41 lines
1.6 KiB
Bash
Executable file
41 lines
1.6 KiB
Bash
Executable file
#!/bin/bash
|
|
|
|
set -e
|
|
|
|
# Packages
|
|
sudo apt update
|
|
sudo apt install -y borgbackup
|
|
|
|
# Backup script - not symlinked to avoid potential privilege escalation
|
|
sudo cp borg/backup.sh /usr/local/sbin/backup.sh
|
|
sudo chown root:root /usr/local/sbin/backup.sh
|
|
sudo chmod 744 /usr/local/sbin/backup.sh
|
|
|
|
# Passphrase
|
|
if [ ! -f /usr/local/etc/borg/passphrase.key ]; then
|
|
sudo mkdir --parents --mode=755 /usr/local/etc/borg/
|
|
echo '@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@'
|
|
echo '@@ PLEASE BACKUP BORG PASSPHRASE: @@'
|
|
pwgen 32 1 | sudo tee /usr/local/etc/borg/passphrase.key
|
|
echo '@@ (/usr/local/etc/borg/passphrase.key) @@'
|
|
echo '@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@'
|
|
read -p 'Press any key to continue..'
|
|
sudo chmod 600 /usr/local/etc/borg/passphrase.key
|
|
fi
|
|
|
|
|
|
# Systemd service and timer - not symlinked to avoid potential privilege escalation
|
|
sudo cp borg/borg-daily.service /etc/systemd/system/
|
|
sudo cp borg/borg-daily.timer /etc/systemd/system/
|
|
sudo chown root:root /etc/systemd/system/borg-daily.service /etc/systemd/system/borg-daily.timer
|
|
sudo systemctl enable borg-daily.timer
|
|
sudo systemctl start borg-daily.timer
|
|
|
|
|
|
# SSH
|
|
ssh-keyscan -t ed25519 -p 22222 borg.caspervk.net | sudo tee /root/.ssh/known_hosts # add backup server to known_hosts
|
|
sudo ssh-keygen -t ed25519 || true # generate key for the root user, it's fine if it already exists
|
|
echo "Please add /root/.ssh/id_ed25519.pub to the servers authorized_keys"
|
|
read -p 'Press any key when done to test the connection.. (should return "PTY allocation request failed on channel 0")'
|
|
sudo ssh borg@borg.caspervk.net -p 22222
|