fulldecent/backup-to-insecure-remote-server

## backup-to-insecure-remote-server
##
## backup-to-insecure-remote-server v1.0
## William Entriken / github.com@phor.net
##
## YOU NEED TO KEEP A BACKUP OF .encfs6.xml AND YOUR PASSKEY!!!
##
## TODO
##  * Create a restore action
##  * Make a quick task to confirm that restoring works
##
## PREREQUESITES
## 1. `brew install rofs-filtered`
## 2. `brew install rsync` # must be version 3 or greater
## 3. `brew install encfs`
##
## NOTES
## http://bubba.org/wiki/Encrypted_Remote_Backups_with_Sparse_Bundles recommends rsync -E

require 'colorize'

plaintext_dir = "/Volumes/FDDISK/"
filtered_dir = "/tmp/fd-disk-filtered"
ciphertext_dir = "/tmp/fd-disk-encrypted/"
extpass = "security find-generic-password -gwl encfs" # http://blog.macromates.com/2006/keychain-access-from-shell/
backup_location = "root@camera.phor.net:/media/backupenc/"
rsync_command = "rsync" # must be version 3 or greater

#
# RESTORE
# sshfs root@camera.phor.net:/ ~/Mount/camera.phor.net
# ENCFS6_CONFIG=~/fddisk_encfs6.xml encfs --extpass='security find-generic-password -gwl encfs' ~/Mount/camera.phor.net/media/backupenc ~/Desktop/TMP-ENC
#

# http://stackoverflow.com/a/11320444/300224
Rake::TaskManager.record_task_metadata = true
desc "Show all the tasks"
task :default do
  Rake::application.options.show_tasks = :tasks  # this solves sidewaysmilk problem
  Rake::application.options.show_task_pattern = //
  Rake::application.display_tasks_and_comments
end

desc 'Create filtered list of files to sync'
task :filter => [] do
  excludes_file = "/tmp/rofs-filtered-config"
  print "Filtering from ".yellow, plaintext_dir.magenta, " to ".yellow, filtered_dir.magenta, "\n"

  puts 'Creating filter configuration file'.yellow
  # See https://github.com/gburca/rofs-filtered/blob/master/rofs-filtered-invert.rc
  # See https://github.com/github/gitignore/blob/master/Global/macOS.gitignore
  file = <<-'EOF'
\.DS_Store
\.AppleDouble
\.LSOverride
# Icon must end with two \r
Icon..$
# Thumbnails
\._
# Files that might appear in the root of a volume
/\.DocumentRevisions-V100
/\.fseventsd
/\.Spotlight-V100
/\.TemporaryItems
/\.Trashes
/\.VolumeIcon\.icns
/\.com\.apple\.timemachine\.donotpresent
# Directories potentially created on remote AFP share
\.AppleDB
\.AppleDesktop
Network Trash Folder
Temporary Items
\.apdisk
# More stuff by Will
\.ds_store
NOSYNC
DONT SYNC
#^/\. maybe
  EOF
  File.write(excludes_file, file)
  puts ('Saved to '+excludes_file).yellow
  `umount -f #{filtered_dir} | true`
  #sh 'umount', '-f', '/tmp/filtered'
  #sh 'diskutil', 'umount', 'force', '/tmp/filtered' if File.exists?('/tmp/filtered')
  sh 'rofs-filtered', filtered_dir, '-o', "source=#{plaintext_dir}", '-o', "config=#{excludes_file}"
#  rofs-filtered <Filtered-Path> -o source=<RW-Path> -o invert [-o config=/etc/filter1.rc] [FUSE options]
  puts 'Filtering complete'.green
end

desc "Encrypt and mount filesystem"
task :encrypt => [:filter] do
#  next if File.exists?(ciphertext_dir)
  require 'shellwords'
  print "Encrypting from ".yellow, filtered_dir.magenta, " to ".yellow, ciphertext_dir.magenta, "\n"
  sh "umount #{ciphertext_dir.shellescape} || :" # ignore retval
  FileUtils::mkdir_p ciphertext_dir
  sh "encfs -i 30 --reverse #{filtered_dir.shellescape} #{ciphertext_dir.shellescape} --extpass=#{extpass.shellescape}"
  puts "Encrypted".green
end

desc "Sync encrypted files to backup server (dry run)"
task :backup_dry => [:encrypt] do
  print "Backing up from ".yellow, ciphertext_dir.magenta, " to ".yellow, backup_location.magenta, "\n"
  sh 'caffeinate', rsync_command, '--dry-run', '-irlt', '--delete', '-v', '--stats', ciphertext_dir, backup_location
  puts "Backup complete".green
end

desc "Sync encrypted files to backup server (dry run)"
task :backup => [:encrypt] do
  from = ciphertext_dir
  to = backup_location
  print "Backing up from ".yellow, ciphertext_dir.magenta, " to ".yellow, backup_location.magenta, "\n"
  # --no-inc-recursive makes the output progress actually say how many files remain to check
  sh 'caffeinate', rsync_command, '-nirlt', '--progress', '--delete', '-v', '--stats', ciphertext_dir, backup_location

  puts 'Push any key to continue [or Ctrl-C to back out]'.magenta
  print "Backing up from ".yellow, ciphertext_dir.magenta, " to ".yellow, backup_location.magenta, "\n"
  # --no-inc-recursive makes the output progress actually say how many files remain to check
  sh 'caffeinate', rsync_command, '-irlt', '--progress', '--delete', '-v', '--stats', ciphertext_dir, backup_location
  puts "Backup complete".green
end

desc "Clean up all temporary files"
task :clean do
  puts 'Deleting all temporary and intermediate files'.yellow
  File.unlink(excludes_file)
  FileUtils.remove_dir(filtered_dir)
  puts 'Done'.green
end
	##
	## backup-to-insecure-remote-server v1.0
	## William Entriken / github.com@phor.net
	##
	## YOU NEED TO KEEP A BACKUP OF .encfs6.xml AND YOUR PASSKEY!!!
	##
	## TODO
	## * Create a restore action
	## * Make a quick task to confirm that restoring works
	##
	## PREREQUESITES
	## 1. `brew install rofs-filtered`
	## 2. `brew install rsync` # must be version 3 or greater
	## 3. `brew install encfs`
	##
	## NOTES
	## http://bubba.org/wiki/Encrypted_Remote_Backups_with_Sparse_Bundles recommends rsync -E

	require 'colorize'

	plaintext_dir = "/Volumes/FDDISK/"
	filtered_dir = "/tmp/fd-disk-filtered"
	ciphertext_dir = "/tmp/fd-disk-encrypted/"
	extpass = "security find-generic-password -gwl encfs" # http://blog.macromates.com/2006/keychain-access-from-shell/
	backup_location = "root@camera.phor.net:/media/backupenc/"
	rsync_command = "rsync" # must be version 3 or greater

	#
	# RESTORE
	# sshfs root@camera.phor.net:/ ~/Mount/camera.phor.net
	# ENCFS6_CONFIG=~/fddisk_encfs6.xml encfs --extpass='security find-generic-password -gwl encfs' ~/Mount/camera.phor.net/media/backupenc ~/Desktop/TMP-ENC
	#

	# http://stackoverflow.com/a/11320444/300224
	Rake::TaskManager.record_task_metadata = true
	desc "Show all the tasks"
	task :default do
	Rake::application.options.show_tasks = :tasks # this solves sidewaysmilk problem
	Rake::application.options.show_task_pattern = //
	Rake::application.display_tasks_and_comments
	end

	desc 'Create filtered list of files to sync'
	task :filter => [] do
	excludes_file = "/tmp/rofs-filtered-config"
	print "Filtering from ".yellow, plaintext_dir.magenta, " to ".yellow, filtered_dir.magenta, "\n"

	puts 'Creating filter configuration file'.yellow
	# See https://github.com/gburca/rofs-filtered/blob/master/rofs-filtered-invert.rc
	# See https://github.com/github/gitignore/blob/master/Global/macOS.gitignore
	file = <<-'EOF'
	\.DS_Store
	\.AppleDouble
	\.LSOverride
	# Icon must end with two \r
	Icon..$
	# Thumbnails
	\._
	# Files that might appear in the root of a volume
	/\.DocumentRevisions-V100
	/\.fseventsd
	/\.Spotlight-V100
	/\.TemporaryItems
	/\.Trashes
	/\.VolumeIcon\.icns
	/\.com\.apple\.timemachine\.donotpresent
	# Directories potentially created on remote AFP share
	\.AppleDB
	\.AppleDesktop
	Network Trash Folder
	Temporary Items
	\.apdisk
	# More stuff by Will
	\.ds_store
	NOSYNC
	DONT SYNC
	#^/\. maybe
	EOF
	File.write(excludes_file, file)
	puts ('Saved to '+excludes_file).yellow
	`umount -f #{filtered_dir} \| true`
	#sh 'umount', '-f', '/tmp/filtered'
	#sh 'diskutil', 'umount', 'force', '/tmp/filtered' if File.exists?('/tmp/filtered')
	sh 'rofs-filtered', filtered_dir, '-o', "source=#{plaintext_dir}", '-o', "config=#{excludes_file}"
	# rofs-filtered <Filtered-Path> -o source=<RW-Path> -o invert [-o config=/etc/filter1.rc] [FUSE options]
	puts 'Filtering complete'.green
	end

	desc "Encrypt and mount filesystem"
	task :encrypt => [:filter] do
	# next if File.exists?(ciphertext_dir)
	require 'shellwords'
	print "Encrypting from ".yellow, filtered_dir.magenta, " to ".yellow, ciphertext_dir.magenta, "\n"
	sh "umount #{ciphertext_dir.shellescape} \|\| :" # ignore retval
	FileUtils::mkdir_p ciphertext_dir
	sh "encfs -i 30 --reverse #{filtered_dir.shellescape} #{ciphertext_dir.shellescape} --extpass=#{extpass.shellescape}"
	puts "Encrypted".green
	end

	desc "Sync encrypted files to backup server (dry run)"
	task :backup_dry => [:encrypt] do
	print "Backing up from ".yellow, ciphertext_dir.magenta, " to ".yellow, backup_location.magenta, "\n"
	sh 'caffeinate', rsync_command, '--dry-run', '-irlt', '--delete', '-v', '--stats', ciphertext_dir, backup_location
	puts "Backup complete".green
	end

	desc "Sync encrypted files to backup server (dry run)"
	task :backup => [:encrypt] do
	from = ciphertext_dir
	to = backup_location
	print "Backing up from ".yellow, ciphertext_dir.magenta, " to ".yellow, backup_location.magenta, "\n"
	# --no-inc-recursive makes the output progress actually say how many files remain to check
	sh 'caffeinate', rsync_command, '-nirlt', '--progress', '--delete', '-v', '--stats', ciphertext_dir, backup_location

	puts 'Push any key to continue [or Ctrl-C to back out]'.magenta
	print "Backing up from ".yellow, ciphertext_dir.magenta, " to ".yellow, backup_location.magenta, "\n"
	# --no-inc-recursive makes the output progress actually say how many files remain to check
	sh 'caffeinate', rsync_command, '-irlt', '--progress', '--delete', '-v', '--stats', ciphertext_dir, backup_location
	puts "Backup complete".green
	end

	desc "Clean up all temporary files"
	task :clean do
	puts 'Deleting all temporary and intermediate files'.yellow
	File.unlink(excludes_file)
	FileUtils.remove_dir(filtered_dir)
	puts 'Done'.green
	end