Skip to content

Instantly share code, notes, and snippets.

@killerbees19

killerbees19/OpenWrt-Backup.md

Last active October 22, 2023 12:33
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save killerbees19/232a6bd4a56709e0fab258c5cbb04134 to your computer and use it in GitHub Desktop.
Save killerbees19/232a6bd4a56709e0fab258c5cbb04134 to your computer and use it in GitHub Desktop.
Download ZIP
OpenWrt Backup Automation
Raw
OpenWrt-Backup.md

Script to backup various other OpenWrt systems to a FTP storage.

It's not intended to run it at OpenWrt! Rather it's designed for a dedicated user account in a VM.

But feel free to adopt it to your needs…

Installation (Controller)

# Create SSH keyfile
ssh-keygen -t ed25519 -C "$USER@$HOSTNAME"

# Backup script (content see below)
# DON'T FORGET TO REPLACE FTP PATH!
touch ~/openwrt-backup.sh
chmod +x ~/openwrt-backup.sh
editor ~/openwrt-backup.sh

Optional: ~/.netrc

touch ~/.netrc
chmod 0600 ~/.netrc
editor ~/.netrc
machine backup-destination.example.net
login yourstupidremoteusername
password yoursecretpassword

Optional: ~/.ssh/config

mkdir ~/.ssh
chmod 0700 ~/.ssh
editor ~/.ssh/config
Host *
	User root

Host example-1
	Hostname example-1-real-fqdn.local

Host example-2
	Hostname example-2-real-fqdn.local

Host example-3
	Hostname example-3-real-fqdn.local

Installation (OpenWrt)

touch /etc/dropbear/authorized_keys
chmod 0600 /etc/dropbear/authorized_keys
vi /etc/dropbear/authorized_keys
# Don't forget to place your SSH public key at the end! (~/.ssh/id_ed25519.pub from the controller)
no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty,command="sysupgrade -k -b -" ssh-ed25519 […]

Test…

SSH connection(s)

ssh example-1 >/dev/null
ssh example-2 >/dev/null
ssh example-3 >/dev/null

Backup script

~/openwrt-backup.sh example-1
~/openwrt-backup.sh example-2
~/openwrt-backup.sh example-3

Don't forget to inspect *.tar.gz contents at the FTP storage 🧐

Final steps

Cronjob(s)

crontab -e
@weekly for host in example-1 example-2 example-3; do ~/openwrt-backup.sh "$host"; done

Purging old backup files

Not implemented yet.

Raw
openwrt-backup.sh
#!/bin/bash
# cs@fnx.li (2022-01-10)
set -euf -o pipefail
cd "/tmp"
host=$(basename "${1?Invalid host!}")
destination="backup-destination.example.net"
curlargs=(--netrc --ssl-reqd --ftp-create-dirs)
upload="ftp://$destination/openwrt-backup/$(date --utc +'%Y')/"
tmpfile="backup_${host}.$(date --utc +'%Y%m%d-%H%M%S').tar.gz"
tcpport=
wol=()
## Optional: Wake On LAN with FTP check
#wol=(etherwake -i eth0 "aa:bb:cc:dd:ee:ff")
#tcpport=21
## Optional: Alternative pseudo-WOL via HTTP command with FTP check
#wol=(curl --silent --show-error --output /dev/null "https://example.org/cgi-bin/luci/command/cfg012354/args")
#tcpport=21
if [[ -n "${wol[*]}" && -n "$tcpport" ]]
then
for i in {1..30}
do
nc -z "$destination" "$tcpport" && break
"${wol[@]}"
sleep 10
done
if [[ "$i" -eq 30 ]]
then
echo "ERROR: Could not wake up target device!" >&2
exit 1
fi
fi
function cleanup
{
[[ -n "$tmpfile" ]] && rm -f "$tmpfile" "$tmpfile.sha512"
}
trap cleanup EXIT
touch "$tmpfile"
chmod 0600 "$tmpfile"
ssh -o "BatchMode yes" -qT "$host" -- \
"sysupgrade -k -b -" > "$tmpfile" \
&& sha512sum "$tmpfile" > "$tmpfile.sha512" \
&& curl "${curlargs[@]}" --silent --show-error \
--upload-file "{$tmpfile,$tmpfile.sha512}" \
"$upload" \
&& exit 0
echo "ERROR: Backup of host $host failed!" >&2
exit 1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment