initial commit

10 files changed, 170 insertions, 0 deletions

diff --git a/backups.d/database.sh b/backups.d/database.sh
new file mode 100755
index 0000000..016d8e6
--- /dev/null
+++ b/backups.d/database.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+# This script is used by the CRON Daemon to launch automated backups via the Restic backup utility
+
+
+# Load restic varibles
+source /etc/restic.d/linode.conf
+
+# Perform database backup
+mysqldump --all-databases | restic backup \
+	"$RESTIC_COMMON_OPTS" \
+	--tag database \
+	--stdin --stdin-filename mariadb_dump.sql
+
diff --git a/backups.d/sysconf.sh b/backups.d/sysconf.sh
new file mode 100755
index 0000000..88b175b
--- /dev/null
+++ b/backups.d/sysconf.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+# This script is used by the CRON Daemon to launch automated backups via the Restic backup utility
+
+
+# Load restic varibles
+source /etc/restic.d/backblaze.conf
+
+# Perform system configuration backup
+restic backup \
+	"$RESTIC_COMMON_OPTS" \
+	--tag sysconf \
+	/etc
diff --git a/backups.d/userdata.sh b/backups.d/userdata.sh
new file mode 100755
index 0000000..2d7ba1d
--- /dev/null
+++ b/backups.d/userdata.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+# This script is used by the CRON Daemon to launch automated backups via the Restic backup utility
+
+
+# Load restic varibles
+source /etc/restic.d/backblaze.conf
+
+# Perform userdata backup
+restic backup \
+	"$RESTIC_COMMON_OPTS" \
+	--tag userdata \
+	/var/www/vhosts /var/mail /var/qmail/mailnames /var/spool/cron \
+	--exclude="/var/www/vhosts/*/httpdocs/components/com_virtuemart/shop_image/mfgs/cache/*" \
+	--exclude="/var/www/vhosts/*/httpdocs/includes/STN/locks/*" \
+	--exclude="/var/www/vhosts/*/logs/*" \
+	--exclude="/var/www/vhosts/system/*/logs/*" 
diff --git a/checkups.d/backblaze.sh b/checkups.d/backblaze.sh
new file mode 100755
index 0000000..9581082
--- /dev/null
+++ b/checkups.d/backblaze.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+
+# This script is used by the CRON Daemon to check backups for consistency
+# and optionally integrity via the Restic backup utility
+
+
+# Load restic variables
+source /etc/restic.d/linode.conf
+
+# WARNING: Checking the backup integrity can be a costly procedure when using
+# cloud data storage. This is because in order to verify integrity we must
+# download the blobs and verify them. If the cloud storage provider charges
+# more for download than upload (e.g, Cold Storage Plan) this can rack up
+# expenses very quickly.
+#
+# Thankfully this does not need to be done very often BUT IT STILL NEEDS TO
+# BE DONE. You wouldn't want to have your backups not working when you
+# actually need to restore something would you? This does not normally need
+# to be done very often, but if you would rather have the checks
+# only perform consistency checking, not integrity checks you can remove
+# the '--read-data' from the command.
+
+# NOTE: When repositories get fairly large checking them can generate large
+# cache directories. It can also take a very long time to complete. Because
+# of this we split the operation into 255 parts that run individually.
+
+# Check backup repository consistency (and integrity if --read-data is used)
+counter=1
+while [ "$counter" -le 255 ] ; do
+	restic check \
+		"$RESTIC_COMMON_OPTS" \
+		--read-data-subset="$counter""/""255"  \
+		--read-data 
+	((counter++))
+done
diff --git a/checkups.d/linode.sh b/checkups.d/linode.sh
new file mode 100755
index 0000000..5bc4fbe
--- /dev/null
+++ b/checkups.d/linode.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+
+# This script is used by the CRON Daemon to check backups for consistency
+# and optionally integrity via the Restic backup utility
+
+
+# Load restic variables
+source /etc/restic.d/backblaze.conf
+
+# WARNING: Checking the backup integrity can be a costly procedure when using
+# cloud data storage. This is because in order to verify integrity we must
+# download the blobs and verify them. If the cloud storage provider charges
+# more for download than upload (e.g, Cold Storage Plan) this can rack up
+# expenses very quickly.
+#
+# Thankfully this does not need to be done very often BUT IT STILL NEEDS TO
+# BE DONE. You wouldn't want to have your backups not working when you
+# actually need to restore something would you? This does not normally need
+# to be done very often, but if you would rather have the checks
+# only perform consistency checking, not integrity checks you can remove
+# the '--read-data' from the command.
+
+# NOTE: When repositories get fairly large checking them can generate large
+# cache directories. It can also take a very long time to complete. Because
+# of this we split the operation into 255 parts that run individually.
+
+# Check backup repository consistency (and integrity if --read-data is used)
+counter=1
+while [ "$counter" -le 255 ] ; do
+	restic check \
+		"$RESTIC_COMMON_OPTS" \
+		--read-data-subset="$counter""/""255"  \
+		--read-data 
+	((counter++))
+done
diff --git a/cleanup.d/backblaze.conf b/cleanup.d/backblaze.conf
new file mode 100755
index 0000000..c7f006e
--- /dev/null
+++ b/cleanup.d/backblaze.conf
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+# This script is used by the CRON Daemon to prune backups via the Restic backup utility
+
+# Load restic varibles
+source /etc/restic.d/backblaze.conf
+
+# Delete backups according to policy
+restic forget \
+	"$RESTIC_COMMON_OPTS" \
+	--prune \
+	--keep-daily 30 \
+	--keep-weekly 52 \
+	--keep-monthly 3 \
+	--keep-yearly 4
diff --git a/cleanup.d/linode.conf b/cleanup.d/linode.conf
new file mode 100755
index 0000000..0035a24
--- /dev/null
+++ b/cleanup.d/linode.conf
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+# This script is used by the CRON Daemon to prune backups via the Restic backup utility
+
+# Load restic varibles
+source /etc/restic.d/linode.conf
+
+# Delete backups according to policy
+restic forget \
+	"$RESTIC_COMMON_OPTS" \
+	--prune \
+	--keep-daily 30 \
+	--keep-weekly 52 \
+	--keep-monthly 3 \
+	--keep-yearly 4
diff --git a/cron_templates/crontab b/cron_templates/crontab
new file mode 100644
index 0000000..0451726
--- /dev/null
+++ b/cron_templates/crontab
@@ -0,0 +1,5 @@
+MAILTO="root,noc@domain.tld"
+#Run backup scripts
+0       3       *       *       *       bash /etc/restic.d/backups.d/*.sh | tee >>/var/log/restic.log 1>/dev/null
+0       0       1       *       *       bash /etc/restic.d/cleanup.d/*.sh | tee >>/var/log/restic.log
+0       19      2       */3     *       bash /etc/restic.d/checkup.d/*.sh | tee >>/var/log/restic.log
diff --git a/repos.d/backblaze.conf b/repos.d/backblaze.conf
new file mode 100644
index 0000000..e4e40aa
--- /dev/null
+++ b/repos.d/backblaze.conf
@@ -0,0 +1,9 @@
+#!/bin/bash
+# Repository Configuration
+export B2_ACCOUNT_KEY=""
+export B2_ACCOUNT_ID=""
+export RESTIC_REPOSITORY="b2:"
+
+export RESTIC_PASSWORD=""
+
+export RESTIC_COMMON_OPTS="-o b2.connections=45 --cache-dir=/var/cache/restic"
diff --git a/repos.d/linode.conf b/repos.d/linode.conf
new file mode 100644
index 0000000..3d6f6c1
--- /dev/null
+++ b/repos.d/linode.conf
@@ -0,0 +1,12 @@
+#!/bin/bash
+# MiniIO (AWS S3 API Compatible)
+
+# Object Storage Configuration
+export AWS_ACCESS_KEY_ID=""
+export AWS_SECRET_ACCESS_KEY=""
+
+# Repository Configuration
+export RESTIC_REPOSITORY="s3:us-east-1.linodeobjects.com/"
+export RESTIC_PASSWORD=""
+
+export RESTIC_COMMON_OPTS="--cache-dir=/var/cache/restic"