first commit

2026-01-14 13:48:23 -06:00
commit 15ac19d32d
4 changed files with 272 additions and 0 deletions
--- a/borg/bin/backup
+++ b/borg/bin/backup
@@ -0,0 +1,80 @@
 #!/usr/bin/env bash
 # Check if running as root
 if [ "$EUID" -ne 0 ]; then
    printf "Error: This script must be run as root (or via sudo).\n"
    exit 1
 fi
 # Load the environment variables directly
 if [ -f /opt/borg/etc/borg_environment ]; then
    # shellcheck source=/dev/null
    source /opt/borg/etc/borg_environment
    # Ensure the variables sourced from the file are exported to child processes
    export BORG_REPO BORG_PASSPHRASE
 else
    printf "Error: /opt/borg/etc/borg_environment not found.\n"
    exit 1
 fi
 # Helpers and error handling
 info() { printf "\n%s %s\n\n" "$(date)" "$*" >&2; }
 trap 'info "Backup interrupted"; exit 2' INT TERM
 info "Starting backup for repository: $BORG_REPO"
 # 1. Create Archive
 borg create                         \
    --verbose                       \
    --filter AME                    \
    --list                          \
    --stats                         \
    --show-rc                       \
    --compression lz4               \
    --exclude-caches                \
    --exclude 'home/*/.cache/*'     \
    --exclude 'var/tmp/*'           \
    --exclude 'var/games'           \
    --exclude 'home/*/Media'        \
    --progress                      \
    ::'{hostname}-{now}'            \
    /etc                            \
    /home                           \
    /root                           \
    /var                            \
    /opt
 backup_exit=$?
 # 2. Prune old backups
 info "Pruning repository"
 borg prune                          \
    --list                          \
    --glob-archives '{hostname}-*'  \
    --show-rc                       \
    --keep-daily    7               \
    --keep-weekly   4               \
    --keep-monthly  6
 prune_exit=$?
 # 3. Compact repository
 info "Compacting repository"
 borg compact
 compact_exit=$?
 # Determine final status code
 global_exit=$(( backup_exit > prune_exit ? backup_exit : prune_exit ))
 global_exit=$(( compact_exit > global_exit ? compact_exit : global_exit ))
 if [ "${global_exit}" -eq 0 ]; then
    info "Backup, Prune, and Compact finished successfully"
 elif [ "${global_exit}" -eq 1 ]; then
    info "Backup, Prune, and/or Compact finished with warnings"
 else
    info "Backup, Prune, and/or Compact finished with errors"
 fi
 exit "${global_exit}"
--- a/borg/bin/reposetup
+++ b/borg/bin/reposetup
@@ -0,0 +1,47 @@
 #!/usr/bin/env bash
 # Ensure running as root to read the environment file
 if [ "$EUID" -ne 0 ]; then
    printf "Error: This script must be run as root (or via sudo).\n"
    exit 1
 fi
 # Load the environment variables
 if [ -f /opt/borg/etc/borg_environment ]; then
    # shellcheck source=/dev/null
    source /opt/borg/etc/borg_environment
    export BORG_REPO BORG_PASSPHRASE
 else
    printf "Error: /opt/borg/etc/borg_environment not found.\n"
    exit 1
 fi
 printf "Checking repository status at: %s\n" "$BORG_REPO"
 # Check if the repo already exists to prevent accidental re-init
 if borg info >/dev/null 2>&1; then
    printf "Error: Repository already exists and is initialized.\n"
    exit 1
 fi
 printf "Initializing repository...\n"
 # Logic for encryption mode based on whether a passphrase exists
 if [ -z "$BORG_PASSPHRASE" ]; then
    printf "No passphrase detected. Initializing with 'none' encryption.\n"
    borg init --encryption=none
 else
    printf "Passphrase detected. Initializing with 'repokey' encryption.\n"
    # repokey stores the key inside the repository config, protected by the passphrase
    borg init --encryption=repokey
 fi
 init_exit=$?
 if [ "$init_exit" -eq 0 ]; then
    printf "\nSuccess: Repository initialized successfully.\n"
    printf "You can now run your first backup using: sudo /opt/borg/bin/backup\n"
 else
    printf "\nError: Repository initialization failed (Exit code: %s).\n" "$init_exit"
    exit "$init_exit"
 fi
--- a/borg/etc/borg_environment
+++ b/borg/etc/borg_environment
@@ -0,0 +1,6 @@
 # Setting this, so the repo does not need to be given on the commandline:
 export BORG_REPO=REPOPATH
 # See the section "Passphrase notes" for more infos.
 export BORG_PASSPHRASE='REPOPASSPHRASE'
--- a/install.sh
+++ b/install.sh
@@ -0,0 +1,139 @@
 #!/usr/bin/env bash
 set -e
 # ... (include validate_borg_url, escape_sed, etc. from previous steps)
 generate_recovery_file() {
    local repo="$1"
    local pass="$2"
    local timestamp=$(date +%Y%m%d_%H%M%S)
    local recovery_file="$HOME/borg_recovery_$timestamp.txt"
    {
        echo "BORG BACKUP RECOVERY INFORMATION"
        echo "Generated on: $(date)"
        echo "--------------------------------"
        echo "REPOSITORY URL: $repo"
        echo "PASSPHRASE:     $pass"
        echo "--------------------------------"
        echo "Keep this file in a safe, offline location."
    } > "$recovery_file"
    chmod 600 "$recovery_file"
    printf "\nCRITICAL: Recovery information saved to: $recovery_file\n"
    printf "Please move this to a secure location (e.g., a password manager or physical safe).\n"
 }
 # Validation function for Borg Repository URLs
 validate_borg_url() {
    local url="$1"
    # Regex covers: 
    # 1. Local absolute/home paths (/... or ~/...)
    # 2. SSH shortcuts (user@host:path)
    # 3. Explicit protocols (ssh://, file://)
    local regex="^(/|~/|([a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+:)|([a-z]+://)).+"
    if [[ $url =~ $regex ]]; then
        return 0
    else
        return 1
    fi
 }
 escape_sed() {
    printf '%s\n' "$1" | sed -e 's/[]\/$*.^|[]/\\&/g'
 }
 setup_backup () {
    local repopath="$1"
    local raw_passphrase="$2"
    printf "\nInstalling backup script environment. You will be prompted for your sudo password.\n"
    # Check if the source directory exists before copying
    if [ ! -d "borg" ]; then
        printf "Error: 'borg' source directory not found in current location.\n"
        exit 1
    fi
    sudo cp -r borg /opt/
    sudo chown -R "root:root" /opt/borg
    sudo chmod -R 755 /opt/borg
    sudo chmod 700 /opt/borg/etc
    local escaped_path=$(escape_sed "$repopath")
    local escaped_pass=$(escape_sed "$raw_passphrase")
    sudo sed -i -f - /opt/borg/etc/borg_environment <<EOF
 s|REPOPATH|$escaped_path|g
 s|REPOPASSPHRASE|$escaped_pass|g
 EOF
    sudo chmod 600 /opt/borg/etc/borg_environment
    printf "Installation complete.\n"
    generate_recovery_file "$repopath" "$raw_passphrase"
 }
 setup_encrypted_backup () {
    local repopath="$1"
    local passphrase1 passphrase2 passphrase
    printf "\n--- Encryption Setup ---\n"
    while true; do
        read -s -p "Enter Passphrase: " passphrase1
        printf "\n"
        read -s -p "Confirm Passphrase: " passphrase2
        printf "\n"
        if [[ -n "$passphrase1" && "$passphrase1" == "$passphrase2" ]]; then
            passphrase="$passphrase1"
            break
        else
            printf "Error: Passphrases do not match or are empty. Try again.\n"
        fi
    done
    setup_backup "$repopath" "$passphrase"
 }
 main () {
    if [ "$EUID" -eq "0" ]; then
        printf "Please do not run as root or with sudo.\n"
        exit 1
    fi
    local repopath=""
    local valid=0
    # Improved Repo Input Loop
    while [ $valid -eq 0 ]; do
        read -p "Enter BORG_REPO URL: " repopath
        if validate_borg_url "$repopath"; then
            read -p "Use '$repopath'? [y/N]: " ans
            if [[ "$ans" =~ ^[yY]$ ]]; then
                valid=1
            fi
        else
            printf "Invalid Format! Examples:\n"
            printf "  - /mnt/backup/repo\n"
            printf "  - user@server:backup_repo\n"
            printf "  - ssh://user@server:2222/path/to/repo\n\n"
        fi
    done
    local encryption=""
    while [[ ! "$encryption" =~ ^[yYnN]$ ]]; do
        read -p "Enable encryption? [y/n]: " encryption
    done
    if [[ "$encryption" =~ ^[yY]$ ]]; then
        setup_encrypted_backup "$repopath"
    else
        setup_backup "$repopath" ""
    fi
 }
 main "$@"