2Shirt/duplicity-backup.sh
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Rework of duplicity-backup.conf.example, no functionality changes

Browse source
This commit is contained in:
zertrin 2015-07-29 21:56:53 +02:00
parent 5bdb816b63
commit 498ac973e7
2 changed files with 191 additions and 79 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

255
duplicity-backup.conf.example
View file

@ -2,7 +2,7 @@
#
# Copyright (c) 2008-2010 Damon Timm.
# Copyright (c) 2010 Mario Santagiuliana.
# Copyright (c) 2012-2013 Marc Gallet.
# Copyright (c) 2012-2015 Marc Gallet.
#
# This program is free software: you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free Software
@ -20,7 +20,7 @@
# MORE ABOUT THIS SCRIPT AVAILABLE IN THE README AND AT:
#
# http://zertrin.org/projects/duplicity-backup/ (for this version)
# http://damontimm.com/code/dt-s3-backup (for the original programi by Damon Timm)
# http://damontimm.com/code/dt-s3-backup (for the original program by Damon Timm)
#
# Latest code available at:
# http://github.com/zertrin/duplicity-backup
@ -35,83 +35,51 @@
# #############################################
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# ! DO NOT edit duplicity-backup.conf.example !
# ! DO NOT edit this file! !
# ! (duplicity-backup.conf.example) !
# ! please copy it to anywhere you want !
# ! (typically duplicity-backup.conf) !
# ! and edit this file instead !
# ! and edit that copy instead !
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# AMAZON S3 INFORMATION
# Comment out these lines if you're not using Amazon S3
AWS_ACCESS_KEY_ID="foobar_aws_key_id"
AWS_SECRET_ACCESS_KEY="foobar_aws_access_key"
# .............
# . WARNING .
# .............
#
# duplicity-backup.sh IS NOT duplicity!
#
# It is only a wrapper script for duplicity written in bash!
#
# This means the following:
#
# * You need to install and configure duplicity BEFORE using duplicity-backup.sh
#
# * The official documentation of duplicity (http://duplicity.nongnu.org/duplicity.1.html)
# is relevant to duplicity-backup.sh too. Virtually any option supported
# by duplicity can be specified in the config file of duplicity-backup.sh.
# See the `STATIC_OPTIONS`, `CLEAN_UP_TYPE` and `CLEAN_UP_VARIABLE` parameters in particular.
#
# * Before asking something about duplicity-backup.sh, ensure that your question
# isnt actually concerning duplicity ;)
# First, make sure you can perform a backup with duplicity without using this script.
# If you can't make the backup work with duplicity alone, the problem is probably
# concerning duplicity and not this script. If you manage to make a backup with duplicity
# alone but not with this script, then there is probably a problem with duplicity-backup.sh.
# GOOGLE CLOUD STORAGE INFORMATION
# Comment out these lines if you're not using Google Cloud storage
GS_ACCESS_KEY_ID="foobar_gcs_key_id"
GS_SECRET_ACCESS_KEY="foobar_gcs_secret_id"
# OPENSTACK OBJECT STORAGE (SWIFT) INFORMATION
# Comment out these lines if you're not using OpenStack Object Storage (Swift)
SWIFT_USERNAME="foobar_swift_tenant:foobar_swift_username"
SWIFT_PASSWORD="foobar_swift_password"
SWIFT_AUTHURL="foobar_swift_authurl"
SWIFT_AUTHVERSION="2"
# S3CMD INFORMATION
# Most people don't need this, but in some cases
# you may want to specify a custom configuration file
# to pass to s3cmd. If so, set the S3CMD_CONF_FILE variable
# to the full path of this custom config file.
# Per default s3cmd uses ${HOME}/.s3cfg
# S3CMD_CONF_FILE='/path/to/your/s3cmd/conf/file'
# ENCRYPTION INFORMATION
# Do you want your backup to be encrypted? yes/no
# If yes, please make sure you specify either PASSPHRASE or GPG_ENC_KEY/GPG_SIGN_KEY
ENCRYPTION='yes'
# If you are NOT running this from a cron, comment this line out
# and duplicity should prompt you for your password.
# Otherwise this password is either used for symmetric encryption
# (your backups will be encrypted with this password) or is used
# for the "GPG_SIGN_KEY" (see below).
# Comment out if you aren't using encryption
# Note: if you have a '$' in your passphrase, escape it with a '\'
PASSPHRASE="foobar_gpg_passphrase"
# Specify which GPG keys you would like to use (even if you have only one).
# If you are running this from a cron, it is highly recommended to create separate
# signature and encryption keys, because you have to specify the password for the
# GPG_SIGN_KEY via the above PASSPHRASE variable
# (see http://www.debian-administration.org/articles/209#d0e109).
# If you are not running the script from a cron, duplicity should prompt you for the
# GPG_SIGN_KEY password.
# If you choose to use the same GPG key for encryption and signature, set it both
# in GPG_ENC_KEY and GPG_SIGN_KEY.
# Comment out if you're using only PASSPHRASE (symmetric encryption) or not using
# encryption at all.
GPG_ENC_KEY="foobar_gpg_key"
GPG_SIGN_KEY="foobar_gpg_key"
# Do you want to hide the key id of the encrypted files? yes/no
# It uses the gpg's --hidden-recipient command to obfuscate the owner of the backup.
# On restore, gpg will automatically try all available secret keys in order to
# decrypt the backup. See gpg(1) for more details.
# HIDE_KEY_ID='yes'
# You can optionally specify the secret keyring file to use for the encryption and
# signing keys. If not specified, the default secret keyring is used which is
# usually located at ~/.gnupg/secring.gpg
# SECRET_KEYRING="/home/foobar_user_name/.gnupg/duplicity.gpg
# ------------------------------------------------------------------------------
# BACKUP SOURCE INFORMATION
# ------------------------------------------------------------------------------
#
# The ROOT of your backup (where you want the backup to start);
# This can be / or somewhere else -- I use /home/ because all the
# directories start with /home/ that I want to backup.
# directories that I want to backup start with /home/.
#
ROOT="/home"
# ------------------------------------------------------------------------------
# BACKUP DESTINATION INFORMATION
# ------------------------------------------------------------------------------
# In my case, I use Amazon S3 use this - so I made up a unique
# bucket name (you don't have to have one created, it will do it
# for you). If you don't want to use Amazon S3, you can backup
@ -122,9 +90,10 @@ ROOT="/home"
# If using the s3://... scheme and you have s3cmd installed, be sure to change
# 's3.amazonaws.com' to the appropriate host in your .s3cfg file so that the
# remote file size check will work.
#DEST="s3://host/backup-bucket/backup-folder/"
DEST="s3+http://foobar-backup-bucket/backup-folder/"
#
# Other possible locations
# Be sure to check duplicity's man page to know how to use them
# (http://duplicity.nongnu.org/duplicity.1.html)
@ -141,7 +110,10 @@ DEST="s3+http://foobar-backup-bucket/backup-folder/"
#DEST="gdocs://foobar_google_account/some_dir"
#DEST="swift://foobar_swift_container/some_dir"
# ------------------------------------------------------------------------------
# DESTINATION BACKEND PASSWORD
# ------------------------------------------------------------------------------
# Instead of setting the password needed for the backup destination in the
# DEST url, you can supply it in the FTP_PASSWORD variable below, which is
# used by most, if not all backends, regardless of its name.
@ -149,13 +121,54 @@ DEST="s3+http://foobar-backup-bucket/backup-folder/"
# "Supported by most backends which are password capable. More secure than
# setting it in the backend url (which might be readable in the operating
# systems process listing to other users on the same machine)."
#
#FTP_PASSWORD="password"
# ------------------------------------------------------------------------------
# AMAZON S3 INFORMATION
# ------------------------------------------------------------------------------
# Uncomment these lines if you're using Amazon S3
#
#AWS_ACCESS_KEY_ID="foobar_aws_key_id"
#AWS_SECRET_ACCESS_KEY="foobar_aws_access_key"
#
# S3CMD INFORMATION
# Most people don't need this, but in some cases
# you may want to specify a custom configuration file
# to pass to s3cmd. If so, set the S3CMD_CONF_FILE variable
# to the full path of this custom config file.
# Per default s3cmd uses ${HOME}/.s3cfg
#
#S3CMD_CONF_FILE='/path/to/your/s3cmd/conf/file'
# ------------------------------------------------------------------------------
# GOOGLE CLOUD STORAGE INFORMATION
# ------------------------------------------------------------------------------
# Uncomment these lines if you're using Google Cloud storage
#
#GS_ACCESS_KEY_ID="foobar_gcs_key_id"
#GS_SECRET_ACCESS_KEY="foobar_gcs_secret_id"
# ------------------------------------------------------------------------------
# OPENSTACK OBJECT STORAGE (SWIFT) INFORMATION
# ------------------------------------------------------------------------------
# Uncomment these lines if you're using OpenStack Object Storage (Swift)
#
#SWIFT_USERNAME="foobar_swift_tenant:foobar_swift_username"
#SWIFT_PASSWORD="foobar_swift_password"
#SWIFT_AUTHURL="foobar_swift_authurl"
#SWIFT_AUTHVERSION="2"
# ------------------------------------------------------------------------------
# INCLUDE LIST OF DIRECTORIES
# ------------------------------------------------------------------------------
# Here is a list of directories to include; if you want to include
# everything that is in ROOT, leave this list empty.
#
# Here is an example with multiple locations:
#
#INCLIST=( "/home/*/Documents" \
# "/home/*/Projects" \
# "/home/*/logs" \
@ -163,14 +176,19 @@ DEST="s3+http://foobar-backup-bucket/backup-folder/"
# )
#
# Simpler example with one location:
INCLIST=( "/home/foobar_user_name/Documents/" )
# ------------------------------------------------------------------------------
# EXCLUDE LIST OF DIRECTORIES
# ------------------------------------------------------------------------------
# Even though I am being specific about what I want to include,
# there is still a lot of stuff I don't need.
# If you don't want to exclude anything, leave this list empty.
#
# Here is an example with multiple locations:
#
#EXCLIST=( "/home/*/Trash" \
# "/home/*/Projects/Completed" \
# "/**.DS_Store" \
@ -178,15 +196,18 @@ INCLIST=( "/home/foobar_user_name/Documents/" )
# "/**.AppleDouble" \
# )
# Simpler example with one location. Adapt it to your needs.
EXCLIST=( "/home/foobar_user_name/Documents/foobar-to-exclude" )
# ------------------------------------------------------------------------------
# INCLUDE GLOBBING FILELIST
# ------------------------------------------------------------------------------
# Instead of using the INCLIST/EXCLIST variable you can also define a special
# (text-)file where each line in the filelist will be interpreted as
# a globbing pattern. By using the '+' or '-' sign at the beginning of each line
# you are able to specify if the folder should be included or excluded.
#
#
# Example:
# + /dir/foo
# - /dir/foob*
@ -195,41 +216,104 @@ EXCLIST=( "/home/foobar_user_name/Documents/foobar-to-exclude" )
# From the duplicity manual:
# Lines starting with "+" are interpreted as include directives[...]Similarly, lines starting with "-" exclude files even if they are found within an include filelist.
# For more examples or information refer to http://duplicity.nongnu.org/duplicity.1.html#sect10
# INCEXCFILE=/path/to/file
#
#INCEXCFILE=/path/to/file
# ------------------------------------------------------------------------------
# EXCLUDE DEVICE FILES
# ------------------------------------------------------------------------------
# Exclude all device files. This can be useful for security/permissions reasons
# or if device files are not handled correctly.
#
# EXDEVICEFILES=1
#EXDEVICEFILES=1
# ------------------------------------------------------------------------------
# ENCRYPTION INFORMATION
# ------------------------------------------------------------------------------
#
# Do you want your backup to be encrypted? yes/no
# If yes, please make sure you specify either PASSPHRASE or GPG_ENC_KEY/GPG_SIGN_KEY
ENCRYPTION='yes'
# If you are NOT running this from a cron, comment this line out
# and duplicity should prompt you for your password.
# Otherwise this password is either used for symmetric encryption
# (your backups will be encrypted with this password) or is used
# for the "GPG_SIGN_KEY" (see below).
# Comment out if you aren't using encryption
# Note: if you have a '$' in your passphrase, escape it with a '\'
PASSPHRASE="foobar_gpg_passphrase"
# Specify which GPG keys you would like to use (even if you have only one).
# If you are running this from a cron, it is highly recommended to create separate
# signature and encryption keys, because you have to specify the password for the
# GPG_SIGN_KEY via the above PASSPHRASE variable
# (see http://www.debian-administration.org/articles/209#d0e109).
# If you are not running the script from a cron, duplicity should prompt you for the
# GPG_SIGN_KEY password.
# If you choose to use the same GPG key for encryption and signature, set it both
# in GPG_ENC_KEY and GPG_SIGN_KEY.
# Comment out if you're using only PASSPHRASE (symmetric encryption) or not using
# encryption at all.
GPG_ENC_KEY="foobar_gpg_key"
GPG_SIGN_KEY="foobar_gpg_key"
# Do you want to hide the key id of the encrypted files? yes/no
# It uses the gpg's --hidden-recipient command to obfuscate the owner of the backup.
# On restore, gpg will automatically try all available secret keys in order to
# decrypt the backup. See gpg(1) for more details.
#
# HIDE_KEY_ID='yes'
# You can optionally specify the secret keyring file to use for the encryption and
# signing keys. If not specified, the default secret keyring is used which is
# usually located at ~/.gnupg/secring.gpg
#
#SECRET_KEYRING="/home/foobar_user_name/.gnupg/duplicity.gpg
# ------------------------------------------------------------------------------
# STATIC BACKUP OPTIONS
# ------------------------------------------------------------------------------
#
# Here you can define the static backup options that you want to run with
# duplicity. Reference is the manpage of duplicity (available at
# http://duplicity.nongnu.org/duplicity.1.html for example)
# Useful examples are `--full-if-older-than` option and (for those using
# Amazon S3 in Europe) `--s3-use-new-style` and `--s3-european-buckets` options
# Be sure to separate your options with appropriate spacing.
STATIC_OPTIONS="--full-if-older-than 14D --s3-use-new-style"
# ------------------------------------------------------------------------------
# FULL BACKUP & REMOVE OLDER THAN SETTINGS
# ------------------------------------------------------------------------------
#
# Because duplicity will continue to add to each backup as you go,
# it will eventually create a very large set of files. Also, incremental
# backups leave room for problems in the chain, so doing a "full"
# backup every so often is not a bad idea.
#
# You can remove older than a specific time period:
#
#CLEAN_UP_TYPE="remove-older-than"
#CLEAN_UP_VARIABLE="31D"
#
# Or, If you would rather keep a certain (n) number of full backups (rather
# than removing the files based on their age), you can use what I use:
CLEAN_UP_TYPE="remove-all-but-n-full"
CLEAN_UP_VARIABLE="4"
# The third option is to skip cleanup altogether, by:
# CLEAN_UP_TYPE="none"
#
#CLEAN_UP_TYPE="none"
#
# In combination with "remove-older-than" clean-up type, you may want
# to keep only the full backups older than (n) number backup sets. For example,
@ -244,9 +328,14 @@ CLEAN_UP_VARIABLE="4"
# incrementals for backup sets beyond the four most recent, keeping
# only the full weekly backups for those backup sets. The incrementals
# for the four most recent backup sets remain untouched.
#
#REMOVE_INCREMENTALS_OLDER_THAN="4"
# ------------------------------------------------------------------------------
# LOGFILE INFORMATION DIRECTORY
# ------------------------------------------------------------------------------
#
# Provide directory for logfile, ownership of logfile & directory, and verbosity level.
# I run this script as root, but save the log files under my user name --
# just makes it easier for me to read them and delete them as needed.
@ -254,19 +343,30 @@ CLEAN_UP_VARIABLE="4"
LOGDIR="/home/foobar_user_name/logs/test2/"
LOG_FILE="duplicity-`date +%Y-%m-%d_%H-%M`.txt"
LOG_FILE_OWNER="foobar_user_name:foobar_user_name"
# Note that if the configured LOGDIR does not exist it will be created
# and its owner:group set to that of the configured LOG_FILE_OWNER.
# If the configured LOGDIR already exists no change to owner:group is attempted.
#
#REMOVE_LOGS_OLDER_THAN='30' # (days) uncomment to activate
VERBOSITY="-v3"
# Set the tmpdir for duplicity to use.
#TMPDIR="/tmp"
# ------------------------------------------------------------------------------
# EMAIL ALERT (*thanks: rmarescu*)
# ------------------------------------------------------------------------------
#
# Provide an email address to receive the logfile by email. If no email
# address is provided, no alert will be sent.
# You can set a custom from email address and a custom subject (both optionally)
# If no value is provided for the subject, the following value will be
# used by default: "duplicity-backup Alert ${LOG_FILE}"
# MTA used: mailx
#EMAIL="admin@example.com"
EMAIL_TO=
EMAIL_FROM=
@ -279,13 +379,16 @@ MAIL="mailx" # default command for Linux mail
#MAIL="sendmail"
#MAIL="msmtp"
# TROUBLESHOOTING: If you are having any problems running this script it is
# ------------------------------------------------------------------------------
# TROUBLESHOOTING
# ------------------------------------------------------------------------------
#
# If you are having any problems running this script it is
# helpful to see the command output that is being generated to determine if the
# script is causing a problem or if it is an issue with duplicity (or your
# setup). Simply uncomment the ECHO line below and the commands will be
# printed to the logfile. This way, you can see if the problem is with the
# script or with duplicity.
#
#ECHO=$(which echo)
# Set the tmpdir for duplicity to use.
#TMPDIR="/tmp"

15
duplicity-backup.sh
View file

@ -29,9 +29,13 @@
# Default config file (don't forget to copy duplicity-backup.conf.example to
# match that path)
# NOTE: It can be useful not to edit this script at all to ease future updates
# so the config file can be specified directly on the command line too
# with the -c option.
#
# NOTE: It is RECOMMENDED to use the command line option -c to specify the
# location of the config file. The CONFIG variable here is only used for
# fallback purposes (look for the file named 'duplicity-backup.conf' in
# the same folder as the script, if the option -c is not given).
# It is DEPRECATED to edit this.
CONFIG="duplicity-backup.conf"
##############################################################
@ -166,9 +170,11 @@ else
usage
exit 1
fi
STATIC_OPTIONS="$DRY_RUN$STATIC_OPTIONS"
SIGN_PASSPHRASE=$PASSPHRASE
export AWS_ACCESS_KEY_ID
export AWS_SECRET_ACCESS_KEY
export GS_ACCESS_KEY_ID
@ -179,6 +185,7 @@ export SWIFT_AUTHURL
export SWIFT_AUTHVERSION
export PASSPHRASE
export SIGN_PASSPHRASE
if [[ -n "$FTP_PASSWORD" ]]; then
export FTP_PASSWORD
fi
@ -223,11 +230,13 @@ size information unavailable."
NO_GSCMD_CFG="WARNING: gsutil is not configured, run 'gsutil config' \
in order to retrieve remote file size information. Remote file \
size information unavailable."
NO_S3CMD="WARNING: s3cmd not found in PATH, remote file \
size information unavailable."
NO_S3CMD_CFG="WARNING: s3cmd is not configured, run 's3cmd --configure' \
in order to retrieve remote file size information. Remote file \
size information unavailable."
README_TXT="In case you've long forgotten, this is a backup script that you used to backup some files (most likely remotely at Amazon S3). In order to restore these files, you first need to import your GPG private(s) key(s) (if you haven't already). The key(s) is/are in this directory and the following command(s) should do the trick:\n\nIf you were using the same key for encryption and signature:\n gpg --allow-secret-key-import --import duplicity-backup-encryption-and-sign-secret.key.txt\nOr if you were using two separate keys for encryption and signature:\n gpg --allow-secret-key-import --import duplicity-backup-encryption-secret.key.txt\n gpg --allow-secret-key-import --import duplicity-backup-sign-secret.key.txt\n\nAfter your key(s) has/have been succesfully imported, you should be able to restore your files.\n\nGood luck!"
if [ ! -x "$DUPLICITY" ]; then