blob: ba83b57d46bafdd6d059db25fed0257963c2321f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
|
#!/bin/sh
DISTRIB=$(awk -F= '/^NAME/{print $2}' /etc/os-release)
echo $DISTRIB
if [[ ${DISTRIB} = "openSUSE Leap" ]]
then
read -p "Deploy Restic on this system? " -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]
then
zypper in -y restic libcap-progs
useradd -rUd /opt/restic -s /bin/false restic
mkdir /opt/restic
mkdir /etc/restic
chown restic:restic /opt/restic
chown restic:restic /etc/restic
chmod 700 /etc/restic
chmod 700 /opt/restic
setcap cap_dac_read_search=+ep /usr/bin/restic
cat <<'EOF' >/opt/restic/run.sh
#!/bin/bash
#/usr/bin/echo Executing Restic S3 Backup for $(hostname -f)
export RESTIC_REPOSITORY="s3:$S3PROTO://$S3HOST/$S3BUCKET"
export RESTIC_PASSWORD_FILE="$LIBPASS"
export AWS_ACCESS_KEY_ID="$S3AKI"
export AWS_SECRET_ACCESS_KEY="$S3SAK"
export RESTIC_CACHE_DIR="$CACHE"
EXCLUDE=".restic.excludes"
/usr/bin/restic --verbose backup --exclude-file="/etc/$EXCLUDE" /etc
echo "EXIT $?"
/usr/bin/restic --verbose backup --exclude-file="/home/$EXCLUDE" /home
echo "EXIT $?"
/usr/bin/restic --verbose backup --exclude-file="/opt/$EXCLUDE" /opt
echo "EXIT $?"
/usr/bin/restic --verbose backup --exclude-file="/srv/$EXCLUDE" /srv
echo "EXIT $?"
EOF
chown restic:restic /opt/restic/run.sh
chmod 700 /opt/restic/run.sh
touch /etc/.restic.excludes
cat <<'EOF' >/home/.restic.excludes
.snapshots
georg/stuff
EOF
cat <<'EOF' >/opt/.restic.excludes
.snapshots
node_exporter*
restic
EOF
cat <<'EOF' >/srv/.restic.excludes
.snapshots
EOF
cat <<'EOF' >/etc/cron.d/restic
# Cronjob for Restic Backup to Wasabi S3
# Created by deploy_restic.sh
# georg@lysergic.dev
MAILTO=system
SHELL=/bin/sh
0 20 * * Sun restic /opt/restic/run.sh |& mail -s "S3 Backup - $(hostname -f) - $(date)" ircsystem
EOF
echo OK
fi
else
echo "This is currently only compatible with SUSE nodes."
fi
|
