perso/backup-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
backup-scripts/README.md
Nicolas Hordé 6a6eae367b First commit
2025-04-16 08:16:09 +00:00

138 lines
2.8 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 🛠️ `admin.sh` — Smart Admin CLI for Backups & Sync
A powerful admin helper script to manage cloud **backups** (via Restic) and **syncs** (via Rclone) using encrypted credentials with **Tang** and **ZFS metadata emulation**.
---
## 📦 Features
- 🔐 Secure credential storage via Tang + Clevis
- ☁️ Cloud sync to **pCloud** using Rclone
- 📦 Cloud backup using **Restic**
- ⚙️ Configuration stored in extended attributes (ZFS-style)
- 🔑 Decryption/encryption with clevis and jose tools
- 🪪 Fake ZFS & Zpool compatibility
- 📂 Temporary mount in RAM for config isolation
- 🔄 Dry-run & full sync support
- 🔍 Encrypted credential introspection
- 📊 Detailed logging for sync and backup tasks
---
## 🚀 Usage
```bash
./admin.sh [command] [arguments]
```
---
## 📋 Commands
### 🔧 Configuration
```bash
admin.sh config
```
> Interactively set or update encrypted credentials and cloud paths.
---
### ☁️ Cloud Sync (Rclone)
```bash
admin.sh sync <zfs_dataset> [now|dryrun|copy|view|ls|check]
```
- `now` Real-time sync to cloud
- `dryrun` Simulation only
- `copy` Download specific item from cloud
- `view` Browse cloud storage interactively
- `ls` List all cloud files
- `check` Verify data consistency
---
### 🧰 Cloud Backup (Restic)
```bash
admin.sh backup <zfs_dataset> [init|view|ls|check|now|prune|remove|unlock]
```
- `init` Initialize remote repository
- `now` Backup now (with retention)
- `view` List snapshots
- `ls` Show files in snapshot
- `check` Integrity check
- `prune` Clean old snapshots
- `remove` Delete a specific snapshot
- `unlock` Unlock repository
---
### 🔐 Encryption / Decryption
```bash
admin.sh tangcrypt
admin.sh tangdecrypt
```
- `tangcrypt` Encrypt stdin using Tang
- `tangdecrypt` Decrypt stdin
---
## 🧠 How it works
- Uses **ZFS metadata** (or simulated `.data` file) to manage configurations per dataset
- Mounts temporary RAMFS (`/mnt/usb`) to store decrypted `rclone.conf`
- Invokes external tools:
- `rclone`
- `restic`
- `jose`
- `clevis`
- Credentials are encrypted and decrypted on the fly
---
## 📁 Required Dependencies
- `rclone`
- `restic`
- `clevis`
- `jose` (CLI)
- `curl`, `awk`, `sed`, `bash`
---
## 🧪 Simulated Environment
You can use `fake-zfs.sh` and `fake-zpool.sh` to simulate ZFS-like behavior in environments without ZFS installed. Metadata is saved to:
```
/home/user/scripts/zfs_meta.data
```
---
## 📂 Config File
A basic `admin.conf` will be generated automatically if missing. Example:
```bash
RCLONE_CMD="rclone"
RESTIC_CMD="restic"
ZFS="/home/user/scripts/fake-zfs.sh"
URL="https://tang.ia86.cc"
...
```
---
## 📝 License
This script is personal and provided **as is**. Use it at your own risk. Encryption is strong, but your **threat model matters**.
Reference in New Issue View Git Blame Copy Permalink