automatic-backup-scripts/README.md

# automatic-backup-scripts

Set of scripts to automatically make backups to a local and external target. Uses restic to make encrypted backup, and rsync to sync ther encrypted repository to an external source.

## What it does

There are two scripts included in this repository: `backup.sh` and `setup-repo.sh`. `setup-repo.sh` is purely a convenience script that automatically created a UUID and password for a directory of choice, while `backup.sh` is meant to be run periodically setup as a `cron`-job. You might need to use the `root`-users `crontab` for this (i.e. `sudo crontab -e`) if you attempt any read or write operations to directories that require `sudo` access. 

When setting up a repository using `setup-repo.sh`, the script will generate a UUID and password that YOU NEED TO STORE SOMEWHERE. The reason it uses a UUID is to obfuscate what it is on the external source (yes, security by obscurity is not a sound tactic, but it is part of the whole). But in order to get anything useful out of it when attempting a restore, you need both the password to decrypt the restic repository, and you need to know which directory is what. This setup script will make a directory for this repository on the external source (via ssh), and it will store the password, uuid and the location of the internal copy of the repository in files that conform to `$CONFIG_DIR/$SERVICE_password`, `_uuid` and `_repository`. Here `$CONFIG_DIR` is the directory where these config files will be stored, `$SERVICE` is the name of the directory to be backed up in lower case and with underscores instead of spaces (i.e. the directory "All Your Base" will yield files called `all_your_base_uuid`, `all_your_base_password` and `all_your_base_repository` inside the `$CONFIG`-folder. 

The backup script `backup.sh` will first make a backup using restic to a local copy, stored in the location specified in `$SERVICE_repository`. It will then use rsync to push this repository to the external source via ssh. It redirects the output from these processes to a log file.

The scripts relies on ssh-access through an ssh-key. If you have password authentication only, the scripts will hang here.


## How to use

Set up an `.env`-file (use `.env-template` as a starting point). This file specifies the external parameters, such as the user and address of the external storage and port on which ssh is available.

### Setting up a repository

Call `setup-repo.sh` with:

```shell
bash setup-repo.sh -i /path/to/directory/to/backup -c /path/to/directory/that/contains/configs -o /path/to/directory/that/stores/internal/copy
```

This will create the required directories.

### Making a backup

Call `backup.sh` with:

```shell
bash back.sh -i /path/to/directory/to/backup -c /path/to/directory/that/contains/configs -l /path/to/directory/containing/output/logs
```

### Making the scripts executable
Initial commit 2025-09-25 20:31:40 +00:00			`# automatic-backup-scripts`

Update README.md (still out of date though) 2025-10-01 20:19:51 +02:00			`Set of scripts to automatically make backups to a local and external target. Uses restic to make encrypted backup, and rsync to sync ther encrypted repository to an external source.`

			`## What it does`

			There are two scripts included in this repository: `backup.sh` and `setup-repo.sh`. `setup-repo.sh` is purely a convenience script that automatically created a UUID and password for a directory of choice, while `backup.sh` is meant to be run periodically setup as a `cron`-job. You might need to use the `root`-users `crontab` for this (i.e. `sudo crontab -e`) if you attempt any read or write operations to directories that require `sudo` access.

			When setting up a repository using `setup-repo.sh`, the script will generate a UUID and password that YOU NEED TO STORE SOMEWHERE. The reason it uses a UUID is to obfuscate what it is on the external source (yes, security by obscurity is not a sound tactic, but it is part of the whole). But in order to get anything useful out of it when attempting a restore, you need both the password to decrypt the restic repository, and you need to know which directory is what. This setup script will make a directory for this repository on the external source (via ssh), and it will store the password, uuid and the location of the internal copy of the repository in files that conform to `$CONFIG_DIR/$SERVICE_password`, `_uuid` and `_repository`. Here `$CONFIG_DIR` is the directory where these config files will be stored, `$SERVICE` is the name of the directory to be backed up in lower case and with underscores instead of spaces (i.e. the directory "All Your Base" will yield files called `all_your_base_uuid`, `all_your_base_password` and `all_your_base_repository` inside the `$CONFIG`-folder.

			The backup script `backup.sh` will first make a backup using restic to a local copy, stored in the location specified in `$SERVICE_repository`. It will then use rsync to push this repository to the external source via ssh. It redirects the output from these processes to a log file.

			`The scripts relies on ssh-access through an ssh-key. If you have password authentication only, the scripts will hang here.`


			`## How to use`

			Set up an `.env`-file (use `.env-template` as a starting point). This file specifies the external parameters, such as the user and address of the external storage and port on which ssh is available.

			`### Setting up a repository`

			Call `setup-repo.sh` with:

			```shell
			`bash setup-repo.sh -i /path/to/directory/to/backup -c /path/to/directory/that/contains/configs -o /path/to/directory/that/stores/internal/copy`
			```

			`This will create the required directories.`

			`### Making a backup`

			Call `backup.sh` with:

			```shell
			`bash back.sh -i /path/to/directory/to/backup -c /path/to/directory/that/contains/configs -l /path/to/directory/containing/output/logs`
			```

			`### Making the scripts executable`