perso/backup-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
backup-scripts/README.md
Nicolas Hordé 6a6eae367b First commit
2025-04-16 08:16:09 +00:00

2.8 KiB
Raw Blame History

🛠️ admin.sh — Smart Admin CLI for Backups & Sync

A powerful admin helper script to manage cloud backups (via Restic) and syncs (via Rclone) using encrypted credentials with Tang and ZFS metadata emulation.

📦 Features

  • 🔐 Secure credential storage via Tang + Clevis
  • ☁️ Cloud sync to pCloud using Rclone
  • 📦 Cloud backup using Restic
  • ⚙️ Configuration stored in extended attributes (ZFS-style)
  • 🔑 Decryption/encryption with clevis and jose tools
  • 🪪 Fake ZFS & Zpool compatibility
  • 📂 Temporary mount in RAM for config isolation
  • 🔄 Dry-run & full sync support
  • 🔍 Encrypted credential introspection
  • 📊 Detailed logging for sync and backup tasks

🚀 Usage

./admin.sh [command] [arguments]

📋 Commands

🔧 Configuration

admin.sh config

Interactively set or update encrypted credentials and cloud paths.

☁️ Cloud Sync (Rclone)

admin.sh sync <zfs_dataset> [now|dryrun|copy|view|ls|check]
  • now Real-time sync to cloud
  • dryrun Simulation only
  • copy Download specific item from cloud
  • view Browse cloud storage interactively
  • ls List all cloud files
  • check Verify data consistency

🧰 Cloud Backup (Restic)

admin.sh backup <zfs_dataset> [init|view|ls|check|now|prune|remove|unlock]
  • init Initialize remote repository
  • now Backup now (with retention)
  • view List snapshots
  • ls Show files in snapshot
  • check Integrity check
  • prune Clean old snapshots
  • remove Delete a specific snapshot
  • unlock Unlock repository

🔐 Encryption / Decryption

admin.sh tangcrypt
admin.sh tangdecrypt
  • tangcrypt Encrypt stdin using Tang
  • tangdecrypt Decrypt stdin

🧠 How it works

  • Uses ZFS metadata (or simulated .data file) to manage configurations per dataset
  • Mounts temporary RAMFS (/mnt/usb) to store decrypted rclone.conf
  • Invokes external tools:
    • rclone
    • restic
    • jose
    • clevis
  • Credentials are encrypted and decrypted on the fly

📁 Required Dependencies

  • rclone
  • restic
  • clevis
  • jose (CLI)
  • curl, awk, sed, bash

🧪 Simulated Environment

You can use fake-zfs.sh and fake-zpool.sh to simulate ZFS-like behavior in environments without ZFS installed. Metadata is saved to:

/home/user/scripts/zfs_meta.data

📂 Config File

A basic admin.conf will be generated automatically if missing. Example:

RCLONE_CMD="rclone"
RESTIC_CMD="restic"
ZFS="/home/user/scripts/fake-zfs.sh"
URL="https://tang.ia86.cc"
...

📝 License

This script is personal and provided as is. Use it at your own risk. Encryption is strong, but your threat model matters.