Last active
April 1, 2020 12:24
-
-
Save fulldecent/910fcd42350d59cb8558 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## | |
| ## backup-to-insecure-remote-server v1.0 | |
| ## William Entriken / github.com@phor.net | |
| ## | |
| ## YOU NEED TO KEEP A BACKUP OF .encfs6.xml AND YOUR PASSKEY!!! | |
| ## | |
| ## TODO | |
| ## * Create a restore action | |
| ## * Make a quick task to confirm that restoring works | |
| ## | |
| ## PREREQUESITES | |
| ## 1. `brew install rofs-filtered` | |
| ## 2. `brew install rsync` # must be version 3 or greater | |
| ## 3. `brew install encfs` | |
| ## | |
| ## NOTES | |
| ## http://bubba.org/wiki/Encrypted_Remote_Backups_with_Sparse_Bundles recommends rsync -E | |
| require 'colorize' | |
| plaintext_dir = "/Volumes/FDDISK/" | |
| filtered_dir = "/tmp/fd-disk-filtered" | |
| ciphertext_dir = "/tmp/fd-disk-encrypted/" | |
| extpass = "security find-generic-password -gwl encfs" # http://blog.macromates.com/2006/keychain-access-from-shell/ | |
| backup_location = "root@camera.phor.net:/media/backupenc/" | |
| rsync_command = "rsync" # must be version 3 or greater | |
| # | |
| # RESTORE | |
| # sshfs root@camera.phor.net:/ ~/Mount/camera.phor.net | |
| # ENCFS6_CONFIG=~/fddisk_encfs6.xml encfs --extpass='security find-generic-password -gwl encfs' ~/Mount/camera.phor.net/media/backupenc ~/Desktop/TMP-ENC | |
| # | |
| # http://stackoverflow.com/a/11320444/300224 | |
| Rake::TaskManager.record_task_metadata = true | |
| desc "Show all the tasks" | |
| task :default do | |
| Rake::application.options.show_tasks = :tasks # this solves sidewaysmilk problem | |
| Rake::application.options.show_task_pattern = // | |
| Rake::application.display_tasks_and_comments | |
| end | |
| desc 'Create filtered list of files to sync' | |
| task :filter => [] do | |
| excludes_file = "/tmp/rofs-filtered-config" | |
| print "Filtering from ".yellow, plaintext_dir.magenta, " to ".yellow, filtered_dir.magenta, "\n" | |
| puts 'Creating filter configuration file'.yellow | |
| # See https://github.com/gburca/rofs-filtered/blob/master/rofs-filtered-invert.rc | |
| # See https://github.com/github/gitignore/blob/master/Global/macOS.gitignore | |
| file = <<-'EOF' | |
| \.DS_Store | |
| \.AppleDouble | |
| \.LSOverride | |
| # Icon must end with two \r | |
| Icon..$ | |
| # Thumbnails | |
| \._ | |
| # Files that might appear in the root of a volume | |
| /\.DocumentRevisions-V100 | |
| /\.fseventsd | |
| /\.Spotlight-V100 | |
| /\.TemporaryItems | |
| /\.Trashes | |
| /\.VolumeIcon\.icns | |
| /\.com\.apple\.timemachine\.donotpresent | |
| # Directories potentially created on remote AFP share | |
| \.AppleDB | |
| \.AppleDesktop | |
| Network Trash Folder | |
| Temporary Items | |
| \.apdisk | |
| # More stuff by Will | |
| \.ds_store | |
| NOSYNC | |
| DONT SYNC | |
| #^/\. maybe | |
| EOF | |
| File.write(excludes_file, file) | |
| puts ('Saved to '+excludes_file).yellow | |
| `umount -f #{filtered_dir} | true` | |
| #sh 'umount', '-f', '/tmp/filtered' | |
| #sh 'diskutil', 'umount', 'force', '/tmp/filtered' if File.exists?('/tmp/filtered') | |
| sh 'rofs-filtered', filtered_dir, '-o', "source=#{plaintext_dir}", '-o', "config=#{excludes_file}" | |
| # rofs-filtered <Filtered-Path> -o source=<RW-Path> -o invert [-o config=/etc/filter1.rc] [FUSE options] | |
| puts 'Filtering complete'.green | |
| end | |
| desc "Encrypt and mount filesystem" | |
| task :encrypt => [:filter] do | |
| # next if File.exists?(ciphertext_dir) | |
| require 'shellwords' | |
| print "Encrypting from ".yellow, filtered_dir.magenta, " to ".yellow, ciphertext_dir.magenta, "\n" | |
| sh "umount #{ciphertext_dir.shellescape} || :" # ignore retval | |
| FileUtils::mkdir_p ciphertext_dir | |
| sh "encfs -i 30 --reverse #{filtered_dir.shellescape} #{ciphertext_dir.shellescape} --extpass=#{extpass.shellescape}" | |
| puts "Encrypted".green | |
| end | |
| desc "Sync encrypted files to backup server (dry run)" | |
| task :backup_dry => [:encrypt] do | |
| print "Backing up from ".yellow, ciphertext_dir.magenta, " to ".yellow, backup_location.magenta, "\n" | |
| sh 'caffeinate', rsync_command, '--dry-run', '-irlt', '--delete', '-v', '--stats', ciphertext_dir, backup_location | |
| puts "Backup complete".green | |
| end | |
| desc "Sync encrypted files to backup server (dry run)" | |
| task :backup => [:encrypt] do | |
| from = ciphertext_dir | |
| to = backup_location | |
| print "Backing up from ".yellow, ciphertext_dir.magenta, " to ".yellow, backup_location.magenta, "\n" | |
| # --no-inc-recursive makes the output progress actually say how many files remain to check | |
| sh 'caffeinate', rsync_command, '-nirlt', '--progress', '--delete', '-v', '--stats', ciphertext_dir, backup_location | |
| puts 'Push any key to continue [or Ctrl-C to back out]'.magenta | |
| print "Backing up from ".yellow, ciphertext_dir.magenta, " to ".yellow, backup_location.magenta, "\n" | |
| # --no-inc-recursive makes the output progress actually say how many files remain to check | |
| sh 'caffeinate', rsync_command, '-irlt', '--progress', '--delete', '-v', '--stats', ciphertext_dir, backup_location | |
| puts "Backup complete".green | |
| end | |
| desc "Clean up all temporary files" | |
| task :clean do | |
| puts 'Deleting all temporary and intermediate files'.yellow | |
| File.unlink(excludes_file) | |
| FileUtils.remove_dir(filtered_dir) | |
| puts 'Done'.green | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment