first commit

This commit is contained in:
2026-01-14 13:48:23 -06:00
commit 15ac19d32d
4 changed files with 272 additions and 0 deletions

80
borg/bin/backup Executable file
View File

@@ -0,0 +1,80 @@
#!/usr/bin/env bash
# Check if running as root
if [ "$EUID" -ne 0 ]; then
printf "Error: This script must be run as root (or via sudo).\n"
exit 1
fi
# Load the environment variables directly
if [ -f /opt/borg/etc/borg_environment ]; then
# shellcheck source=/dev/null
source /opt/borg/etc/borg_environment
# Ensure the variables sourced from the file are exported to child processes
export BORG_REPO BORG_PASSPHRASE
else
printf "Error: /opt/borg/etc/borg_environment not found.\n"
exit 1
fi
# Helpers and error handling
info() { printf "\n%s %s\n\n" "$(date)" "$*" >&2; }
trap 'info "Backup interrupted"; exit 2' INT TERM
info "Starting backup for repository: $BORG_REPO"
# 1. Create Archive
borg create \
--verbose \
--filter AME \
--list \
--stats \
--show-rc \
--compression lz4 \
--exclude-caches \
--exclude 'home/*/.cache/*' \
--exclude 'var/tmp/*' \
--exclude 'var/games' \
--exclude 'home/*/Media' \
--progress \
::'{hostname}-{now}' \
/etc \
/home \
/root \
/var \
/opt
backup_exit=$?
# 2. Prune old backups
info "Pruning repository"
borg prune \
--list \
--glob-archives '{hostname}-*' \
--show-rc \
--keep-daily 7 \
--keep-weekly 4 \
--keep-monthly 6
prune_exit=$?
# 3. Compact repository
info "Compacting repository"
borg compact
compact_exit=$?
# Determine final status code
global_exit=$(( backup_exit > prune_exit ? backup_exit : prune_exit ))
global_exit=$(( compact_exit > global_exit ? compact_exit : global_exit ))
if [ "${global_exit}" -eq 0 ]; then
info "Backup, Prune, and Compact finished successfully"
elif [ "${global_exit}" -eq 1 ]; then
info "Backup, Prune, and/or Compact finished with warnings"
else
info "Backup, Prune, and/or Compact finished with errors"
fi
exit "${global_exit}"

47
borg/bin/reposetup Normal file
View File

@@ -0,0 +1,47 @@
#!/usr/bin/env bash
# Ensure running as root to read the environment file
if [ "$EUID" -ne 0 ]; then
printf "Error: This script must be run as root (or via sudo).\n"
exit 1
fi
# Load the environment variables
if [ -f /opt/borg/etc/borg_environment ]; then
# shellcheck source=/dev/null
source /opt/borg/etc/borg_environment
export BORG_REPO BORG_PASSPHRASE
else
printf "Error: /opt/borg/etc/borg_environment not found.\n"
exit 1
fi
printf "Checking repository status at: %s\n" "$BORG_REPO"
# Check if the repo already exists to prevent accidental re-init
if borg info >/dev/null 2>&1; then
printf "Error: Repository already exists and is initialized.\n"
exit 1
fi
printf "Initializing repository...\n"
# Logic for encryption mode based on whether a passphrase exists
if [ -z "$BORG_PASSPHRASE" ]; then
printf "No passphrase detected. Initializing with 'none' encryption.\n"
borg init --encryption=none
else
printf "Passphrase detected. Initializing with 'repokey' encryption.\n"
# repokey stores the key inside the repository config, protected by the passphrase
borg init --encryption=repokey
fi
init_exit=$?
if [ "$init_exit" -eq 0 ]; then
printf "\nSuccess: Repository initialized successfully.\n"
printf "You can now run your first backup using: sudo /opt/borg/bin/backup\n"
else
printf "\nError: Repository initialization failed (Exit code: %s).\n" "$init_exit"
exit "$init_exit"
fi

View File

@@ -0,0 +1,6 @@
# Setting this, so the repo does not need to be given on the commandline:
export BORG_REPO=REPOPATH
# See the section "Passphrase notes" for more infos.
export BORG_PASSPHRASE='REPOPASSPHRASE'

139
install.sh Executable file
View File

@@ -0,0 +1,139 @@
#!/usr/bin/env bash
set -e
# ... (include validate_borg_url, escape_sed, etc. from previous steps)
generate_recovery_file() {
local repo="$1"
local pass="$2"
local timestamp=$(date +%Y%m%d_%H%M%S)
local recovery_file="$HOME/borg_recovery_$timestamp.txt"
{
echo "BORG BACKUP RECOVERY INFORMATION"
echo "Generated on: $(date)"
echo "--------------------------------"
echo "REPOSITORY URL: $repo"
echo "PASSPHRASE: $pass"
echo "--------------------------------"
echo "Keep this file in a safe, offline location."
} > "$recovery_file"
chmod 600 "$recovery_file"
printf "\nCRITICAL: Recovery information saved to: $recovery_file\n"
printf "Please move this to a secure location (e.g., a password manager or physical safe).\n"
}
# Validation function for Borg Repository URLs
validate_borg_url() {
local url="$1"
# Regex covers:
# 1. Local absolute/home paths (/... or ~/...)
# 2. SSH shortcuts (user@host:path)
# 3. Explicit protocols (ssh://, file://)
local regex="^(/|~/|([a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+:)|([a-z]+://)).+"
if [[ $url =~ $regex ]]; then
return 0
else
return 1
fi
}
escape_sed() {
printf '%s\n' "$1" | sed -e 's/[]\/$*.^|[]/\\&/g'
}
setup_backup () {
local repopath="$1"
local raw_passphrase="$2"
printf "\nInstalling backup script environment. You will be prompted for your sudo password.\n"
# Check if the source directory exists before copying
if [ ! -d "borg" ]; then
printf "Error: 'borg' source directory not found in current location.\n"
exit 1
fi
sudo cp -r borg /opt/
sudo chown -R "root:root" /opt/borg
sudo chmod -R 755 /opt/borg
sudo chmod 700 /opt/borg/etc
local escaped_path=$(escape_sed "$repopath")
local escaped_pass=$(escape_sed "$raw_passphrase")
sudo sed -i -f - /opt/borg/etc/borg_environment <<EOF
s|REPOPATH|$escaped_path|g
s|REPOPASSPHRASE|$escaped_pass|g
EOF
sudo chmod 600 /opt/borg/etc/borg_environment
printf "Installation complete.\n"
generate_recovery_file "$repopath" "$raw_passphrase"
}
setup_encrypted_backup () {
local repopath="$1"
local passphrase1 passphrase2 passphrase
printf "\n--- Encryption Setup ---\n"
while true; do
read -s -p "Enter Passphrase: " passphrase1
printf "\n"
read -s -p "Confirm Passphrase: " passphrase2
printf "\n"
if [[ -n "$passphrase1" && "$passphrase1" == "$passphrase2" ]]; then
passphrase="$passphrase1"
break
else
printf "Error: Passphrases do not match or are empty. Try again.\n"
fi
done
setup_backup "$repopath" "$passphrase"
}
main () {
if [ "$EUID" -eq "0" ]; then
printf "Please do not run as root or with sudo.\n"
exit 1
fi
local repopath=""
local valid=0
# Improved Repo Input Loop
while [ $valid -eq 0 ]; do
read -p "Enter BORG_REPO URL: " repopath
if validate_borg_url "$repopath"; then
read -p "Use '$repopath'? [y/N]: " ans
if [[ "$ans" =~ ^[yY]$ ]]; then
valid=1
fi
else
printf "Invalid Format! Examples:\n"
printf " - /mnt/backup/repo\n"
printf " - user@server:backup_repo\n"
printf " - ssh://user@server:2222/path/to/repo\n\n"
fi
done
local encryption=""
while [[ ! "$encryption" =~ ^[yYnN]$ ]]; do
read -p "Enable encryption? [y/n]: " encryption
done
if [[ "$encryption" =~ ^[yY]$ ]]; then
setup_encrypted_backup "$repopath"
else
setup_backup "$repopath" ""
fi
}
main "$@"