glaszig/gitea-backup-s3.sh

## gitea-backup-s3.sh
#!/usr/bin/env sh
#
# requires openssl >= 1.1.1 due to usage of -pbkdf2 option
#
# to decrypt the encrypted backup:
#   openssl aes-256-cbc -d -a -salt -pbkdf2 -in gitea-dump.zip.enc -out gitea-dump.zip -pass pass:your-password
#
# conifgure with a dotfile `.backuprc` in your $HOME:
#   BUCKET="foobar"
#   GITEA_CUSTOM=/usr/local/etc/gitea
#   BACKUP_PASSWORD="your-password"
#
# run via cron like this:
#   0 5 * * * /path/to/backup.sh
#

BACKUP_PATH=${BACKUP_PATH:-"/tmp/gitea-backup"}
BUCKET_KEY_PREFIX=${BUCKET_KEY_PREFIX:-"gitea-backup"}
DEFAULT_BUCKET_LIFECYCLE=$(cat << JSON
{
  "Rules": [
    {
       "ID": "Expires in 30 days",
       "Prefix": "$BUCKET_KEY_PREFIX/*",
       "Status": "Enabled",
       "Expiration": {
         "Days": 30
       }
    }
  ]
}
JSON
)
BUCKET_LIFECYCLE=${BUCKET_LIFECYCLE:-"$DEFAULT_BUCKET_LIFECYCLE"}

if [ -f "$HOME/.backuprc" ]; then
  . "$HOME/.backuprc"
fi

if [ "x$BUCKET" == "x" ]; then
  echo "WARNING: You need to specifiy the bucket name via the BUCKET env var."
  exit 1
fi

if [ "x$GITEA_CUSTOM" == "x" ]; then
  echo "WARNING: You need to specifiy Gitea's config path via the GITEA_CUSTOM env var."
  exit 1
fi

if [ "x$BACKUP_PASSWORD" == "x" ]; then
  echo "WARNING: You need to specifiy the backup password via the BACKUP_PASSWORD env var."
  exit 1
fi

echo "Starting backup process"
echo

bucket_exists=$(aws s3api head-bucket --bucket "$BUCKET" 2> /dev/null)
if [ $? != 0 ]; then
  echo "Creating bucket ${BUCKET}"
  echo "========================="
  aws s3api create-bucket --bucket ${BUCKET} --create-bucket-configuration LocationConstraint=eu-central-1 --acl private
fi
aws s3api put-bucket-lifecycle-configuration --bucket "$BUCKET" --lifecycle-configuration "$BUCKET_LIFECYCLE"

echo "Creating backup"
echo "==============="
mkdir -p "${BACKUP_PATH}"
cd "${BACKUP_PATH}"
gitea dump -c /usr/local/etc/gitea/conf/app.ini
dump_file=$(ls -t|head -1)

echo "Encrypting backup"
echo "================="
openssl aes-256-cbc -a -salt -pbkdf2 -in $dump_file -out ${dump_file}.enc -pass env:BACKUP_PASSWORD
rm $dump_file

echo "Storing backup off-site"
echo "======================="
aws s3 cp ${dump_file}.enc s3://${BUCKET}/$BUCKET_KEY_PREFIX/${dump_file}.enc


echo "Cleaning up"
echo "==========="
cd -
rm -rf "${BACKUP_PATH}"

echo "Finished backup process"
echo
	#!/usr/bin/env sh
	#
	# requires openssl >= 1.1.1 due to usage of -pbkdf2 option
	#
	# to decrypt the encrypted backup:
	# openssl aes-256-cbc -d -a -salt -pbkdf2 -in gitea-dump.zip.enc -out gitea-dump.zip -pass pass:your-password
	#
	# conifgure with a dotfile `.backuprc` in your $HOME:
	# BUCKET="foobar"
	# GITEA_CUSTOM=/usr/local/etc/gitea
	# BACKUP_PASSWORD="your-password"
	#
	# run via cron like this:
	# 0 5 * * * /path/to/backup.sh
	#

	BACKUP_PATH=${BACKUP_PATH:-"/tmp/gitea-backup"}
	BUCKET_KEY_PREFIX=${BUCKET_KEY_PREFIX:-"gitea-backup"}
	DEFAULT_BUCKET_LIFECYCLE=$(cat << JSON
	{
	"Rules": [
	{
	"ID": "Expires in 30 days",
	"Prefix": "$BUCKET_KEY_PREFIX/*",
	"Status": "Enabled",
	"Expiration": {
	"Days": 30
	}
	}
	]
	}
	JSON
	)
	BUCKET_LIFECYCLE=${BUCKET_LIFECYCLE:-"$DEFAULT_BUCKET_LIFECYCLE"}

	if [ -f "$HOME/.backuprc" ]; then
	. "$HOME/.backuprc"
	fi

	if [ "x$BUCKET" == "x" ]; then
	echo "WARNING: You need to specifiy the bucket name via the BUCKET env var."
	exit 1
	fi

	if [ "x$GITEA_CUSTOM" == "x" ]; then
	echo "WARNING: You need to specifiy Gitea's config path via the GITEA_CUSTOM env var."
	exit 1
	fi

	if [ "x$BACKUP_PASSWORD" == "x" ]; then
	echo "WARNING: You need to specifiy the backup password via the BACKUP_PASSWORD env var."
	exit 1
	fi

	echo "Starting backup process"
	echo

	bucket_exists=$(aws s3api head-bucket --bucket "$BUCKET" 2> /dev/null)
	if [ $? != 0 ]; then
	echo "Creating bucket ${BUCKET}"
	echo "========================="
	aws s3api create-bucket --bucket ${BUCKET} --create-bucket-configuration LocationConstraint=eu-central-1 --acl private
	fi
	aws s3api put-bucket-lifecycle-configuration --bucket "$BUCKET" --lifecycle-configuration "$BUCKET_LIFECYCLE"

	echo "Creating backup"
	echo "==============="
	mkdir -p "${BACKUP_PATH}"
	cd "${BACKUP_PATH}"
	gitea dump -c /usr/local/etc/gitea/conf/app.ini
	dump_file=$(ls -t\|head -1)

	echo "Encrypting backup"
	echo "================="
	openssl aes-256-cbc -a -salt -pbkdf2 -in $dump_file -out ${dump_file}.enc -pass env:BACKUP_PASSWORD
	rm $dump_file

	echo "Storing backup off-site"
	echo "======================="
	aws s3 cp ${dump_file}.enc s3://${BUCKET}/$BUCKET_KEY_PREFIX/${dump_file}.enc


	echo "Cleaning up"
	echo "==========="
	cd -
	rm -rf "${BACKUP_PATH}"

	echo "Finished backup process"
	echo