1 # -*- mode: sh; sh-basic-offset: 3; indent-tabs-mode: nil; -*-
3 HELPERS="$HELPERS dup:incremental_encrypted_remote_filesystem_backup"
7 do_dup_host_includes() {
9 # choose the files to backup
11 while [ -z "$REPLY" ]; do
12 formBegin "$dup_title - host system: includes"
13 [ -z "$dup_includes" ] && dup_includes="$dup_default_includes"
14 for i in $dup_includes; do
21 [ $? = 0 ] || return 1
28 # choose the vservers to backup (into $selected_vservers)
29 choose_one_or_more_vservers "$dup_title"
30 [ $? = 0 ] || return 1
33 # choose the files to backup
35 while [ -z "$REPLY" ]; do
36 formBegin "$dup_title - vservers: includes"
37 [ -z "$dup_vsincludes" ] && dup_vsincludes="$dup_default_includes"
38 for i in $dup_vsincludes; do
45 [ $? = 0 ] || return 1
46 dup_vsincludes="$REPLY"
53 formBegin "$dup_title: excludes"
54 [ -z "$dup_excludes" ] && dup_excludes="$dup_default_excludes"
55 for i in $dup_excludes; do
62 [ $? = 0 ] || return 1
68 choose_host_or_vservers_or_both "$dup_title"
69 [ $? = 0 ] || return 1
70 case $host_or_vservers in
73 [ $? = 0 ] || return 1
77 [ $? = 0 ] || return 1
81 [ $? = 0 ] || return 1
83 [ $? = 0 ] || return 1
90 [ $? = 0 ] || return 1
103 while [ -z "$REPLY" -o -z "$dup_destdir" -o -z "$dup_desthost" -o -z "$dup_destuser" ]; do
104 formBegin "$dup_title - destination: first three items are compulsory"
105 formItem "desthost" "$dup_desthost"
106 formItem "destuser" "$dup_destuser"
107 formItem "destdir" "$dup_destdir"
108 formItem "keep" "$dup_keep"
109 formItem "incremental" "$dup_incremental"
110 formItem "bandwidthlimit" "$dup_bandwidth"
111 formItem "sshoptions" "$dup_sshoptions"
113 [ $? = 0 ] || return 1
116 replyconverted=`echo $REPLY | tr '\n' :`
118 thereply=($replyconverted)
121 dup_desthost=${thereply[0]}
122 dup_destuser=${thereply[1]}
123 dup_destdir=${thereply[2]}
124 dup_keep=${thereply[3]}
125 dup_incremental=${thereply[4]}
126 dup_bandwidth=${thereply[5]}
127 dup_sshoptions=${thereply[6]}
136 do_dup_gpg_encryptkey() {
138 while [ -z "$REPLY" -o -z "$dup_gpg_encryptkey" ]; do
139 inputBox "$dup_title - GnuPG" "Enter ID of the public GnuPG key to be used to encrypt the backups:" "$dup_gpg_encryptkey"
140 [ $? = 0 ] || return 1
141 dup_gpg_encryptkey="$REPLY"
147 booleanBox "$dup_title - GnuPG" "Sign the backups?" "$dup_gpg_sign"
155 do_dup_gpg_signkey() {
157 booleanBox "$dup_title - GnuPG" "Use the same GnuPG key pair for encryption and signing?" "$dup_gpg_onekeypair"
159 dup_gpg_onekeypair=yes
161 dup_gpg_onekeypair=no
164 if [ "$dup_gpg_onekeypair" == "no" }; then
167 while [ -z "$REPLY" -o -z "$dup_gpg_signkey" ]; do
168 inputBox "$dup_title - GnuPG" "Enter the ID of the private GnuPG key to be used to sign the backups:" "$dup_gpg_signkey"
169 [ $? = 0 ] || return 1
170 dup_gpg_signkey="$REPLY"
175 do_dup_gpg_passphrase() {
176 local question="Enter the passphrase needed to $@:"
178 while [ -z "$REPLY" -o -z "$dup_gpg_password" ]; do
179 passwordBox "$dup_title - GnuPG" "$question"
180 [ $? = 0 ] || return 1
181 dup_gpg_password="$REPLY"
187 # symmetric or public key encryption ?
188 booleanBox "$dup_title - GnuPG" "Use public key encryption? Else, symmetric encryption will be used, and data signing will be impossible." "$dup_gpg_asymmetric_encryption"
190 dup_gpg_asymmetric_encryption=yes
192 dup_gpg_asymmetric_encryption=no
195 # when using public/private key pair encryption, ask for the keys to use
196 if [ "$dup_gpg_asymmetric_encryption" == yes ]; then
197 do_dup_gpg_encryptkey ; [ $? = 0 ] || return 1
198 do_dup_gpg_sign ; [ $? = 0 ] || return 1
199 if [ "$dup_gpg_sign" == yes ]; then
200 do_dup_gpg_signkey ; [ $? = 0 ] || return 1
204 # a passphrase is only needed when signing, or when symmetric encryption is used
205 if [ "$dup_gpg_asymmetric_encryption" == "no" ]; then
206 do_dup_gpg_passphrase "encrypt the backups"
207 [ $? = 0 ] || return 1
208 elif [ "$dup_gpg_sign" == "yes" ]; then
209 if [ -z "$dup_gpg_signkey" ]; then
210 do_dup_gpg_passphrase "unlock the GnuPG 0x$dup_gpg_signkey key used to sign the backups"
211 [ $? = 0 ] || return 1
213 do_dup_gpg_passphrase "unlock the GnuPG 0x$dup_gpg_encryptkey key used to sign the backups"
214 [ $? = 0 ] || return 1
220 # TODO: replace the above line by the following when do_dup_conn is written
224 # TODO: share rdiff.helper code in some lib, and use it here
230 do_dup_misc_options() {
236 formBegin "$dup_title - misc. options"
237 formItem "nicelevel" "$dup_nicelevel"
238 formItem "testconnect" "$dup_testconnect"
239 formItem "options" "$dup_options"
241 [ $? = 0 ] || return 1
244 replyconverted=`echo $REPLY | tr '\n' :`
246 thereply=($replyconverted)
249 dup_nicelevel=${thereply[0]}
250 dup_testconnect=${thereply[1]}
251 dup_options=${thereply[2]}
256 # (rdiff.helper compatible interface... there could be some sode to share, hmmm.)
259 [ $? = 0 ] || return 1
265 get_next_filename $configdirectory/90.dup
266 cat > $next_filename <<EOF
267 # passed directly to duplicity
268 #options = --verbosity 8
269 options = $dup_options
271 # default is 0, but set to 19 if you want to lower the priority.
272 nicelevel = $dup_nicelevel
274 # default is yes. set to no to skip the test if the remote host is alive
275 testconnect = $dup_testconnect
277 ######################################################
279 ## (how to encrypt and optionnally sign the backups)
281 ## WARNING: old (pre-0.9.2) example.dup used to give wrong information about
282 ## the way the following options are used. Please read ahead
285 ## If the encryptkey variable is set:
286 ## - data is encrypted with the GnuPG public key specified by the encryptkey
288 ## - if signing is enabled, the password variable is used to unlock the GnuPG
289 ## private key used for signing; else, you do not need to set the password
291 ## If the encryptkey option is not set:
292 ## - data signing is not possible
293 ## - the password variable is used to encrypt the data with symmetric
294 ## encryption: no GnuPG key pair is needed
298 # when set to yes, encryptkey variable must be set bellow; if you want to use
299 # two different keys for encryption and signing, you must also set the signkey
301 # default is no, for backward compatibility with backupninja <= 0.5.
304 # ID of the GnuPG public key used for data encryption.
305 # if not set, symmetric encryption is used, and data signing is not possible.
306 encryptkey = $dup_gpg_encryptkey
308 # ID of the GnuPG private key used for data signing.
309 # if not set, encryptkey will be used.
310 signkey = $dup_gpg_signkey
313 # NB: do not quote it, and it should not contain any quote
314 password = $dup_gpg_password
316 ######################################################
318 ## (where the files to be backed up are coming from)
322 # files to include in the backup
323 # (supports globbing with '*')
325 # Symlinks are not dereferenced. Moreover, an include line whose path
326 # contains, at any level, a symlink to a directory, will only have the
327 # symlink backed-up, not the target directory's content. Yes, you have
328 # to dereference yourself the symlinks, or to use 'mount --bind'
331 # Let's say /home is a symlink to /mnt/crypt/home ; the following line
332 # will only backup a "/home" symlink ; neither /home/user nor
333 # /home/user/Mail will be backed-up :
334 # include = /home/user/Mail
335 # A workaround is to 'mount --bind /mnt/crypt/home /home' ; another
337 # include = /mnt/crypt/home/user/Mail
340 if [ "$host_or_vservers" == host -o "$host_or_vservers" == both ]; then
342 for i in $dup_includes; do
343 echo "include = $i" >> $next_filename
348 cat >> $next_filename <<EOF
350 # If vservers = yes in /etc/backupninja.conf then the following variables can
352 # vsnames = all | <vserver1> <vserver2> ... (default = all)
354 # Any path specified in vsinclude is added to the include list for each vserver
355 # listed in vsnames (or all if vsnames = all).
356 # E.g. vsinclude = /home will backup the /home partition in every vserver
357 # listed in vsnames. If you have vsnames = "foo bar baz", this vsinclude will
358 # add to the include list /vservers/foo/home, /vservers/bar/home and
359 # /vservers/baz/home.
360 # Vservers paths are derived from $VROOTDIR.
364 if [ "$host_or_vservers" == vservers -o "$host_or_vservers" == both ]; then
366 echo -e "vsnames = \"$selected_vservers\"\n" >> $next_filename
367 for i in $dup_vsincludes; do
368 echo "vsinclude = $i" >> $next_filename
374 cat >> $next_filename <<EOF
376 # rdiff-backup specific comment, TO ADAPT
377 # files to exclude from the backup
378 # (supports globbing with '*')
381 for i in $dup_excludes; do
382 echo "exclude = $i" >> $next_filename
386 cat >> $next_filename <<EOF
388 ######################################################
389 ## destination section
390 ## (where the files are copied to)
394 # perform an incremental backup? (default = yes)
395 # if incremental = no, perform a full backup in order to start a new backup set
396 incremental = $dup_incremental
398 # how many days of data to keep ; default is 60 days.
399 # (you can also use the time format of duplicity)
400 # 'keep = yes' means : do not delete old data, the remote host will take care of this
405 # bandwith limit, in kbit/s ; default is 0, i.e. no limit
406 #bandwidthlimit = 128
407 bandwidthlimit = $dup_bandwidth
409 # passed directly to ssh and scp
410 #sshoptions = -i /root/.ssh/id_dsa_duplicity
411 sshoptions = $dup_sshoptions
413 # put the backups under this directory
414 destdir = $dup_destdir
416 # the machine which will receive the backups
417 desthost = $dup_desthost
419 # make the files owned by this user
420 # note: you must be able to ssh backupuser@backhost
421 # without specifying a password (if type = remote).
422 destuser = $dup_destuser
426 chmod 600 $next_filename
433 srcitem="choose files to include & exclude $_src_done"
434 destitem="configure backup destination $_dest_done"
435 gpgitem="configure GnuPG encryption/signing $_gpg_done"
436 conitem="set up ssh keys and test remote connection $_con_done"
437 advitem="edit advanced settings $_adv_done"
438 # TODO: add the following to the menu when do_dup_conn is written
440 menuBox "$dup_title" "choose a step:" \
445 finish "finish and create config file"
446 [ $? = 0 ] || return 1
451 "dest") do_dup_dest;;
453 # TODO: enable the following when do_dup_conn is written
454 # "conn") do_dup_conn;;
457 if [[ "$_dest_done$_gpg_done$_src_done" != "(DONE)(DONE)(DONE)" ]]; then
458 # TODO: replace the previous test by the following when do_dup_conn is written
459 # if [[ "$_con_done$_dest_done$_gpg_done$_src_done" != "(DONE)(DONE)(DONE)(DONE)" ]]; then
460 msgBox "$dup_title" "You cannot create the configuration file until the four first steps are completed."
475 require_packages duplicity
478 dup_title="Duplicity action wizard"
491 dup_destdir="/backups/`hostname`"
494 dup_gpg_asymmetric_encryption="yes"
495 dup_gpg_encryptkey=""
497 dup_gpg_onekeypair="yes"
504 # Global variables whose '*' shall not be expanded
506 dup_default_includes="/var/spool/cron/crontabs /var/backups /etc /root /home /usr/local/*bin /var/lib/dpkg/status*"
507 dup_default_excludes="/home/*/.gnupg"