A simple script using Duplicity and pass for Backblaze cloud encrypted backups

duplicity_pass_B2.sh

#!/bin/sh

# A simple script using Duplicity and pass
# for cloud encrypted Backblaze backups 

# Basic Duplicity syntax examples:
# https://www.systutorials.com/docs/linux/man/1-duplicity/
#
# 1. duplicity [source language="directory"][/source] file://[destination directory]
#
# 2. duplicity \
# --encrypt-key "[encrypt key]" --sign-key "[sign key]" \
# --exclude-filelist=exclusion_list/ ftp://[FTP user]@[FTP server]/[backup folder]

# Check if duplicity and pass are installed
if [ ! -x "$(which duplicity)" ] & [ ! -x "$(which pass)" ]; then
    echo "ERROR: Please make sure 'duplicity' AND 'pass' are both installed !" >&2
    exit 1
fi

# Define GPG key IDs (last 8 characters)
# Note: Signing key must be generated first.
# Generate with: gpg --full-generate-key
ENC_KEY="<gpg-encryption-key-id>"
SIGN_KEY="<gpg-signature-key-id>"
# Use 'pass' or any other cli password manager to avoid hardcoding
# your secrets in this file
export ENC_PASSPHRASE="pass show keys/duplicity_crypt_pass | head -1"
export SIGN_PASSPHRASE="pass show keys/duplicity_sign_pass | head -1"

# Source: Local directory to backup
LOCAL_DIR="/home/My-backup"
# Exclude list using a custom file
EX_LIST="/data/Backups/ex_files.txt"

# Duplicity backends.
# Check duplicity's man page on how to use them:
# (http://duplicity.nongnu.org/duplicity.1.html)
#
# CF="cf+http://container_name"
# LOCAL_DEST="file:///some_dir"
# FTP="ftp://user[:password]@other.host[:port]/some_dir"
# FTPS="ftps://user[:password]@other.host[:port]/some_dir"
# HSI="hsi://user[:password]@other.host[:port]/some_dir"
# IMAP="imap://user[:password]@other.host[:port]/some_dir"
# RSYNC_DIR="rsync://user[:password]@other.host[:port]::/module/some_dir"
# RSYNC_REL="rsync://user[:password]@other.host[:port]/relative_path"
# RSYNC_ABS="rsync://user[:password]@other.host[:port]//absolute_path"
# S3_HOST="s3://other.host[:port]/bucket_name[/prefix]"
# S3_BUCKET="s3+http://bucket_name[/prefix]"
# SCP="scp://user[:password]@other.host[:port]/some_dir"
# SSH="ssh://user[:password]@other.host[:port]/some_dir"
# SWIFT="swift://container_name"
# TAHOE="tahoe://alias/directory"
# WEBDAV="webdav://user[:password]@other.host/some_dir"
# WEBDAVS="webdavs://user[:password]@other.host/some_dir"
# GDOCS="gdocs://user[:password]@other.host/some_dir"
# PYDRIVE="pydrive://user@other.host/some_dir"
# MEGA="mega://${MEGA_USER}:${MEGA_PASS}@${MEGA_HOST}/${MEGA_DIR}"
# COPY="copy://user[:password]@other.host/some_dir"
# DROPBOX="dpbx:///some_dir"
# ONEDRIVE="onedrive://some_dir"
# AZURE="azure://container_name"
# B2="b2://account_id[:application_key]@bucket_name/[some_dir/]"
B2="b2://${B2_ACCOUNT}:${B2_KEY}@${B2_BUCKET}/${B2_DIR}"
# MF="mf://user[:password]@other.host/some_dir"

# ------------------------------------------------------------------------------
# BACKBLAZE B2 Config
# ------------------------------------------------------------------------------
# Account ID: <account-id>
# Bucket ID: <backet-id>
# Bucket Name: <backet-name>
# keyName: <key-name>
# Application Key Id: <app-key-id>
# Application Key: <app-key>
# ------------------------------------------------
DEST=$B2
B2_ACCOUNT="<account-id>"
B2_KEY="<app-key>"
B2_BUCKET="<backet-name>"
B2_DIR="<b2-dir>"

# Remove files older than 90 days
duplicity \
--sign-key $SIGN_KEY --encrypt-key $ENC_KEY \
remove-older-than 90D --force \
"$DEST"

# Perform the backup, make a full backup if it's been over 30 days
duplicity \
--sign-key $SIGN_KEY --encrypt-key $ENC_KEY \
--full-if-older-than 30D \
--exclude-filelist=${EX_LIST} \
${LOCAL_DIR} \
"$DEST"

# Cleanup failures
duplicity \
cleanup --force \
--sign-key $SIGN_KEY --encrypt-key $ENC_KEY \
"$DEST"

# Show collection-status
duplicity collection-status \
--sign-key $SIGN_KEY --encrypt-key $ENC_KEY \
"$DEST"

# Unset variables
unset B2_ACCOUNT
unset B2_KEY
unset B2_BUCKET
unset B2_DIR
unset LOCAL_DIR
unset DEST
unset EX_LIST
unset ENC_KEY
unset SIGN_KEY
unset ENC_PASSPHRASE
unset SIGN_PASSPHRASE