diff --git a/borgBK.sh b/borgBK.sh new file mode 100755 index 0000000..302be14 --- /dev/null +++ b/borgBK.sh @@ -0,0 +1,179 @@ +#!/bin/bash + +# A script to perform daily/weekly/monthly backups using Borg + +# Set pruning +DAILY_KEEP=7 +WEEKLY_KEEP=2 +MONTHLY_KEEP=3 + +# Update Package list +if hash apt-get 2>/dev/null; then + dpkg-query -f '${binary:Package}\n' -W > ~/packages.txt +elif hash pacman 2>/dev/null; then + pacman -Qq > ~/packages.txt +else + echo "Distro needs to be added to package dump check" +fi + +# Be sure perms are set properly on this file!!! +export BORG_PASSCOMMAND="cat $HOME/scripts/.borg-pass" + +LOCAL=$(hostname --short) +REPO=/mnt/mountpoint/backups +HOST=$(hostname) +DATE=$(date +'%m-%d-%Y_%H:%M') + +# Was originally used, not now. Keeping for possible re-use. Note: Does not include /opt or /etc +COMMON_ROOT_EXCLUDES="--exclude /bin --exclude /core --exclude /lib --exclude /lib64 --exclude /lost+found --exclude /mnt --exclude /proc --exclude /run --exclude /snap --exclude /tmp --exclude /var --exclude /boot --exclude /dev --exclude /lib32 --exclude /libx32 --exclude /media --exclude /root --exclude /sbin --exclude /srv --exclude /sys --exclude /usr" + +COMMON_HOME_EXCLUDES="--exclude /home/*/.cache --exclude /home/*/.ccache --exclude /home/lost+found --exclude *.img --exclude *.iso" + +BORG_OPTS="--stats --compression lz4" +export BORG_RELOCATED_REPO_ACCESS_IS_OK=no +export BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=no + +case $HOSTNAME in + (gamesrv) + # Backup /home and minecraft srvs (in /opt/minecraft) + # Loop through all servers + dirs=(/opt/minecraft/*) + for dir in "${dirs[@]}" + do + # Get just the name, not path for systemd unit + dir=${dir//"/opt/minecraft/"} + # If running, stop the server + # Note: systemd unit properly handles the save-all and graceful stop of the server. + if ( systemctl is-active --quiet minecraft@$dir.service); then + # Note: Added the specific start/stop for each server to sudoers for nopass + sudo systemctl stop minecraft@$dir.service + mkdir -p ~/minecraft_copies + cp -r /opt/minecraft/$dir ~/minecraft_copies + sudo systemctl start minecraft@$dir.service + else + # Otherwise, just copy + mkdir -p ~/minecraft_copies + cp -r /opt/minecraft/$dir ~/minecraft_copies + fi + done + + # NOTE: cannot spec two directories. Have to use shared parent directory. + borg create -v $BORG_OPTS $REPO::$HOST-$DATE /home \ + $COMMON_HOME_EXCLUDES \ + # Log to journalctl + 2>&1 + ;; + (media-srv) + # Stop all containers + docker stop $(docker ps -aq) + + borg create -v $BORG_OPTS $REPO::$HOST-$DATE /home \ + $COMMON_HOME_EXCLUDES \ + # Log to journalctl + 2>&1 + + # Start all containers + docker start $(docker ps -aq) + ;; + (progdev) + ### Prep Gitea + # Backup gitea: LFS, DB, configs, repos + CONTAINER=gitea + HOST_BACKUP_DIR="/home/dev/docker/container_backups/gitea" + HOST_GIT_REPO_DIR="/home/dev/docker/gitea/git/repositories" + TEMP_DIR="~/tmp" + GITEA_DATA_FILENAME="gitea_backup.zip" + HOST_BACKUP_FILE="$HOST_BACKUP_DIR/$GITEA_DATA_FILENAME" + + # Back up to temp files then copy on success to prevent syncing incomplete/bad files + CONTAINER_BACKUP_FILE_TEMP="$TEMP_DIR/gitea_dump_temp.zip" + docker exec -u "$id -u" -i $(docker ps -qf "name=$CONTAINER") bash -c "rm -f $CONTAINER_BACKUP_FILE_TEMP" + + docker exec -u "$id -u" -i $(docker ps -qf "name=$CONTAINER") bash -c "/app/gitea/gitea dump --skip-log --file $CONTAINER_BACKUP_FILE_TEMP" + # copy this into backup folder (in container) + docker cp $CONTAINER:$CONTAINER_BACKUP_FILE_TEMP $HOST_BACKUP_FILE + + # Backup with Borg + borg create -v $BORG_OPTS $REPO::$HOST-$DATE /home \ + $COMMON_HOME_EXCLUDES \ + # Log to journalctl + 2>&1 + ;; + (fevm) + # Nginx + cp /etc/nginx/nginx.conf ~/backup_confs/nginx_confs + cp -r /etc/nginx/conf.d/ ~/backup_confs/nginx_confs + # Fail2Ban + cp -r /etc/fail2ban/ ~/backup_confs/fail2ban_confs + + # Backup with Borg + borg create -v $BORG_OPTS $REPO::$HOST-$DATE /home \ + $COMMON_HOME_EXCLUDES \ + # Log to journalctl + 2>&1 + ;; + (commbox) + # Matrix Synapse + cp -r /etc/matrix-synapse ~/backups/matrix-synapse + # Postgres Database + # get variables + source .matrix-vars.sh + # If matrix-synapse is running, we need to stop it before stopping postgres + if ( systemctl is-active --quiet matrix-synapse.service); then + sudo systemctl stop matrix-synapse.service + if ( systemctl is-active --quiet noah-psql.service); then + sudo systemctl stop noah-psql.service + PGPASSWORD="${dbPassword}" pg_dump "${matrixDatabase}" -h localhost -p 5432 -U "${dbUser}" -f ~/backups/postgres/pg.sql + sudo systemctl start noah-psql.service + else + PGPASSWORD="${dbPassword}" pg_dump "${matrixDatabase}" -h localhost -p 5432 -U "${dbUser}" -f ~/backups/postgres/pg.sql + fi + sudo systemctl start matrix-synapse.service + # Even if matrix-synapse isn't running, still backup the database + else + if ( systemctl is-active --quiet noah-psql.service); then + sudo systemctl stop noah-psql.service + PGPASSWORD="${dbPassword}" pg_dump "${matrixDatabase}" -h localhost -p 5432 -U "${dbUser}" -f ~/backups/postgres/pg.sql + sudo systemctl start noah-psql.service + else + PGPASSWORD="${dbPassword}" pg_dump "${matrixDatabase}" -h localhost -p 5432 -U "${dbUser}" -f ~/backups/postgres/pg.sql + fi + fi + + # Backup with Borg + borg create -v $BORG_OPTS $REPO::$HOST-$DATE /home \ + $COMMON_HOME_EXCLUDES \ + # Log to journalctl + 2>&1 + ;; + (NovaArchSys) + # Backup with Borg + borg create -v $BORG_OPTS $REPO::$HOST-$DATE /home \ + $COMMON_HOME_EXCLUDES \ + # Log to journalctl + 2>&1 + ;; +esac + +# Unset passphrase and exit on error. Pretty sure the unset is unneeded here. +if [ "$?" = "1" ] ; then + export BORG_PASSCOMMAND="" + echo "Error on create" + exit 1 +fi + +echo "Backup for $DATE complete." +# Keep 7 daily backups, 2 weekly backups, and 3 monthly ones +borg prune -v --list $REPO --keep-daily=$DAILY_KEEP --keep-weekly=$WEEKLY_KEEP --keep-monthly=$MONTHLY_KEEP + +if [ "$?" = "1" ] ; then + export BORG_PASSCOMMAND="" + echo "Error on prune" + exit 1 +fi + +#Unset the passphrase. Again, pretty sure the unset is unneeded. +BORG_PASSCOMMAND="" + +echo "Backup and pruning successfully completed." +exit 0