# -*- mode: sh; sh-basic-offset: 3; indent-tabs-mode: nil; -*- HELPERS="$HELPERS dup:incremental_encrypted_remote_filesystem_backup" ### Functions do_dup_host_includes() { set -o noglob # choose the files to backup REPLY= while [ -z "$REPLY" ]; do formBegin "$dup_title - host system: includes" [ -z "$dup_includes" ] && dup_includes="$dup_default_includes" for i in $dup_includes; do formItem include "$i" done formItem include "" formItem include "" formItem include "" formDisplay [ $? = 0 ] || return 1 dup_includes="$REPLY" done set +o noglob } do_dup_vserver() { # choose the vservers to backup (into $selected_vservers) choose_one_or_more_vservers "$dup_title" [ $? = 0 ] || return 1 set -o noglob # choose the files to backup REPLY= while [ -z "$REPLY" ]; do formBegin "$dup_title - vservers: vsincludes (backup these directories from every selected vserver)" [ -z "$dup_vsincludes" ] && dup_vsincludes="$dup_default_includes" for i in $dup_vsincludes; do formItem include "$i" done formItem include "" formItem include "" formItem include "" formDisplay [ $? = 0 ] || return 1 dup_vsincludes="$REPLY" done set +o noglob } do_dup_excludes() { set -o noglob formBegin "$dup_title: excludes" [ -z "$dup_excludes" ] && dup_excludes="$dup_default_excludes" for i in $dup_excludes; do formItem exclude "$i" done formItem exclude "" formItem exclude "" formItem exclude "" formDisplay [ $? = 0 ] || return 1 dup_excludes="$REPLY" set +o noglob } do_dup_src() { choose_host_or_vservers_or_both "$dup_title" [ $? = 0 ] || return 1 case $host_or_vservers in 'host') do_dup_host_includes [ $? = 0 ] || return 1 ;; 'vservers') do_dup_vserver [ $? = 0 ] || return 1 ;; 'both') do_dup_host_includes [ $? = 0 ] || return 1 do_dup_vserver [ $? = 0 ] || return 1 ;; *) return 1 ;; esac do_dup_excludes [ $? = 0 ] || return 1 _src_done="(DONE)" setDefault dest } do_dup_dest() { local replyconverted local thereply set -o noglob REPLY= while [ -z "$REPLY" -o -z "$dup_destdir" -o -z "$dup_desthost" -o -z "$dup_destuser" ]; do formBegin "$dup_title - destination: first three items are compulsory" formItem "desthost" "$dup_desthost" formItem "destuser" "$dup_destuser" formItem "destdir" "$dup_destdir" formItem "keep" "$dup_keep" formItem "incremental" "$dup_incremental" formItem "bandwidthlimit" "$dup_bandwidth" formItem "sshoptions" "$dup_sshoptions" formDisplay [ $? = 0 ] || return 1 IFS=$'' replyconverted=`echo $REPLY | tr '\n' :` IFS=$':' thereply=($replyconverted) IFS=$' \t\n' dup_desthost=${thereply[0]} dup_destuser=${thereply[1]} dup_destdir=${thereply[2]} dup_keep=${thereply[3]} dup_incremental=${thereply[4]} dup_bandwidth=${thereply[5]} dup_sshoptions=${thereply[6]} done set +o noglob _dest_done="(DONE)" setDefault gpg } do_dup_gpg_encryptkey() { REPLY= while [ -z "$REPLY" -o -z "$dup_gpg_encryptkey" ]; do inputBox "$dup_title - GnuPG" "Enter ID of the public GnuPG key to be used to encrypt the backups:" "$dup_gpg_encryptkey" [ $? = 0 ] || return 1 dup_gpg_encryptkey="$REPLY" done } do_dup_gpg_sign() { # sign ? booleanBox "$dup_title - GnuPG" "Sign the backups?" "$dup_gpg_sign" if [ $? = 0 ]; then dup_gpg_sign=yes else dup_gpg_sign=no fi } do_dup_gpg_signkey() { # one key pair ? booleanBox "$dup_title - GnuPG" "Use the same GnuPG key pair for encryption and signing?" "$dup_gpg_onekeypair" if [ $? = 0 ]; then dup_gpg_onekeypair=yes else dup_gpg_onekeypair=no fi if [ "$dup_gpg_onekeypair" == "no" }; then # signkey ? REPLY= while [ -z "$REPLY" -o -z "$dup_gpg_signkey" ]; do inputBox "$dup_title - GnuPG" "Enter the ID of the private GnuPG key to be used to sign the backups:" "$dup_gpg_signkey" [ $? = 0 ] || return 1 dup_gpg_signkey="$REPLY" done fi } do_dup_gpg_passphrase() { local question="Enter the passphrase needed to unlock the GnuPG key:" REPLY= while [ -z "$REPLY" -o -z "$dup_gpg_password" ]; do passwordBox "$dup_title - GnuPG" "$question" [ $? = 0 ] || return 1 dup_gpg_password="$REPLY" done } do_dup_gpg() { # symmetric or public key encryption ? booleanBox "$dup_title - GnuPG" "Use public key encryption? Otherwise, symmetric encryption will be used, and data signing will be impossible." "$dup_gpg_asymmetric_encryption" if [ $? = 0 ]; then dup_gpg_asymmetric_encryption=yes else dup_gpg_asymmetric_encryption=no fi # when using public/private key pair encryption, ask for the keys to use if [ "$dup_gpg_asymmetric_encryption" == yes ]; then do_dup_gpg_encryptkey ; [ $? = 0 ] || return 1 do_dup_gpg_sign ; [ $? = 0 ] || return 1 if [ "$dup_gpg_sign" == yes ]; then do_dup_gpg_signkey ; [ $? = 0 ] || return 1 fi else dup_gpg_sign=no fi # a passphrase is alway needed do_dup_gpg_passphrase _gpg_done="(DONE)" setDefault adv # TODO: replace the above line by the following when do_dup_conn is written # setDefault conn } # TODO: share rdiff.helper code in some lib, and use it here do_dup_conn() { _con_done="(DONE)" setDefault adv } do_dup_misc_options() { set -o noglob local replyconverted local thereply formBegin "$dup_title - misc. options" formItem "nicelevel" "$dup_nicelevel" formItem "testconnect" "$dup_testconnect" formItem "options" "$dup_options" formDisplay [ $? = 0 ] || return 1 IFS=$'' replyconverted=`echo $REPLY | tr '\n' :` IFS=$':' thereply=($replyconverted) IFS=$' \t\n' dup_nicelevel=${thereply[0]} dup_testconnect=${thereply[1]} dup_options=${thereply[2]} set +o noglob } # (rdiff.helper compatible interface... there could be some sode to share, hmmm.) do_dup_adv() { do_dup_misc_options [ $? = 0 ] || return 1 _adv_done="(DONE)" setDefault finish } do_dup_finish() { get_next_filename $configdirectory/90.dup cat > $next_filename <> $next_filename done set +o noglob fi cat >> $next_filename < ... (default = all) # vsinclude = # vsinclude = # ... # Any path specified in vsinclude is added to the include list for each vserver # listed in vsnames (or all if vsnames = all, which is the default). # # For example, vsinclude = /home will backup the /home directory in every # vserver listed in vsnames. If you have 'vsnames = foo bar baz', this # vsinclude will add to the include list /vservers/foo/home, /vservers/bar/home # and /vservers/baz/home. # Vservers paths are derived from $VROOTDIR. EOF if [ "$host_or_vservers" == vservers -o "$host_or_vservers" == both ]; then set -o noglob echo -e "vsnames = $selected_vservers\n" >> $next_filename for i in $dup_vsincludes; do echo "vsinclude = $i" >> $next_filename done set +o noglob fi # excludes cat >> $next_filename <> $next_filename done set +o noglob cat >> $next_filename <=0.4.2) # warning: sftp does not support all scp options, especially -i; as # a workaround, you can use "-o " #sshoptions = -o IdentityFile=/root/.ssh/id_dsa_duplicity sshoptions = $dup_sshoptions # put the backups under this directory destdir = $dup_destdir # the machine which will receive the backups desthost = $dup_desthost # make the files owned by this user # note: you must be able to ssh backupuser@backhost # without specifying a password (if type = remote). destuser = $dup_destuser EOF chmod 600 $next_filename } dup_main_menu() { while true; do srcitem="choose files to include & exclude $_src_done" destitem="configure backup destination $_dest_done" gpgitem="configure GnuPG encryption/signing $_gpg_done" conitem="set up ssh keys and test remote connection $_con_done" advitem="edit advanced settings $_adv_done" # TODO: add the following to the menu when do_dup_conn is written # conn "$conitem" \ menuBox "$dup_title" "choose a step:" \ src "$srcitem" \ dest "$destitem" \ gpg "$gpgitem" \ adv "$advitem" \ finish "finish and create config file" [ $? = 0 ] || return 1 result="$REPLY" case "$result" in "src") do_dup_src;; "dest") do_dup_dest;; "gpg") do_dup_gpg;; # TODO: enable the following when do_dup_conn is written # "conn") do_dup_conn;; "adv") do_dup_adv;; "finish") if [[ "$_dest_done$_gpg_done$_src_done" != "(DONE)(DONE)(DONE)" ]]; then # TODO: replace the previous test by the following when do_dup_conn is written # if [[ "$_con_done$_dest_done$_gpg_done$_src_done" != "(DONE)(DONE)(DONE)(DONE)" ]]; then msgBox "$dup_title" "You cannot create the configuration file until the four first steps are completed." else do_dup_finish break fi ;; esac done } ### Main function dup_wizard() { require_packages duplicity # Global variables dup_title="Duplicity action wizard" _src_done= _dest_done= _con_done= _gpg_done= _adv_done= dup_includes= dup_excludes= dup_vsincludes= dup_incremental=yes dup_keep=60 dup_bandwidth= dup_sshoptions= dup_destdir="/backups/`hostname`" dup_desthost= dup_destuser= dup_gpg_asymmetric_encryption="yes" dup_gpg_encryptkey="" dup_gpg_sign="yes" dup_gpg_onekeypair="yes" dup_gpg_signkey="" dup_gpg_password="" dup_nicelevel=19 dup_testconnect=yes dup_options= # Global variables whose '*' shall not be expanded set -o noglob dup_default_includes="/var/spool/cron/crontabs /var/backups /etc /root /home /usr/local/*bin /var/lib/dpkg/status*" dup_default_excludes="/home/*/.gnupg /home/*/.gnupg /home/*/.local/share/Trash /home/*/.Trash /home/*/.thumbnails /home/*/.beagle /home/*/.aMule /home/*/gtk-gnutella-downloads" set +o noglob dup_main_menu }