$LOG" ] && [ $(( `date +%s` - `stat -c %Y $LOG` )) -lt 86300 ]; then
@@ -9,22 +16,16 @@ if [ -e "$LOG" ] && [ $(( `date +%s` - `stat -c %Y $LOG` )) -lt 86300 ]; then
 fi
 
 # figure out $DISPLAY when running from cron
-if [ -z "${DISPLAY:-}" ]; then
-    socket="/run/user/`id -u`/X11-display"
-    if [ -L "$socket" ]; then
-        socket=$(readlink "$socket")
-        export DISPLAY=:${socket##*/X}
-    fi
-fi
+export DISPLAY="${DISPLAY:-:0}"
 
-if ! ip route | grep -q '^default.*wlan'; then
+if ! ip route show default | grep -Eq 'dev (enp|wl)'; then
     notify-send "Backup skipped, not on WLAN"
     exit 0
 fi
 
 # figure out ssh agent when running from cron
 if [ -z "${SSH_AUTH_SOCK:-}" ]; then
-    ssh_socket=$(ls /run/user/`id -u`/keyring-*/ssh 2>/dev/null)
+    ssh_socket=$(ls /run/user/`id -u`/keyring*/ssh 2>/dev/null)
     if [ -S "$ssh_socket" ]; then
         export SSH_AUTH_SOCK="$ssh_socket"
     fi
@@ -32,5 +33,17 @@ fi
 
 notify-send "Backup started"
 mkdir -p $(dirname $LOG)
-env PASSPHRASE="$(cat ~/.backup-passphrase)" duplicity --full-if-older-than 1M --exclude-globbing-filelist .duplicity-ignore . rsync://piware.de/backup/donald >> $LOG || { notify-send "BACKUP FAILED!"; exit 1; }
+
+$RESTIC backup --exclude-file=$HOME/.config/backup-ignore $HOME >> $LOG 2>&1 || fail
+# TODO: forget --prune policy: https://restic.readthedocs.io/en/stable/060_forget.html
 notify-send "Backup finished successfully"
+
+scp .config/backup-passphrase piware.de:.cache/
+ssh piware.de chmod u+w .cache/backup-passphrase
+trap "ssh piware.de shred -u .cache/backup-passphrase" EXIT INT QUIT PIPE
+
+ssh piware.de restic --password-file .cache/backup-passphrase --repo backup/restic forget --prune --keep-within-hourly 24h --keep-within-daily 7d --keep-within-weekly 30d --keep-within-monthly 12m
+notify-send "Backup pruned successfully"
+
+ssh piware.de restic --password-file .cache/backup-passphrase --repo backup/restic check || fail "BACKUP CHECK FAILED!"
+notify-send "Backup checked successfully"
Martin Pitt's ~/bin scripts