Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
encrypted_backups_to_the_cloud [13.08.2017 13:48] – [setup the mount points] Pascal Suter | encrypted_backups_to_the_cloud [15.08.2017 08:01] – [the script] Pascal Suter | ||
---|---|---|---|
Line 70: | Line 70: | ||
you will be prompted for your password and it will show you your master key.. NOTE THAT KEY! it will be your only way to access your offsite Backup once your main server is gone! make sure you safe it somewhere where you still have access even when you lost all your data you are backing up here ;) | you will be prompted for your password and it will show you your master key.. NOTE THAT KEY! it will be your only way to access your offsite Backup once your main server is gone! make sure you safe it somewhere where you still have access even when you lost all your data you are backing up here ;) | ||
- | create | + | ==== the script ==== |
- | mkdir / | + | now this is the script that i will run daily in a cron job. the script assumes that the gfscrypt |
+ | in case you want to mount the gocryptfs mount automatically and unmount it after each backup you can do that by using the '' | ||
+ | |||
+ | <code bash offsiteBackup.sh> | ||
+ | # | ||
+ | |||
+ | # (c) 2017 Pascal Suter, Version 0.10 Beta | ||
+ | # this script creates an enecrypted offsite backup of a locally kept backup. | ||
+ | # ideally suited to work with rubi (http:// | ||
+ | # for a full description and setup instructions read | ||
+ | # http:// | ||
+ | # uses gocryptfs (https:// | ||
+ | # you may use, modify and re-distribute this script AT YOUR OWN RISK free of charge. | ||
+ | |||
+ | CRYPTED="/ | ||
+ | TARGET="/ | ||
+ | LATEST=$(cat / | ||
+ | PLAINDIR="/ | ||
+ | PLAINMOUNT=" | ||
+ | RECIPIENTS=" | ||
+ | LOCKFILE="/ | ||
+ | RSYNCOPTS="" | ||
+ | # | ||
+ | |||
+ | function fail { | ||
+ | echo " | ||
+ | exit 1 | ||
+ | } | ||
+ | |||
+ | function success { | ||
+ | ( echo "the offsite backup was successfully updated to backup version $LATEST" | ||
+ | echo "here are the last lines of the rsync process:" | ||
+ | tail -n 3 / | ||
+ | umount $PLAINMOUNT 2>/ | ||
+ | exit 0 | ||
+ | } | ||
+ | |||
+ | me=`basename " | ||
+ | |||
+ | # get a lock and run me embedded | ||
+ | if [ " | ||
+ | echo " | ||
+ | flock -E 66 -n ${LOCKFILE} $0 --embedded | tee / | ||
+ | state=$? | ||
+ | if [ $state -eq 66 ]; then | ||
+ | fail "there was another offsiteBackup process still running, so we skipped this round" | ||
+ | fi | ||
+ | exit $state | ||
+ | fi | ||
+ | |||
+ | # make sure our crypted directory is mounted | ||
+ | grep " | ||
+ | if [ $? -gt 0 ]; then | ||
+ | fail " | ||
+ | fi | ||
+ | |||
+ | # unmount any previous bind mounts to $PLAINMOUNT and check it is no longer mounted | ||
+ | umount $PLAINMOUNT 2>/ | ||
+ | grep " | ||
+ | if [ $? -eq 0 ]; then | ||
+ | fail "There seems to be a stale mount on $PLAINMOUNT, | ||
+ | fi | ||
+ | |||
+ | # mount the latest backup: | ||
+ | mount -B " | ||
+ | if [ $? -gt 0 ]; then | ||
+ | fail "there was a problem mounting the latest backup from $LATEST to $PLAIMOUNT" | ||
+ | fi | ||
+ | |||
+ | # rsync to offsite location | ||
+ | rsync -AaHvXx --delete $RSYNCOPTS " | ||
+ | res=$? | ||
+ | if [ $res -gt 0 ]; then | ||
+ | if [ $res -eq 24 ]; then | ||
+ | #some files vanished during the backup, that's not a failure of the backup, so send the success message | ||
+ | success | ||
+ | else | ||
+ | fail "there was a problem with the offsite backup, check / | ||
+ | fi | ||
+ | else | ||
+ | success | ||
+ | fi | ||
+ | </ | ||
+ | === Known Issues === | ||
+ | For some reason gocryptfs seems to generate some files like '' | ||
+ | |||
+ | ===== Restoring Files ===== | ||
+ | to restore files you could use '' | ||
+ | sshfs user@remote.server:/ | ||
+ | and now use gocryptfs to uncrypt the contents and restore some files: | ||
+ | gocryptfs / | ||
+ | now you should see all your files in / | ||
+ | |||
+ | unmount both mounts once you are done. |