alainwolf/pfsense-backup.sh

## pfsense-backup.sh
#!/bin/ash
#
# Backup pfSense configuration files
# for Synology DiskStation
# Tested on
#   DSM 6.1.6-15266 Update 1 - MARVELL Armada XP MV78230 (DS214+)
#   pSense 2.4.3-RELEASE (amd64) - FreeBSD 11.1-RELEASE-p7
#
# Author: Alain Wolf <alain@alainwolf.ch> - https://gist.github.com/alainwolf/
# Date/Version: 2018-04-22/1.5
#

# Abort on errors
set -e

#
# Hostname or IP address of the pfSense Firewall (must have passwordless login)
SOURCE_HOST="pfsense.example.net"
#
# Filename of the configuration backup
FILE_NAME="${SOURCE_HOST}"
#
# OpenPGP key ID for encryption (must have public key in local keyring)
PGP_KEYID="0x0123456789ABCDEF"
#
# Where to store the encrypted configuration backup file
TARGET_DIR="/var/services/NetBackup/example.net/pfSense"
#
# GnuPG Home Directory of the user running this script
GNUPGHOME="/var/services/homes/${USER}/.gnupg"
#
# --- Do not change anything below this line! ---
#
backup_file="${FILE_NAME}_$( date +%F_%H-%M-%S )"
scp_source="${SOURCE_HOST}:/cf/conf"
temp_dir=$( mktemp --directory )

echo
echo "Starting backup of configuration files from ${SOURCE_HOST}"
echo

# Download the configuration from the Firewall
scp -B -q -p -r "${scp_source}" "${temp_dir}/conf"
echo "Downloaded files to ${temp_dir}/conf."

# Compress
cd "${temp_dir}"
zip --quiet --recurse-paths "${backup_file}.zip" "conf"
echo "Archived files in ${backup_file}.zip"

# Encrypt
echo "Encrypting archive with OpenPGP key ${PGP_KEYID}"
gpg --homedir ${GNUPGHOME} --batch --trust-model always \
    --recipient ${PGP_KEYID} \
    --output "${TARGET_DIR}/${backup_file}.zip.pgp" \
    --encrypt "${backup_file}.zip"
echo "Encrypted file saved to ${TARGET_DIR}/${backup_file}.zip.pgp"

# Clean up
echo "Cleaning up ${temp_dir}."
cd /
rm -rf "${temp_dir}"

# Success
echo
echo "Backup completed. Have a nice day."
echo
	#!/bin/ash
	#
	# Backup pfSense configuration files
	# for Synology DiskStation
	# Tested on
	# DSM 6.1.6-15266 Update 1 - MARVELL Armada XP MV78230 (DS214+)
	# pSense 2.4.3-RELEASE (amd64) - FreeBSD 11.1-RELEASE-p7
	#
	# Author: Alain Wolf <alain@alainwolf.ch> - https://gist.github.com/alainwolf/
	# Date/Version: 2018-04-22/1.5
	#

	# Abort on errors
	set -e

	#
	# Hostname or IP address of the pfSense Firewall (must have passwordless login)
	SOURCE_HOST="pfsense.example.net"
	#
	# Filename of the configuration backup
	FILE_NAME="${SOURCE_HOST}"
	#
	# OpenPGP key ID for encryption (must have public key in local keyring)
	PGP_KEYID="0x0123456789ABCDEF"
	#
	# Where to store the encrypted configuration backup file
	TARGET_DIR="/var/services/NetBackup/example.net/pfSense"
	#
	# GnuPG Home Directory of the user running this script
	GNUPGHOME="/var/services/homes/${USER}/.gnupg"
	#
	# --- Do not change anything below this line! ---
	#
	backup_file="${FILE_NAME}_$( date +%F_%H-%M-%S )"
	scp_source="${SOURCE_HOST}:/cf/conf"
	temp_dir=$( mktemp --directory )

	echo
	echo "Starting backup of configuration files from ${SOURCE_HOST}"
	echo

	# Download the configuration from the Firewall
	scp -B -q -p -r "${scp_source}" "${temp_dir}/conf"
	echo "Downloaded files to ${temp_dir}/conf."

	# Compress
	cd "${temp_dir}"
	zip --quiet --recurse-paths "${backup_file}.zip" "conf"
	echo "Archived files in ${backup_file}.zip"

	# Encrypt
	echo "Encrypting archive with OpenPGP key ${PGP_KEYID}"
	gpg --homedir ${GNUPGHOME} --batch --trust-model always \
	--recipient ${PGP_KEYID} \
	--output "${TARGET_DIR}/${backup_file}.zip.pgp" \
	--encrypt "${backup_file}.zip"
	echo "Encrypted file saved to ${TARGET_DIR}/${backup_file}.zip.pgp"

	# Clean up
	echo "Cleaning up ${temp_dir}."
	cd /
	rm -rf "${temp_dir}"

	# Success
	echo
	echo "Backup completed. Have a nice day."
	echo