#!/bin/bash # # Copyright (c) 2008-2010 Damon Timm. # Copyright (c) 2010 Mario Santagiuliana. # Copyright (c) 2012-2013 Marc Gallet. # # This program is free software: you can redistribute it and/or modify it under # the terms of the GNU General Public License as published by the Free Software # Foundation, either version 3 of the License, or (at your option) any later # version. # # This program is distributed in the hope that it will be useful, but WITHOUT # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS # FOR A PARTICULAR PURPOSE. See the GNU General Public License for more # details. # # You should have received a copy of the GNU General Public License along with # this program. If not, see . # # MORE ABOUT THIS SCRIPT AVAILABLE IN THE README AND AT: # # http://zertrin.org/projects/duplicity-backup/ (for this version) # http://damontimm.com/code/dt-s3-backup (for the original programi by Damon Timm) # # Latest code available at: # http://github.com/zertrin/duplicity-backup # # List of contributors: # https://github.com/zertrin/duplicity-backup/graphs/contributors # # ---------------------------------------------------------------------------- # # ############################################# # # DUPLICITY-BACKUP CONFIG FILE # # ############################################# # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # ! DO NOT edit duplicity-backup.conf.example ! # ! please copy it to anywhere you want ! # ! (typically duplicity-backup.conf) ! # ! and edit this file instead ! # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # AMAZON S3 INFORMATION # Comment out these lines if you're not using Amazon S3 AWS_ACCESS_KEY_ID="foobar_aws_key_id" AWS_SECRET_ACCESS_KEY="foobar_aws_access_key" # GOOGLE CLOUD STORAGE INFORMATION # Comment out these lines if you're not using Google Cloud storage GS_ACCESS_KEY_ID="foobar_gcs_key_id" GS_SECRET_ACCESS_KEY="foobar_gcs_secret_id" # S3CMD INFORMATION # Most people don't need this, but in some cases # you may want to specify a custom configuration file # to pass to s3cmd. If so, set the S3CMD_CONF_FILE variable # to the full path of this custom config file. # Per default s3cmd uses ${HOME}/.s3cfg # S3CMD_CONF_FILE='/path/to/your/s3cmd/conf/file' # ENCRYPTION INFORMATION # Do you want your backup to be encrypted? yes/no # If yes, please make sure you specify either PASSPHRASE or GPG_ENC_KEY/GPG_SIGN_KEY ENCRYPTION='yes' # If you are NOT running this from a cron, comment this line out # and duplicity should prompt you for your password. # Otherwise this password is either used for symmetric encryption # (your backups will be encrypted with this password) or is used # for the "GPG_SIGN_KEY" (see below). # Comment out if you aren't using encryption # Note: if you have a '$' in your passphrase, escape it with a '\' PASSPHRASE="foobar_gpg_passphrase" # Specify which GPG keys you would like to use (even if you have only one). # If you are running this from a cron, it is highly recommended to create separate # signature and encryption keys, because you have to specify the password for the # GPG_SIGN_KEY via the above PASSPHRASE variable # (see http://www.debian-administration.org/articles/209#d0e109). # If you are not running the script from a cron, duplicity should prompt you for the # GPG_SIGN_KEY password. # If you choose to use the same GPG key for encryption and signature, set it both # in GPG_ENC_KEY and GPG_SIGN_KEY. # Comment out if you're using only PASSPHRASE (symmetric encryption) or not using # encryption at all. GPG_ENC_KEY="foobar_gpg_key" GPG_SIGN_KEY="foobar_gpg_key" # Do you want to hide the key id of the encrypted files? yes/no # It uses the gpg's --hidden-recipient command to obfuscate the owner of the backup. # On restore, gpg will automatically try all available secret keys in order to # decrypt the backup. See gpg(1) for more details. # HIDE_KEY_ID='yes' # You can optionally specify the secret keyring file to use for the encryption and # signing keys. If not specified, the default secret keyring is used which is # usually located at ~/.gnupg/secring.gpg # SECRET_KEYRING="/home/foobar_user_name/.gnupg/duplicity.gpg # BACKUP SOURCE INFORMATION # The ROOT of your backup (where you want the backup to start); # This can be / or somewhere else -- I use /home/ because all the # directories start with /home/ that I want to backup. ROOT="/home" # BACKUP DESTINATION INFORMATION # In my case, I use Amazon S3 use this - so I made up a unique # bucket name (you don't have to have one created, it will do it # for you). If you don't want to use Amazon S3, you can backup # to a file or any of duplicity's supported outputs. # # The s3+http scheme uses the default aws s3 hostname. # Use s3://host/bucket/[backup-folder/] if you want to specify the host name. # If using the s3://... scheme and you have s3cmd installed, be sure to change # 's3.amazonaws.com' to the appropriate host in your .s3cfg file so that the # remote file size check will work. #DEST="s3://host/backup-bucket/backup-folder/" DEST="s3+http://foobar-backup-bucket/backup-folder/" # # Other possible locations # Be sure to check duplicity's man page to know how to use them # (http://duplicity.nongnu.org/duplicity.1.html) # #DEST="gs://foobar-backup-bucket/backup-folder/" #DEST="ftp://user[:password]@other.host[:port]/some_dir" #DEST="rsync://user@host.com[:port]//absolute_path" #DEST="scp://user[:password]@other.host[:port]/[/]some_dir" #DEST="ssh://user[:password]@other.host[:port]/[/]some_dir" #DEST="sftp://user[:password]@other.host[:port]/[/]some_dir" #DEST="file:///home/foobar_user_name/new-backup-test/" #DEST="imap[s]://user[:password]@host.com[/from_address_prefix]" #DEST="webdav[s]://user[:password]@other.host[:port]/some_dir" #DEST="gdocs://foobar_google_account/some_dir" # DESTINATION BACKEND PASSWORD # Instead of setting the password needed for the backup destination in the # DEST url, you can supply it in the FTP_PASSWORD variable below, which is # used by most, if not all backends, regardless of it’s name. # Duplicity's official documentation states: # "Supported by most backends which are password capable. More secure than # setting it in the backend url (which might be readable in the operating # systems process listing to other users on the same machine)." #FTP_PASSWORD="password" # INCLUDE LIST OF DIRECTORIES # Here is a list of directories to include; if you want to include # everything that is in ROOT, leave this list empty. # # Here is an example with multiple locations: #INCLIST=( "/home/*/Documents" \ # "/home/*/Projects" \ # "/home/*/logs" \ # "/home/www/mysql-backups" \ # ) # # Simpler example with one location: INCLIST=( "/home/foobar_user_name/Documents/" ) # EXCLUDE LIST OF DIRECTORIES # Even though I am being specific about what I want to include, # there is still a lot of stuff I don't need. # If you don't want to exclude anything, leave this list empty. # # Here is an example with multiple locations: #EXCLIST=( "/home/*/Trash" \ # "/home/*/Projects/Completed" \ # "/**.DS_Store" \ # "/**Icon?" \ # "/**.AppleDouble" \ # ) # Simpler example with one location. Adapt it to your needs. EXCLIST=( "/home/foobar_user_name/Documents/foobar-to-exclude" ) # INCLUDE GLOBBING FILELIST # Instead of using the INCLIST/EXCLIST variable you can also define a special # (text-)file where each line in the filelist will be interpreted as # a globbing pattern. By using the '+' or '-' sign at the beginning of each line # you are able to specify if the folder should be included or excluded. # # # Example: # + /dir/foo # - /dir/foob* # + /dir/* # # From the duplicity manual: # Lines starting with "+" are interpreted as include directives[...]Similarly, lines starting with "-" exclude files even if they are found within an include filelist. # For more examples or information refer to http://duplicity.nongnu.org/duplicity.1.html#sect10 # INCEXCFILE=/path/to/file # EXCLUDE DEVICE FILES # Exclude all device files. This can be useful for security/permissions reasons # or if device files are not handled correctly. # # EXDEVICEFILES=1 # STATIC BACKUP OPTIONS # Here you can define the static backup options that you want to run with # duplicity. Reference is the manpage of duplicity (available at # http://duplicity.nongnu.org/duplicity.1.html for example) # Useful examples are `--full-if-older-than` option and (for those using # Amazon S3 in Europe) `--s3-use-new-style` and `--s3-european-buckets` options # Be sure to separate your options with appropriate spacing. STATIC_OPTIONS="--full-if-older-than 14D --s3-use-new-style" # FULL BACKUP & REMOVE OLDER THAN SETTINGS # Because duplicity will continue to add to each backup as you go, # it will eventually create a very large set of files. Also, incremental # backups leave room for problems in the chain, so doing a "full" # backup every so often is not a bad idea. # # You can remove older than a specific time period: #CLEAN_UP_TYPE="remove-older-than" #CLEAN_UP_VARIABLE="31D" # # Or, If you would rather keep a certain (n) number of full backups (rather # than removing the files based on their age), you can use what I use: CLEAN_UP_TYPE="remove-all-but-n-full" CLEAN_UP_VARIABLE="4" # The third option is to skip cleanup altogether, by: # CLEAN_UP_TYPE="none" # # In combination with "remove-older-than" clean-up type, you may want # to keep only the full backups older than (n) number backup sets. For example, # let's say you set to CLEAN_UP_TYPE="remove-older-than", CLEAN_UP_VARIABLE # to "6M" (six months), STATIC_OPTIONS to "--full-if-older-than 7D" # (a full backup every 7 days), and you execute duplicity-backup once a day. # After six months you'll have 25 full backups, each with daily incrementals # in between. Perhaps you're keeping the backups past 1 month "just in case", # and so the older incrementals are overkill – weekly full backups beyond # one month backward would suffice. In this case you can set # "REMOVE_INCREMENTALS_OLDER_THAN to, say, "4" which will delete the # incrementals for backup sets beyond the four most recent, keeping # only the full weekly backups for those backup sets. The incrementals # for the four most recent backup sets remain untouched. #REMOVE_INCREMENTALS_OLDER_THAN="4" # LOGFILE INFORMATION DIRECTORY # Provide directory for logfile, ownership of logfile & directory, and verbosity level. # I run this script as root, but save the log files under my user name -- # just makes it easier for me to read them and delete them as needed. LOGDIR="/home/foobar_user_name/logs/test2/" LOG_FILE="duplicity-`date +%Y-%m-%d_%H-%M`.txt" LOG_FILE_OWNER="foobar_user_name:foobar_user_name" # Note that if the configured LOGDIR does not exist it will be created # and its owner:group set to that of the configured LOG_FILE_OWNER. # If the configured LOGDIR already exists no change to owner:group is attempted. #REMOVE_LOGS_OLDER_THAN='30' # (days) uncomment to activate VERBOSITY="-v3" # EMAIL ALERT (*thanks: rmarescu*) # Provide an email address to receive the logfile by email. If no email # address is provided, no alert will be sent. # You can set a custom from email address and a custom subject (both optionally) # If no value is provided for the subject, the following value will be # used by default: "duplicity-backup Alert ${LOG_FILE}" # MTA used: mailx #EMAIL="admin@example.com" EMAIL_TO= EMAIL_FROM= EMAIL_SUBJECT= # command to use to send mail MAIL="mailx" # default command for Linux mail #MAIL="mail" # for CentOS, if "mailx" fails try this one #MAIL="ssmtp" #MAIL="sendmail" #MAIL="msmtp" # TROUBLESHOOTING: If you are having any problems running this script it is # helpful to see the command output that is being generated to determine if the # script is causing a problem or if it is an issue with duplicity (or your # setup). Simply uncomment the ECHO line below and the commands will be # printed to the logfile. This way, you can see if the problem is with the # script or with duplicity. #ECHO=$(which echo) # Set the tmpdir for duplicity to use. #TMPDIR="/tmp"