1 # -*- mode: sh; sh-basic-offset: 3; indent-tabs-mode: nil; -*-
2 # vim: set filetype=sh sw=3 sts=3 expandtab autoindent:
4 HELPERS="$HELPERS dup:incremental_encrypted_remote_filesystem_backup"
8 do_dup_host_includes() {
10 # choose the files to backup
12 while [ -z "$REPLY" ]; do
13 formBegin "$dup_title - host system: includes"
14 [ -z "$dup_includes" ] && dup_includes="$dup_default_includes"
15 for i in $dup_includes; do
27 [ $? = 0 ] || return 1
34 # choose the vservers to backup (into $selected_vservers)
35 choose_one_or_more_vservers "$dup_title"
36 [ $? = 0 ] || return 1
39 # choose the files to backup
41 while [ -z "$REPLY" ]; do
42 formBegin "$dup_title - vservers: vsincludes (backup these directories from every selected vserver)"
43 [ -z "$dup_vsincludes" ] && dup_vsincludes="$dup_default_includes"
44 for i in $dup_vsincludes; do
56 [ $? = 0 ] || return 1
57 dup_vsincludes="$REPLY"
64 formBegin "$dup_title: excludes"
65 [ -z "$dup_excludes" ] && dup_excludes="$dup_default_excludes"
66 for i in $dup_excludes; do
78 [ $? = 0 ] || return 1
84 choose_host_or_vservers_or_both "$dup_title"
85 [ $? = 0 ] || return 1
86 case $host_or_vservers in
89 [ $? = 0 ] || return 1
93 [ $? = 0 ] || return 1
97 [ $? = 0 ] || return 1
99 [ $? = 0 ] || return 1
106 [ $? = 0 ] || return 1
119 while [ -z "$REPLY" -o -z "$dup_destdir" -o -z "$dup_desthost" -o -z "$dup_destuser" ]; do
120 formBegin "$dup_title - destination: first three items are compulsory"
121 formItem "desthost" "$dup_desthost"
122 formItem "destuser" "$dup_destuser"
123 formItem "destdir" "$dup_destdir"
124 formItem "keep" "$dup_keep"
125 formItem "incremental" "$dup_incremental"
126 formItem "bandwidthlimit" "$dup_bandwidth"
127 formItem "sshoptions" "$dup_sshoptions"
129 [ $? = 0 ] || return 1
132 replyconverted=`echo $REPLY | tr '\n' :`
134 thereply=($replyconverted)
137 dup_desthost=${thereply[0]}
138 dup_destuser=${thereply[1]}
139 dup_destdir=${thereply[2]}
140 dup_keep=${thereply[3]}
141 dup_incremental=${thereply[4]}
142 dup_bandwidth=${thereply[5]}
143 dup_sshoptions=${thereply[6]}
152 do_dup_gpg_encryptkey() {
154 while [ -z "$REPLY" -o -z "$dup_gpg_encryptkey" ]; do
155 inputBox "$dup_title - GnuPG" "Enter ID of the public GnuPG key to be used to encrypt the backups:" "$dup_gpg_encryptkey"
156 [ $? = 0 ] || return 1
157 dup_gpg_encryptkey="$REPLY"
163 booleanBox "$dup_title - GnuPG" "Sign the backups?" "$dup_gpg_sign"
171 do_dup_gpg_signkey() {
173 booleanBox "$dup_title - GnuPG" "Use the same GnuPG key pair for encryption and signing?" "$dup_gpg_onekeypair"
175 dup_gpg_onekeypair=yes
177 dup_gpg_onekeypair=no
180 if [ "$dup_gpg_onekeypair" == "no" }; then
183 while [ -z "$REPLY" -o -z "$dup_gpg_signkey" ]; do
184 inputBox "$dup_title - GnuPG" "Enter the ID of the private GnuPG key to be used to sign the backups:" "$dup_gpg_signkey"
185 [ $? = 0 ] || return 1
186 dup_gpg_signkey="$REPLY"
191 do_dup_gpg_passphrase() {
192 local question="Enter the passphrase needed to unlock the GnuPG key:"
194 while [ -z "$REPLY" -o -z "$dup_gpg_password" ]; do
195 passwordBox "$dup_title - GnuPG" "$question"
196 [ $? = 0 ] || return 1
197 dup_gpg_password="$REPLY"
203 # symmetric or public key encryption ?
204 booleanBox "$dup_title - GnuPG" "Use public key encryption? Otherwise, symmetric encryption will be used, and data signing will be impossible." "$dup_gpg_asymmetric_encryption"
206 dup_gpg_asymmetric_encryption=yes
208 dup_gpg_asymmetric_encryption=no
211 # when using public/private key pair encryption, ask for the keys to use
212 if [ "$dup_gpg_asymmetric_encryption" == yes ]; then
213 do_dup_gpg_encryptkey ; [ $? = 0 ] || return 1
214 do_dup_gpg_sign ; [ $? = 0 ] || return 1
215 if [ "$dup_gpg_sign" == yes ]; then
216 do_dup_gpg_signkey ; [ $? = 0 ] || return 1
222 # a passphrase is alway needed
223 do_dup_gpg_passphrase
227 # TODO: replace the above line by the following when do_dup_conn is written
231 # TODO: share rdiff.helper code in some lib, and use it here
237 do_dup_misc_options() {
243 formBegin "$dup_title - misc. options"
244 formItem "nicelevel" "$dup_nicelevel"
245 formItem "testconnect" "$dup_testconnect"
246 formItem "options" "$dup_options"
248 [ $? = 0 ] || return 1
251 replyconverted=`echo $REPLY | tr '\n' :`
253 thereply=($replyconverted)
256 dup_nicelevel=${thereply[0]}
257 dup_testconnect=${thereply[1]}
258 dup_options=${thereply[2]}
263 # (rdiff.helper compatible interface... there could be some sode to share, hmmm.)
266 [ $? = 0 ] || return 1
272 get_next_filename $configdirectory/90.dup
273 cat > $next_filename <<EOF
274 # passed directly to duplicity
275 #options = --verbosity 8
276 options = $dup_options
278 # default is 0, but set to 19 if you want to lower the priority.
279 nicelevel = $dup_nicelevel
281 # default is yes. set to no to skip the test if the remote host is alive
282 testconnect = $dup_testconnect
284 ######################################################
286 ## (how to encrypt and optionally sign the backups)
288 ## WARNING: old (pre-0.9.4) example.dup used to give wrong information about
289 ## the way the following options are used. Please read the following
292 ## If the encryptkey variable is set:
293 ## - data is encrypted with the GnuPG public key specified by the encryptkey
295 ## - if signing is enabled, data is signed with the GnuPG private
296 ## key specified by the signkey variable
297 ## - the password variable is used to unlock the GnuPG key(s) used
298 ## for encryption and (optionnal) signing
300 ## If the encryptkey option is not set:
301 ## - data signing is not possible
302 ## - the password variable is used to encrypt the data with symmetric
303 ## encryption: no GnuPG key pair is needed
307 # when set to yes, encryptkey variable must be set below; if you want to use
308 # two different keys for encryption and signing, you must also set the signkey
310 # default is no, for backwards compatibility with backupninja <= 0.5.
313 # ID of the GnuPG public key used for data encryption.
314 # if not set, symmetric encryption is used, and data signing is not possible.
315 encryptkey = $dup_gpg_encryptkey
317 # ID of the GnuPG private key used for data signing.
318 # if not set, encryptkey will be used.
319 signkey = $dup_gpg_signkey
322 # NB: neither quote this, nor should it include any quotes
323 password = $dup_gpg_password
325 ######################################################
327 ## (where the files to be backed up are coming from)
331 # A few notes about includes and excludes:
332 # 1. include, exclude and vsinclude statements support globbing with '*'
333 # 2. Symlinks are not dereferenced. Moreover, an include line whose path
334 # contains, at any level, a symlink to a directory, will only have the
335 # symlink backed-up, not the target directory's content. Yes, you have to
336 # dereference yourself the symlinks, or to use 'mount --bind' instead.
337 # Example: let's say /home is a symlink to /mnt/crypt/home ; the following
338 # line will only backup a "/home" symlink ; neither /home/user nor
339 # /home/user/Mail will be backed-up :
340 # include = /home/user/Mail
341 # A workaround is to 'mount --bind /mnt/crypt/home /home' ; another one is to
343 # include = /mnt/crypt/home/user/Mail
344 # 3. All the excludes come after all the includes. The order is not otherwise
345 # taken into account.
347 # files to include in the backup
350 if [ "$host_or_vservers" == host -o "$host_or_vservers" == both ]; then
352 for i in $dup_includes; do
353 echo "include = $i" >> $next_filename
358 cat >> $next_filename <<EOF
360 # If vservers = yes in /etc/backupninja.conf then the following variables can
362 # vsnames = all | <vserver1> <vserver2> ... (default = all)
366 # Any path specified in vsinclude is added to the include list for each vserver
367 # listed in vsnames (or all if vsnames = all, which is the default).
369 # For example, vsinclude = /home will backup the /home directory in every
370 # vserver listed in vsnames. If you have 'vsnames = foo bar baz', this
371 # vsinclude will add to the include list /vservers/foo/home, /vservers/bar/home
372 # and /vservers/baz/home.
373 # Vservers paths are derived from $VROOTDIR.
377 if [ "$host_or_vservers" == vservers -o "$host_or_vservers" == both ]; then
379 echo -e "vsnames = $selected_vservers\n" >> $next_filename
380 for i in $dup_vsincludes; do
381 echo "vsinclude = $i" >> $next_filename
387 cat >> $next_filename <<EOF
389 # files to exclude from the backup
392 for i in $dup_excludes; do
393 echo "exclude = $i" >> $next_filename
397 cat >> $next_filename <<EOF
399 ######################################################
400 ## destination section
401 ## (where the files are copied to)
405 # perform an incremental backup? (default = yes)
406 # if incremental = no, perform a full backup in order to start a new backup set
407 incremental = $dup_incremental
409 # how many days of data to keep ; default is 60 days.
410 # (you can also use the time format of duplicity)
411 # 'keep = yes' means : do not delete old data, the remote host will take care of this
416 # full destination URL, in duplicity format; if set, desturl overrides
417 # sshoptions, destdir, desthost and destuser; it also disables testconnect and
418 # bandwithlimit. For details, see duplicity manpage, section "URL FORMAT".
419 #desturl = file:///usr/local/backup
420 #desturl = rsync://user@other.host//var/backup/bla
421 #desturl = s3+http://your_bucket
423 # Amazon Web Services Access Key ID and Secret Access Key, needed for backups
425 #awsaccesskeyid = YOUR_AWS_ACCESS_KEY_ID
426 #awssecretaccesskey = YOUR_AWS_SECRET_KEY
428 # bandwith limit, in kbit/s ; default is 0, i.e. no limit
429 #bandwidthlimit = 128
430 bandwidthlimit = $dup_bandwidth
432 # passed directly to ssh, scp (and sftp in duplicity >=0.4.2)
433 # warning: sftp does not support all scp options, especially -i; as
434 # a workaround, you can use "-o <SSHOPTION>"
435 #sshoptions = -o IdentityFile=/root/.ssh/id_dsa_duplicity
436 sshoptions = $dup_sshoptions
438 # put the backups under this directory
439 destdir = $dup_destdir
441 # the machine which will receive the backups
442 desthost = $dup_desthost
444 # make the files owned by this user
445 # note: you must be able to ssh backupuser@backhost
446 # without specifying a password (if type = remote).
447 destuser = $dup_destuser
451 chmod 600 $next_filename
458 srcitem="choose files to include & exclude $_src_done"
459 destitem="configure backup destination $_dest_done"
460 gpgitem="configure GnuPG encryption/signing $_gpg_done"
461 conitem="set up ssh keys and test remote connection $_con_done"
462 advitem="edit advanced settings $_adv_done"
463 # TODO: add the following to the menu when do_dup_conn is written
465 menuBox "$dup_title" "choose a step:" \
470 finish "finish and create config file"
471 [ $? = 0 ] || return 1
476 "dest") do_dup_dest;;
478 # TODO: enable the following when do_dup_conn is written
479 # "conn") do_dup_conn;;
482 if [[ "$_dest_done$_gpg_done$_src_done" != "(DONE)(DONE)(DONE)" ]]; then
483 # TODO: replace the previous test by the following when do_dup_conn is written
484 # if [[ "$_con_done$_dest_done$_gpg_done$_src_done" != "(DONE)(DONE)(DONE)(DONE)" ]]; then
485 msgBox "$dup_title" "You cannot create the configuration file until the four first steps are completed."
500 require_packages duplicity
503 dup_title="Duplicity action wizard"
516 dup_destdir="/backups/`hostname`"
519 dup_gpg_asymmetric_encryption="yes"
520 dup_gpg_encryptkey=""
522 dup_gpg_onekeypair="yes"
529 # Global variables whose '*' shall not be expanded
531 dup_default_includes="/var/spool/cron/crontabs /var/backups /etc /root /home /usr/local/*bin /var/lib/dpkg/status*"
532 dup_default_excludes="/home/*/.gnupg /home/*/.local/share/Trash /home/*/.Trash /home/*/.thumbnails /home/*/.beagle /home/*/.aMule /home/*/gtk-gnutella-downloads"