## | |
## backup-to-insecure-remote-server v1.0 | |
## William Entriken / github.com@phor.net | |
## | |
## YOU NEED TO KEEP A BACKUP OF .encfs6.xml AND YOUR PASSKEY!!! | |
## | |
## TODO | |
## * Create a restore action | |
## * Make a quick task to confirm that restoring works | |
## | |
## PREREQUESITES | |
## 1. `brew install rofs-filtered` | |
## 2. `brew install rsync` # must be version 3 or greater | |
## 3. `brew install encfs` | |
## | |
## NOTES | |
## http://bubba.org/wiki/Encrypted_Remote_Backups_with_Sparse_Bundles recommends rsync -E | |
require 'colorize' | |
plaintext_dir = "/Volumes/FDDISK/" | |
filtered_dir = "/tmp/fd-disk-filtered" | |
ciphertext_dir = "/tmp/fd-disk-encrypted/" | |
extpass = "security find-generic-password -gwl encfs" # http://blog.macromates.com/2006/keychain-access-from-shell/ | |
backup_location = "root@camera.phor.net:/media/backupenc/" | |
rsync_command = "rsync" # must be version 3 or greater | |
# | |
# RESTORE | |
# sshfs root@camera.phor.net:/ ~/Mount/camera.phor.net | |
# ENCFS6_CONFIG=~/fddisk_encfs6.xml encfs --extpass='security find-generic-password -gwl encfs' ~/Mount/camera.phor.net/media/backupenc ~/Desktop/TMP-ENC | |
# | |
# http://stackoverflow.com/a/11320444/300224 | |
Rake::TaskManager.record_task_metadata = true | |
desc "Show all the tasks" | |
task :default do | |
Rake::application.options.show_tasks = :tasks # this solves sidewaysmilk problem | |
Rake::application.options.show_task_pattern = // | |
Rake::application.display_tasks_and_comments | |
end | |
desc 'Create filtered list of files to sync' | |
task :filter => [] do | |
excludes_file = "/tmp/rofs-filtered-config" | |
print "Filtering from ".yellow, plaintext_dir.magenta, " to ".yellow, filtered_dir.magenta, "\n" | |
puts 'Creating filter configuration file'.yellow | |
# See https://github.com/gburca/rofs-filtered/blob/master/rofs-filtered-invert.rc | |
# See https://github.com/github/gitignore/blob/master/Global/macOS.gitignore | |
file = <<-'EOF' | |
\.DS_Store | |
\.AppleDouble | |
\.LSOverride | |
# Icon must end with two \r | |
Icon..$ | |
# Thumbnails | |
\._ | |
# Files that might appear in the root of a volume | |
/\.DocumentRevisions-V100 | |
/\.fseventsd | |
/\.Spotlight-V100 | |
/\.TemporaryItems | |
/\.Trashes | |
/\.VolumeIcon\.icns | |
/\.com\.apple\.timemachine\.donotpresent | |
# Directories potentially created on remote AFP share | |
\.AppleDB | |
\.AppleDesktop | |
Network Trash Folder | |
Temporary Items | |
\.apdisk | |
# More stuff by Will | |
\.ds_store | |
NOSYNC | |
DONT SYNC | |
#^/\. maybe | |
EOF | |
File.write(excludes_file, file) | |
puts ('Saved to '+excludes_file).yellow | |
`umount -f #{filtered_dir} | true` | |
#sh 'umount', '-f', '/tmp/filtered' | |
#sh 'diskutil', 'umount', 'force', '/tmp/filtered' if File.exists?('/tmp/filtered') | |
sh 'rofs-filtered', filtered_dir, '-o', "source=#{plaintext_dir}", '-o', "config=#{excludes_file}" | |
# rofs-filtered <Filtered-Path> -o source=<RW-Path> -o invert [-o config=/etc/filter1.rc] [FUSE options] | |
puts 'Filtering complete'.green | |
end | |
desc "Encrypt and mount filesystem" | |
task :encrypt => [:filter] do | |
# next if File.exists?(ciphertext_dir) | |
require 'shellwords' | |
print "Encrypting from ".yellow, filtered_dir.magenta, " to ".yellow, ciphertext_dir.magenta, "\n" | |
sh "umount #{ciphertext_dir.shellescape} || :" # ignore retval | |
FileUtils::mkdir_p ciphertext_dir | |
sh "encfs -i 30 --reverse #{filtered_dir.shellescape} #{ciphertext_dir.shellescape} --extpass=#{extpass.shellescape}" | |
puts "Encrypted".green | |
end | |
desc "Sync encrypted files to backup server (dry run)" | |
task :backup_dry => [:encrypt] do | |
print "Backing up from ".yellow, ciphertext_dir.magenta, " to ".yellow, backup_location.magenta, "\n" | |
sh 'caffeinate', rsync_command, '--dry-run', '-irlt', '--delete', '-v', '--stats', ciphertext_dir, backup_location | |
puts "Backup complete".green | |
end | |
desc "Sync encrypted files to backup server (dry run)" | |
task :backup => [:encrypt] do | |
from = ciphertext_dir | |
to = backup_location | |
print "Backing up from ".yellow, ciphertext_dir.magenta, " to ".yellow, backup_location.magenta, "\n" | |
# --no-inc-recursive makes the output progress actually say how many files remain to check | |
sh 'caffeinate', rsync_command, '-nirlt', '--progress', '--delete', '-v', '--stats', ciphertext_dir, backup_location | |
puts 'Push any key to continue [or Ctrl-C to back out]'.magenta | |
print "Backing up from ".yellow, ciphertext_dir.magenta, " to ".yellow, backup_location.magenta, "\n" | |
# --no-inc-recursive makes the output progress actually say how many files remain to check | |
sh 'caffeinate', rsync_command, '-irlt', '--progress', '--delete', '-v', '--stats', ciphertext_dir, backup_location | |
puts "Backup complete".green | |
end | |
desc "Clean up all temporary files" | |
task :clean do | |
puts 'Deleting all temporary and intermediate files'.yellow | |
File.unlink(excludes_file) | |
FileUtils.remove_dir(filtered_dir) | |
puts 'Done'.green | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment