Last active
November 20, 2018 13:08
-
-
Save CodeSigils/31c48f61456c6e3c01ee2a5b35347650 to your computer and use it in GitHub Desktop.
A simple script using Duplicity and pass for Backblaze cloud encrypted backups
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# A simple script using Duplicity and pass | |
# for cloud encrypted Backblaze backups | |
# Basic Duplicity syntax examples: | |
# https://www.systutorials.com/docs/linux/man/1-duplicity/ | |
# | |
# 1. duplicity [source language="directory"][/source] file://[destination directory] | |
# | |
# 2. duplicity \ | |
# --encrypt-key "[encrypt key]" --sign-key "[sign key]" \ | |
# --exclude-filelist=exclusion_list/ ftp://[FTP user]@[FTP server]/[backup folder] | |
# Check if duplicity and pass are installed | |
if [ ! -x "$(which duplicity)" ] & [ ! -x "$(which pass)" ]; then | |
echo "ERROR: Please make sure 'duplicity' AND 'pass' are both installed !" >&2 | |
exit 1 | |
fi | |
# Define GPG key IDs (last 8 characters) | |
# Note: Signing key must be generated first. | |
# Generate with: gpg --full-generate-key | |
ENC_KEY="<gpg-encryption-key-id>" | |
SIGN_KEY="<gpg-signature-key-id>" | |
# Use 'pass' or any other cli password manager to avoid hardcoding | |
# your secrets in this file | |
export ENC_PASSPHRASE="pass show keys/duplicity_crypt_pass | head -1" | |
export SIGN_PASSPHRASE="pass show keys/duplicity_sign_pass | head -1" | |
# Source: Local directory to backup | |
LOCAL_DIR="/home/My-backup" | |
# Exclude list using a custom file | |
EX_LIST="/data/Backups/ex_files.txt" | |
# Duplicity backends. | |
# Check duplicity's man page on how to use them: | |
# (http://duplicity.nongnu.org/duplicity.1.html) | |
# | |
# CF="cf+http://container_name" | |
# LOCAL_DEST="file:///some_dir" | |
# FTP="ftp://user[:password]@other.host[:port]/some_dir" | |
# FTPS="ftps://user[:password]@other.host[:port]/some_dir" | |
# HSI="hsi://user[:password]@other.host[:port]/some_dir" | |
# IMAP="imap://user[:password]@other.host[:port]/some_dir" | |
# RSYNC_DIR="rsync://user[:password]@other.host[:port]::/module/some_dir" | |
# RSYNC_REL="rsync://user[:password]@other.host[:port]/relative_path" | |
# RSYNC_ABS="rsync://user[:password]@other.host[:port]//absolute_path" | |
# S3_HOST="s3://other.host[:port]/bucket_name[/prefix]" | |
# S3_BUCKET="s3+http://bucket_name[/prefix]" | |
# SCP="scp://user[:password]@other.host[:port]/some_dir" | |
# SSH="ssh://user[:password]@other.host[:port]/some_dir" | |
# SWIFT="swift://container_name" | |
# TAHOE="tahoe://alias/directory" | |
# WEBDAV="webdav://user[:password]@other.host/some_dir" | |
# WEBDAVS="webdavs://user[:password]@other.host/some_dir" | |
# GDOCS="gdocs://user[:password]@other.host/some_dir" | |
# PYDRIVE="pydrive://user@other.host/some_dir" | |
# MEGA="mega://${MEGA_USER}:${MEGA_PASS}@${MEGA_HOST}/${MEGA_DIR}" | |
# COPY="copy://user[:password]@other.host/some_dir" | |
# DROPBOX="dpbx:///some_dir" | |
# ONEDRIVE="onedrive://some_dir" | |
# AZURE="azure://container_name" | |
# B2="b2://account_id[:application_key]@bucket_name/[some_dir/]" | |
B2="b2://${B2_ACCOUNT}:${B2_KEY}@${B2_BUCKET}/${B2_DIR}" | |
# MF="mf://user[:password]@other.host/some_dir" | |
# ------------------------------------------------------------------------------ | |
# BACKBLAZE B2 Config | |
# ------------------------------------------------------------------------------ | |
# Account ID: <account-id> | |
# Bucket ID: <backet-id> | |
# Bucket Name: <backet-name> | |
# keyName: <key-name> | |
# Application Key Id: <app-key-id> | |
# Application Key: <app-key> | |
# ------------------------------------------------ | |
DEST=$B2 | |
B2_ACCOUNT="<account-id>" | |
B2_KEY="<app-key>" | |
B2_BUCKET="<backet-name>" | |
B2_DIR="<b2-dir>" | |
# Remove files older than 90 days | |
duplicity \ | |
--sign-key $SIGN_KEY --encrypt-key $ENC_KEY \ | |
remove-older-than 90D --force \ | |
"$DEST" | |
# Perform the backup, make a full backup if it's been over 30 days | |
duplicity \ | |
--sign-key $SIGN_KEY --encrypt-key $ENC_KEY \ | |
--full-if-older-than 30D \ | |
--exclude-filelist=${EX_LIST} \ | |
${LOCAL_DIR} \ | |
"$DEST" | |
# Cleanup failures | |
duplicity \ | |
cleanup --force \ | |
--sign-key $SIGN_KEY --encrypt-key $ENC_KEY \ | |
"$DEST" | |
# Show collection-status | |
duplicity collection-status \ | |
--sign-key $SIGN_KEY --encrypt-key $ENC_KEY \ | |
"$DEST" | |
# Unset variables | |
unset B2_ACCOUNT | |
unset B2_KEY | |
unset B2_BUCKET | |
unset B2_DIR | |
unset LOCAL_DIR | |
unset DEST | |
unset EX_LIST | |
unset ENC_KEY | |
unset SIGN_KEY | |
unset ENC_PASSPHRASE | |
unset SIGN_PASSPHRASE |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment