1 # -*- mode: sh; sh-basic-offset: 3; indent-tabs-mode: nil; -*-
2 HELPERS="$HELPERS dup:incremental_encrypted_remote_filesystem_backup"
6 do_dup_host_includes() {
8 # choose the files to backup
10 while [ -z "$REPLY" ]; do
11 formBegin "$dup_title - host system: includes"
12 [ -z "$dup_includes" ] && dup_includes="$dup_default_includes"
13 for i in $dup_includes; do
20 [ $? = 0 ] || return 1
27 # choose the vservers to backup (into $selected_vservers)
28 choose_one_or_more_vservers "$dup_title"
29 [ $? = 0 ] || return 1
32 # choose the files to backup
34 while [ -z "$REPLY" ]; do
35 formBegin "$dup_title - vservers: includes"
36 [ -z "$dup_vsincludes" ] && dup_vsincludes="$dup_default_includes"
37 for i in $dup_vsincludes; do
44 [ $? = 0 ] || return 1
45 dup_vsincludes="$REPLY"
52 formBegin "$dup_title: excludes"
53 [ -z "$dup_excludes" ] && dup_excludes="$dup_default_excludes"
54 for i in $dup_excludes; do
61 [ $? = 0 ] || return 1
67 choose_host_or_vservers_or_both "$dup_title"
68 [ $? = 0 ] || return 1
69 case $host_or_vservers in
72 [ $? = 0 ] || return 1
76 [ $? = 0 ] || return 1
80 [ $? = 0 ] || return 1
82 [ $? = 0 ] || return 1
89 [ $? = 0 ] || return 1
102 while [ -z "$REPLY" -o -z "$dup_destdir" -o -z "$dup_desthost" -o -z "$dup_destuser" ]; do
103 formBegin "$dup_title - destination: first three items are compulsory"
104 formItem "desthost" "$dup_desthost"
105 formItem "destuser" "$dup_destuser"
106 formItem "destdir" "$dup_destdir"
107 formItem "keep" "$dup_keep"
108 formItem "incremental" "$dup_incremental"
109 formItem "bandwidthlimit" "$dup_bandwidth"
110 formItem "sshoptions" "$dup_sshoptions"
112 [ $? = 0 ] || return 1
115 replyconverted=`echo $REPLY | tr '\n' :`
117 thereply=($replyconverted)
120 dup_desthost=${thereply[0]}
121 dup_destuser=${thereply[1]}
122 dup_destdir=${thereply[2]}
123 dup_keep=${thereply[3]}
124 dup_incremental=${thereply[4]}
125 dup_bandwidth=${thereply[5]}
126 dup_sshoptions=${thereply[6]}
135 do_dup_gpg_encryptkey() {
137 while [ -z "$REPLY" -o -z "$dup_gpg_encryptkey" ]; do
138 inputBox "$dup_title - GnuPG" "Enter ID of the public GnuPG key to be used to encrypt the backups:" "$dup_gpg_encryptkey"
139 [ $? = 0 ] || return 1
140 dup_gpg_encryptkey="$REPLY"
146 booleanBox "$dup_title - GnuPG" "Sign the backups?" "$dup_gpg_sign"
154 do_dup_gpg_signkey() {
156 booleanBox "$dup_title - GnuPG" "Use the same GnuPG key pair for encryption and signing?" "$dup_gpg_onekeypair"
158 dup_gpg_onekeypair=yes
160 dup_gpg_onekeypair=no
163 if [ "$dup_gpg_onekeypair" == "no" }; then
166 while [ -z "$REPLY" -o -z "$dup_gpg_signkey" ]; do
167 inputBox "$dup_title - GnuPG" "Enter the ID of the private GnuPG key to be used to sign the backups:" "$dup_gpg_signkey"
168 [ $? = 0 ] || return 1
169 dup_gpg_signkey="$REPLY"
174 do_dup_gpg_passphrase() {
175 local question="Enter the passphrase needed to $@:"
177 while [ -z "$REPLY" -o -z "$dup_gpg_password" ]; do
178 passwordBox "$dup_title - GnuPG" "$question"
179 [ $? = 0 ] || return 1
180 dup_gpg_password="$REPLY"
186 # symmetric or public key encryption ?
187 booleanBox "$dup_title - GnuPG" "Use public key encryption? Else, symmetric encryption will be used, and data signing will be impossible." "$dup_gpg_asymmetric_encryption"
189 dup_gpg_asymmetric_encryption=yes
191 dup_gpg_asymmetric_encryption=no
194 # when using public/private key pair encryption, ask for the keys to use
195 if [ "$dup_gpg_asymmetric_encryption" == yes ]; then
196 do_dup_gpg_encryptkey ; [ $? = 0 ] || return 1
197 do_dup_gpg_sign ; [ $? = 0 ] || return 1
198 if [ "$dup_gpg_sign" == yes ]; then
199 do_dup_gpg_signkey ; [ $? = 0 ] || return 1
203 # a passphrase is only needed when signing, or when symmetric encryption is used
204 if [ "$dup_gpg_asymmetric_encryption" == "no" ]; then
205 do_dup_gpg_passphrase "encrypt the backups"
206 [ $? = 0 ] || return 1
207 elif [ "$dup_gpg_sign" == "yes" ]; then
208 if [ -z "$dup_gpg_signkey" ]; then
209 do_dup_gpg_passphrase "unlock the GnuPG 0x$dup_gpg_signkey key used to sign the backups"
210 [ $? = 0 ] || return 1
212 do_dup_gpg_passphrase "unlock the GnuPG 0x$dup_gpg_encryptkey key used to sign the backups"
213 [ $? = 0 ] || return 1
219 # TODO: replace the above line by the following when do_dup_conn is written
223 # TODO: share rdiff.helper code in some lib, and use it here
229 do_dup_misc_options() {
235 formBegin "$dup_title - misc. options"
236 formItem "nicelevel" "$dup_nicelevel"
237 formItem "testconnect" "$dup_testconnect"
238 formItem "options" "$dup_options"
240 [ $? = 0 ] || return 1
243 replyconverted=`echo $REPLY | tr '\n' :`
245 thereply=($replyconverted)
248 dup_nicelevel=${thereply[0]}
249 dup_testconnect=${thereply[1]}
250 dup_options=${thereply[2]}
255 # (rdiff.helper compatible interface... there could be some sode to share, hmmm.)
258 [ $? = 0 ] || return 1
264 get_next_filename $configdirectory/90.dup
265 cat > $next_filename <<EOF
266 # passed directly to duplicity
267 #options = --verbosity 8
268 options = $dup_options
270 # default is 0, but set to 19 if you want to lower the priority.
271 nicelevel = $dup_nicelevel
273 # default is yes. set to no to skip the test if the remote host is alive
274 testconnect = $dup_testconnect
276 ######################################################
278 ## (how to encrypt and optionnally sign the backups)
280 ## WARNING: old (pre-0.9.2) example.dup used to give wrong information about
281 ## the way the following options are used. Please read ahead
284 ## If the encryptkey variable is set:
285 ## - data is encrypted with the GnuPG public key specified by the encryptkey
287 ## - if signing is enabled, the password variable is used to unlock the GnuPG
288 ## private key used for signing; else, you do not need to set the password
290 ## If the encryptkey option is not set:
291 ## - data signing is not possible
292 ## - the password variable is used to encrypt the data with symmetric
293 ## encryption: no GnuPG key pair is needed
297 # when set to yes, encryptkey variable must be set bellow; if you want to use
298 # two different keys for encryption and signing, you must also set the signkey
300 # default is no, for backward compatibility with backupninja <= 0.5.
303 # ID of the GnuPG public key used for data encryption.
304 # if not set, symmetric encryption is used, and data signing is not possible.
305 encryptkey = $dup_gpg_encryptkey
307 # ID of the GnuPG private key used for data signing.
308 # if not set, encryptkey will be used.
309 signkey = $dup_gpg_signkey
312 # NB: do not quote it, and it should not contain any quote
313 password = $dup_gpg_password
315 ######################################################
317 ## (where the files to be backed up are coming from)
321 # files to include in the backup
322 # (supports globbing with '*')
324 # Symlinks are not dereferenced. Moreover, an include line whose path
325 # contains, at any level, a symlink to a directory, will only have the
326 # symlink backed-up, not the target directory's content. Yes, you have
327 # to dereference yourself the symlinks, or to use 'mount --bind'
330 # Let's say /home is a symlink to /mnt/crypt/home ; the following line
331 # will only backup a "/home" symlink ; neither /home/user nor
332 # /home/user/Mail will be backed-up :
333 # include = /home/user/Mail
334 # A workaround is to 'mount --bind /mnt/crypt/home /home' ; another
336 # include = /mnt/crypt/home/user/Mail
339 if [ "$host_or_vservers" == host -o "$host_or_vservers" == both ]; then
341 for i in $dup_includes; do
342 echo "include = $i" >> $next_filename
347 cat >> $next_filename <<EOF
349 # If vservers = yes in /etc/backupninja.conf then the following variables can
351 # vsnames = all | <vserver1> <vserver2> ... (default = all)
353 # Any path specified in vsinclude is added to the include list for each vserver
354 # listed in vsnames (or all if vsnames = all).
355 # E.g. vsinclude = /home will backup the /home partition in every vserver
356 # listed in vsnames. If you have vsnames = "foo bar baz", this vsinclude will
357 # add to the include list /vservers/foo/home, /vservers/bar/home and
358 # /vservers/baz/home.
359 # Vservers paths are derived from $VROOTDIR.
363 if [ "$host_or_vservers" == vservers -o "$host_or_vservers" == both ]; then
365 echo -e "vsnames = \"$selected_vservers\"\n" >> $next_filename
366 for i in $dup_vsincludes; do
367 echo "vsinclude = $i" >> $next_filename
373 cat >> $next_filename <<EOF
375 # rdiff-backup specific comment, TO ADAPT
376 # files to exclude from the backup
377 # (supports globbing with '*')
380 for i in $dup_excludes; do
381 echo "exclude = $i" >> $next_filename
385 cat >> $next_filename <<EOF
387 ######################################################
388 ## destination section
389 ## (where the files are copied to)
393 # perform an incremental backup? (default = yes)
394 # if incremental = no, perform a full backup in order to start a new backup set
395 incremental = $dup_incremental
397 # how many days of data to keep ; default is 60 days.
398 # (you can also use the time format of duplicity)
399 # 'keep = yes' means : do not delete old data, the remote host will take care of this
404 # bandwith limit, in kbit/s ; default is 0, i.e. no limit
405 #bandwidthlimit = 128
406 bandwidthlimit = $dup_bandwidth
408 # passed directly to ssh and scp
409 #sshoptions = -i /root/.ssh/id_dsa_duplicity
410 sshoptions = $dup_sshoptions
412 # put the backups under this directory
413 destdir = $dup_destdir
415 # the machine which will receive the backups
416 desthost = $dup_desthost
418 # make the files owned by this user
419 # note: you must be able to ssh backupuser@backhost
420 # without specifying a password (if type = remote).
421 destuser = $dup_destuser
425 chmod 600 $next_filename
432 srcitem="choose files to include & exclude $_src_done"
433 destitem="configure backup destination $_dest_done"
434 gpgitem="configure GnuPG encryption/signing $_gpg_done"
435 conitem="set up ssh keys and test remote connection $_con_done"
436 advitem="edit advanced settings $_adv_done"
437 # TODO: add the following to the menu when do_dup_conn is written
439 menuBox "$dup_title" "choose a step:" \
444 finish "finish and create config file"
445 [ $? = 0 ] || return 1
450 "dest") do_dup_dest;;
452 # TODO: enable the following when do_dup_conn is written
453 # "conn") do_dup_conn;;
456 if [[ "$_dest_done$_gpg_done$_src_done" != "(DONE)(DONE)(DONE)" ]]; then
457 # TODO: replace the previous test by the following when do_dup_conn is written
458 # if [[ "$_con_done$_dest_done$_gpg_done$_src_done" != "(DONE)(DONE)(DONE)(DONE)" ]]; then
459 msgBox "$dup_title" "You cannot create the configuration file until the four first steps are completed."
474 require_packages duplicity
477 dup_title="Duplicity action wizard"
490 dup_destdir="/backups/`hostname`"
493 dup_gpg_asymmetric_encryption="yes"
494 dup_gpg_encryptkey=""
496 dup_gpg_onekeypair="yes"
503 # Global variables whose '*' shall not be expanded
505 dup_default_includes="/var/spool/cron/crontabs /var/backups /etc /root /home /usr/local/*bin /var/lib/dpkg/status*"
506 dup_default_excludes="/home/*/.gnupg"