rhass/pfsense-backup.sh

## pfsense-backup.sh
#!/usr/bin/env sh

USB_DRIVE='/dev/da0s1'
MOUNT_PATH='/mnt'
DATE="$(date '+%Y.%m.%d-%H.%M.%S')"

is_mounted() {
  mount | grep -q "$USB_DRIVE"
}

mount_usb() {
  is_mounted

  if [ $? -ne 0 ]; then
    mount -t msdosfs -o longnames "$USB_DRIVE" "$MOUNT_PATH"
  fi
}

unmount_usb() {
  sync
  is_mounted

  if [ $? -eq 0 ]; then
    umount "$MOUNT_PATH"
  fi
}

#
# The following packages were sadly installed by hand to install GnuPG on pfsense.
# OpenSSL file encryption is a pita to write correctly since Public Key encryption
# can only be used to encrypt data less than the key size, and requires a mix of
# symmetric key encryption for the files to be secure.
#
# The files must be installed in this order:
#
# pkg add http://pkg.freebsd.org/FreeBSD:10:amd64/latest/All/libunistring-0.9.7.txz
# pkg add http://pkg.freebsd.org/FreeBSD:10:amd64/latest/All/libidn2-2.0.2.txz
# pkg add http://pkg.freebsd.org/FreeBSD:10:amd64/latest/All/libtasn1-4.10.txz
# pkg add http://pkg.freebsd.org/FreeBSD:10:amd64/latest/All/p11-kit-0.23.5.txz
# pkg add http://pkg.freebsd.org/FreeBSD:10:amd64/latest/All/tpm-emulator-0.7.4_1.txz
# pkg add http://pkg.freebsd.org/FreeBSD:10:amd64/latest/All/trousers-0.3.14_1.txz
# pkg add http://pkg.freebsd.org/FreeBSD:10:amd64/latest/All/gnutls-3.5.11.txz
# pkg add http://pkg.freebsd.org/FreeBSD:10:amd64/latest/All/libgpg-error-1.27.txz
# pkg add http://pkg.freebsd.org/FreeBSD:10:amd64/latest/All/libassuan-2.4.3.txz
# pkg add http://pkg.freebsd.org/FreeBSD:10:amd64/latest/All/libgcrypt-1.7.6.txz
# pkg add http://pkg.freebsd.org/FreeBSD:10:amd64/latest/All/libksba-1.3.5.txz
# pkg add http://pkg.freebsd.org/FreeBSD:10:amd64/latest/All/npth-1.3.txz
# pkg add http://pkg.freebsd.org/FreeBSD:10:amd64/latest/All/pinentry-tty-1.0.0.txz
# pkg add http://pkg.freebsd.org/FreeBSD:10:amd64/latest/All/pinentry-1.0.0_1.txz
# pkg add http://pkg.freebsd.org/FreeBSD:10:amd64/latest/All/gnupg-2.1.20.txz

import_pubkey() {
  curl -s https://keybase.io/rhass/pgp_keys.asc | gpg --import
}

encrypt() {
  gpg --encrypt --default-recipient ryan@invalidchecksum.net --output "$MOUNT_PATH/pfsense_backup-$DATE.tar.xz.gpg"
}

create_tar() {
  tar -f /dev/stdout -cPvJ /cf
}

purge_old_backups() {
  find $MOUNT_PATH -type f -mtime +182 | xargs rm -f
}

create_shasum() {
  file="$MOUNT_PATH/pfsense_backup-$DATE.tar.xz.gpg"
  openssl dgst -sha256 -out "$file.sha256" "$file"
}

main() {
  import_pubkey
  mount_usb
  purge_old_backups
  is_mounted && create_tar | encrypt
  create_shasum
  unmount_usb
}

main
	#!/usr/bin/env sh

	USB_DRIVE='/dev/da0s1'
	MOUNT_PATH='/mnt'
	DATE="$(date '+%Y.%m.%d-%H.%M.%S')"

	is_mounted() {
	mount \| grep -q "$USB_DRIVE"
	}

	mount_usb() {
	is_mounted

	if [ $? -ne 0 ]; then
	mount -t msdosfs -o longnames "$USB_DRIVE" "$MOUNT_PATH"
	fi
	}

	unmount_usb() {
	sync
	is_mounted

	if [ $? -eq 0 ]; then
	umount "$MOUNT_PATH"
	fi
	}

	#
	# The following packages were sadly installed by hand to install GnuPG on pfsense.
	# OpenSSL file encryption is a pita to write correctly since Public Key encryption
	# can only be used to encrypt data less than the key size, and requires a mix of
	# symmetric key encryption for the files to be secure.
	#
	# The files must be installed in this order:
	#
	# pkg add http://pkg.freebsd.org/FreeBSD:10:amd64/latest/All/libunistring-0.9.7.txz
	# pkg add http://pkg.freebsd.org/FreeBSD:10:amd64/latest/All/libidn2-2.0.2.txz
	# pkg add http://pkg.freebsd.org/FreeBSD:10:amd64/latest/All/libtasn1-4.10.txz
	# pkg add http://pkg.freebsd.org/FreeBSD:10:amd64/latest/All/p11-kit-0.23.5.txz
	# pkg add http://pkg.freebsd.org/FreeBSD:10:amd64/latest/All/tpm-emulator-0.7.4_1.txz
	# pkg add http://pkg.freebsd.org/FreeBSD:10:amd64/latest/All/trousers-0.3.14_1.txz
	# pkg add http://pkg.freebsd.org/FreeBSD:10:amd64/latest/All/gnutls-3.5.11.txz
	# pkg add http://pkg.freebsd.org/FreeBSD:10:amd64/latest/All/libgpg-error-1.27.txz
	# pkg add http://pkg.freebsd.org/FreeBSD:10:amd64/latest/All/libassuan-2.4.3.txz
	# pkg add http://pkg.freebsd.org/FreeBSD:10:amd64/latest/All/libgcrypt-1.7.6.txz
	# pkg add http://pkg.freebsd.org/FreeBSD:10:amd64/latest/All/libksba-1.3.5.txz
	# pkg add http://pkg.freebsd.org/FreeBSD:10:amd64/latest/All/npth-1.3.txz
	# pkg add http://pkg.freebsd.org/FreeBSD:10:amd64/latest/All/pinentry-tty-1.0.0.txz
	# pkg add http://pkg.freebsd.org/FreeBSD:10:amd64/latest/All/pinentry-1.0.0_1.txz
	# pkg add http://pkg.freebsd.org/FreeBSD:10:amd64/latest/All/gnupg-2.1.20.txz

	import_pubkey() {
	curl -s https://keybase.io/rhass/pgp_keys.asc \| gpg --import
	}

	encrypt() {
	gpg --encrypt --default-recipient ryan@invalidchecksum.net --output "$MOUNT_PATH/pfsense_backup-$DATE.tar.xz.gpg"
	}

	create_tar() {
	tar -f /dev/stdout -cPvJ /cf
	}

	purge_old_backups() {
	find $MOUNT_PATH -type f -mtime +182 \| xargs rm -f
	}

	create_shasum() {
	file="$MOUNT_PATH/pfsense_backup-$DATE.tar.xz.gpg"
	openssl dgst -sha256 -out "$file.sha256" "$file"
	}

	main() {
	import_pubkey
	mount_usb
	purge_old_backups
	is_mounted && create_tar \| encrypt
	create_shasum
	unmount_usb
	}

	main