Created
January 11, 2021 23:14
-
-
Save hyrsky/abbe22d7cf63a01c5c4234be76e7da95 to your computer and use it in GitHub Desktop.
Create encrypted TimeMachine backup on SMB share.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env -i /bin/bash | |
| # Based on: https://github.com/teaminternet/ops-encrypted-timemachine/blob/master/setup-encrypted-timemachine.sh | |
| PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:$PATH | |
| HOSTNAME=`hostname -s` | |
| IMAGENAME="$HOSTNAME.sparsebundle" | |
| UUID=`/usr/sbin/system_profiler SPHardwareDataType | awk '/UUID/ { print $3; }'` | |
| UUIDLOW=`echo $UUID|awk '{print tolower($0)}'` | |
| echo "Hostname: $HOSTNAME" | |
| echo "Device UUID: $UUID" | |
| echo "User: $SUDO_USER" | |
| read -p 'SMB host: ' host | |
| read -p 'SMB share: ' share | |
| read -p 'Username: ' username | |
| read -sp 'Password: ' password | |
| echo "" | |
| echo "Mount Backupdestination" | |
| mkdir /Volumes/Timemachine | |
| /sbin/mount -t smbfs "smb://$username:$password@$host/$share" "/Volumes/Timemachine" | |
| # Check if mount worked | |
| CHECK_MOUNT=`/sbin/mount | grep "$share" | awk '{print $3}'` | |
| if [ -z $CHECK_MOUNT ] | |
| then | |
| echo "Mount failed" | |
| exit 1 | |
| fi | |
| read -p 'Encryption password: ' encpassword | |
| cd /tmp | |
| # create new Sparsebundle | |
| echo -n "$encpassword" | hdiutil create -size 500g -type SPARSEBUNDLE -encryption AES-256 -stdinpass -nospotlight -volname $HOSTNAME -fs "apfs" $HOSTNAME | |
| # Write configuration with device uuid for timemachine | |
| cat << EOF >$IMAGENAME/com.apple.TimeMachine.MachineID.plist | |
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" | |
| "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>com.apple.backupd.HostUUID</key> | |
| <string>$UUID</string> | |
| </dict> | |
| </plist> | |
| EOF | |
| chown -R $USER:staff $IMAGENAME | |
| # move new Sparsebundle to nas / timecapsule | |
| echo "move Sparsebundle to timecapsule" | |
| mv $IMAGENAME /Volumes/Timemachine | |
| # Get disk UUID from sparsebundle | |
| DISKUUID=`hdiutil isencrypted -plist /Volumes/Timemachine/${IMAGENAME} 2>&1 | grep 'uuid' -1|grep string|awk 'BEGIN {FS=">"} {print $2}'|awk 'BEGIN {FS="<"} {print $1}'` | |
| echo "Disk UUID: $DISKUUID" | |
| echo "Umount Timecapsule" | |
| /sbin/umount /Volumes/Timemachine | |
| sleep 3 | |
| # Add destination for timemachine | |
| echo "Set Destination for Timemachine" | |
| tmutil setdestination "smb://$username:$password@$host/$share" | |
| NEWBACKUPID=`tmutil destinationinfo | grep ID | awk '{print $3}'` | |
| echo "Backup UUID: $NEWBACKUPID" | |
| # Add Passwords for sparsebundle to keychain | |
| /usr/bin/sudo -i -u $SUDO_USER /usr/bin/security add-generic-password -U -a "localdevice$UUID-AuthToken" -s "com.apple.ids" -l "com.apple.ids: localdevice$UUIDLOW-AuthToken" -A -w "$encpassword" | |
| /usr/bin/security add-generic-password -a "$DISKUUID" -s "$UUID.sparsebundle" -D "disk image password" -A -w "$encpassword" /Library/Keychains/System.keychain | |
| /usr/bin/security add-generic-password -a "$DISKUUID" -s "$UUID.sparsebundle" -D "Image-Passwort" -A -w "$encpassword" /Library/Keychains/System.keychain | |
| /usr/bin/security add-generic-password -U -a "$DISKUUID" -s "$IMAGENAME" -A -w "$encpassword" /Library/Keychains/System.keychain | |
| /usr/bin/security add-generic-password -a $NEWBACKUPID -s "Time Machine" -A -w $encpassword /Library/Keychains/System.keychain | |
| echo "Enable backup manually" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment