chore: Add ssh scripts

scripts/gitea/backup-database-ssh.sh

@@ -0,0 +1,117 @@
+#!/bin/bash
+# Backup a remote Gitea database running in docker using ssh
+# Usage: backup-database [OPTIONS] <remote> <destination>
+
+# `gitea dump` is a mess that we should not touch. We write our own backup scripts instead.
+#
+usage() {
+    >&2 printf "Usage: %s <remote host> <destination>\n" "${0}"
+    >&2 printf "It is assumed that the machine has passwordless access to the remote host.\n\n"
+    >&2 printf "Options:\n"
+    >&2 printf "\t-e \t Specify the environment file to use\n"
+    >&2 printf "\t-h \t Show this message\n"
+    exit "${1:-1}"
+}
+
+# Get options
+
+while getopts ":e:h" option; do
+    case "${option}" in
+        e)
+            env_file="${OPTARG}"
+            ;;
+        h)
+            usage
+            ;;
+        *)
+            >&2 printf "Error: Invalid option: '%s'.\n" "${option}"
+            usage
+            ;;
+    esac
+done
+shift $(( OPTIND - 1 ))
+
+# Check arguments.
+
+if [ $# -ne 2 ]; then
+    >&2 printf "Error: You need to specify a destination and a remote host.\n"
+    usage
+elif ! [ -d "${2}" ]; then
+    >&2 printf "Error: Specified destination does not exist or is not readable : '%s'.\n" "${2}"
+    usage
+else
+    remote="${1}"
+    local_destination="${2}"
+fi
+
+# Abort entire script if any command fails
+set -e
+
+# Test if environment file on remote exists.
+if ! ssh "${remote}" "test -f '${env_file:=.env}'"; then
+    >&2 printf "Error: Environment file does not exist: '%s'.\n" "${env_file}"
+    >&2 printf "       Consider using the option '-e' to specify the correct environment file.\n"
+    >&2 printf "Debug: PWD: '%s'.\n" "$(ssh "${remote}" 'pwd')"
+    usage 2
+elif ! ssh "${remote}" "test -r '${env_file:=.env}'"; then
+    >&2 printf "Error: Environment file is not readable: '%s'.\n" "${env_file}"
+    >&2 printf "       Make sure the user you are using connect as has access to the file.\n"
+    usage 2
+fi
+
+backupfile="nextcloud_$( date +'%Y%m%d' ).tar.gz"
+
+# Check if the script would override existing files.
+if [ -e "${local_destination}/${backupfile}" ]; then
+    >&2 printf "Warning: The backup file '%s' already exists. Not overwriting.\n" "${local_destination}/${backupfile}"
+
+    while [[ -e "${local_destination}/${backupfile}" ]]; do
+        backupfile="${backupfile%.tar.gz}_bis${counter:=1}.tar.gz"
+        ((counter++))
+    done
+
+    >&2 printf "Warning: Using '%s' as a safe alternative backup file.\n" "${local_destination}/${backupfile}"
+fi
+
+# Database backup
+
+# Retrieve container names
+base_container='gitea'
+database_container='gitea-db'
+
+# Create a temporary destination on remote host.
+remote_destination="$( ssh "${remote}" 'mktemp -d' )"
+printf "Debug: Using '%s' as a remote temporary directory.\n" "${remote_destination}"
+
+# Filename for database backup. 
+database_backupfile="sqlbkp.bak"
+remote_database_backupfile="${remote_destination}/${database_backupfile}"
+
+# Enable maintenance mode
+# Flush queues
+ssh "${remote}" "docker exec '${base_container}' gitea manager flush-queues"
+# TODO Pause queues
+
+# Create backup file in docker container
+echo 'Info: Backing up database'
+ssh "${remote}" "docker exec --env-file '${env_file}' '${database_container}' pg_dump 'gitea' -cwv  -U 'gitea' -h 'localhost' > '${remote_database_backupfile}'"
+# Restore using:
+# psql -U gitea -h localhost -d gitea -f "path/to/file"
+
+# Disable maintenance mode
+# TODO Continue queues
+
+# Double check
+# gitea doctor --all --log-file /tmp/doctor.log
+# TODO
+
+# Copy everything over to local machine.
+echo 'Info: Copying to local machine.'
+ssh "${remote}" "tar -czf '${remote_destination}/${backupfile}' --exclude=${backupfile} ${remote_destination}"
+scp "${remote}:${remote_destination}/${backupfile}" "${local_destination}"
+
+# Remove temporary destination on remote host.
+printf "Debug: Cleaning up '%s' on %s.\n" "${remote_destination}" "${remote}"
+ssh "${remote}" "rm -rf ${remote_destination}"
+
+echo 'Done'

scripts/nextcloud/backup-database-ssh.sh

@@ -0,0 +1,112 @@
+#!/bin/bash
+# Backup a remote Nextcloud database using ssh.
+# Usage: backup-database [OPTIONS] <destination>
+
+usage() {
+    >&2 printf "Usage: %s <remote> <destination>\n" "${0}"
+    >&2 printf "It is assumed that the machine has passwordless access to the remote host.\n\n"
+    >&2 printf "Options:\n"
+    >&2 printf "\t-e \t Specify the environment file to use\n"
+    >&2 printf "\t-h \t Show this message\n"
+    exit "${1:-1}"
+}
+
+# Get options
+
+while getopts ":e:h" option; do
+    case "${option}" in
+        e)
+            env_file="${OPTARG}"
+            ;;
+        h)
+            usage
+            ;;
+        *)
+            >&2 printf "Error: Invalid option: '%s'.\n" "${option}"
+            usage
+            ;;
+    esac
+done
+shift $(( OPTIND - 1 ))
+
+# Check arguments.
+
+if [ $# -ne 2 ]; then
+    >&2 printf "Error: You need to specify a destination and a remote host.\n"
+    usage
+elif ! [ -d "${2}" ]; then
+    >&2 printf "Error: Specified destination does not exist or is not readable : '%s'.\n" "${1}"
+    usage
+else
+    remote="${1}"
+    local_destination="${2}"
+fi
+
+# Abort entire script if any command fails
+set -e
+
+if ! ssh "${remote}" "test -f '${env_file:=.env}'"; then
+    >&2 printf "Error: Environment file does not exist: '%s'.\n" "${env_file}"
+    >&2 printf "Debug: PWD: '%s'.\n" "$(ssh "${remote}" 'pwd')"
+    >&2 printf "       Consider using the option '-e' to specify the correct environment file.\n"
+    usage 2
+elif ! ssh "${remote}" "test -r '${env_file:=.env}'"; then
+    >&2 printf "Error: Environment file is not readable: '%s'.\n" "${env_file}"
+    >&2 printf "       Make sure the user you are using connect as has access to the file.\n"
+    usage 2
+fi
+
+backupfile="nextcloud_$(date +'%Y%m%d').tar.gz"
+
+# Check if the script would override existing files.
+if [ -e "${local_destination}/${backupfile}" ]; then
+    >&2 printf "Warning: The backup file '%s' already exists. Not overwriting.\n" "${local_destination}/${backupfile}"
+
+    while [[ -e "${local_destination}/${backupfile}" ]]; do
+        backupfile="${backupfile%.tar.gz}_bis${counter:=1}.tar.gz"
+        ((counter++))
+    done
+
+    >&2 printf "Warning: Using '%s' as a safe alternative backup file.\n" "${local_destination}/${backupfile}"
+fi
+
+# Database backup
+
+# Create a temporary destination on remote host.
+remote_destination="$( ssh "${remote}" 'mktemp -d' )"
+printf "Debug: Using '%s' as a remote temporary directory.\n" "${remote_destination}"
+
+# Filename for database backup
+database_backupfile='sqlbkp.bak'
+remote_database_backupfile="${remote_destination}/${database_backupfile}"
+
+# Turn on maintenance mode
+ssh "${remote}" 'sudo -u www-data /usr/bin/php /var/www/nextcloud/occ maintenance:mode --on'
+
+echo 'Info: Backing up database'
+ssh "${remote}" "source '${env_file}' && pg_dump 'nextcloud' -cwv -U 'nextcloud' -h 'localhost' > '${remote_database_backupfile}'"
+# Restore using:
+# psql -U nextcloud -h localhost -d nextcloud -f "path/to/file"
+
+# Files backup
+echo 'Info: Copying static files.'
+ssh "${remote}" "cp -a '/var/www/nextcloud/themes' '${remote_destination}'"
+
+# Turn off maintenance mode
+ssh "${remote}" 'sudo -u www-data /usr/bin/php /var/www/nextcloud/occ maintenance:mode --off'
+
+# Copy everything over to local machine.
+echo 'Info: Copying to local machine.'
+ssh "${remote}" "tar -czf '/tmp/${backupfile}' ${remote_destination}"
+scp "${remote}:/tmp/${backupfile}" "${local_destination}"
+
+# Remove temporary destination on remote host.
+printf "Debug: Cleaning up '%s' on %s.\n" "${remote_destination}" "${remote}"
+ssh "${remote}" "rm -rf ${remote_destination}"
+
+# Backup cleanup
+# Only keep 30 days of backups
+printf "Info: Cleaning up old database backups in '%s'\n" "${local_destination}"
+find "${local_destination}" -name 'nextcloud_*.tar.gz' -type f -mtime +30 -print -delete
+
+echo 'Done'

scripts/vaultwarden/backup-database-ssh.sh

@@ -0,0 +1,113 @@
+#!/bin/bash
+# Backup a remote Vaultwarden database using ssh.
+# Usage: backup-database [OPTIONS] <remote> <destination>
+
+usage() {
+    >&2 printf "Usage: %s <remote host> <destination>\n" "${0}"
+    >&2 printf "It is assumed that the machine has passwordless access to the remote host.\n\n"
+    >&2 printf "Options:\n"
+    >&2 printf "\t-e \t Specify the environment file to use\n"
+    >&2 printf "\t-h \t Show this message\n"
+    exit "${1:-1}"
+}
+
+# Get options
+
+while getopts ":e:h" option; do
+    case "${option}" in
+        e)
+            env_file="${OPTARG}"
+            ;;
+        h)
+            usage
+            ;;
+        *)
+            >&2 printf "Error: Invalid option: '%s'.\n" "${option}"
+            usage
+            ;;
+    esac
+done
+shift $(( OPTIND - 1 ))
+
+# Check arguments
+
+if [ $# -ne 2 ]; then
+    >&2 printf "Error: You need to specify a destination and a remote host.\n"
+    usage
+elif ! [ -d "${2}" ]; then
+    >&2 printf "Error: Specified destination does not exist or is not readable : '%s'.\n" "${2}"
+    usage
+else
+    remote="${1}"
+    local_destination="${2}"
+fi
+
+# Abort entire script if any command fails
+set -e
+
+# Test if environment file on remote exists.
+if ! ssh "${remote}" "test -f '${env_file:=.env}'"; then
+    >&2 printf "Error: Environment file does not exist: '%s'.\n" "${env_file}"
+    >&2 printf "       Consider using the option '-e' to specify the correct environment file.\n"
+    >&2 printf "Debug: PWD: '%s'.\n" "$(ssh "${remote}" 'pwd')"
+    usage 2
+elif ! ssh "${remote}" "test -r '${env_file:=.env}'"; then
+    >&2 printf "Error: Environment file is not readable: '%s'.\n" "${env_file}"
+    >&2 printf "       Make sure the user you are using connect as has access to the file.\n"
+    usage 2
+fi
+
+backupfile="vaultwarden_$( date +'%Y%m%d' ).tar.gz"
+
+# Check if the script would override existing files.
+if [ -e "${local_destination}/${backupfile}" ]; then
+    >&2 printf "Warning: The backup file '%s' already exists. Not overwriting.\n" "${local_destination}/${backupfile}"
+
+    while [[ -e "${local_destination}/${backupfile}" ]]; do
+        backupfile="${backupfile%.tar.gz}_bis${counter:=1}.tar.gz"
+        ((counter++))
+    done
+
+    >&2 printf "Warning: Using '%s' as a safe alternative backup file.\n" "${local_destination}/${backupfile}"
+fi
+
+# Database backup
+
+base_container='vaultwarden'
+database_container='vaultwarden-db'
+
+# Create a temporary destination on remote host.
+remote_destination="$( ssh "${remote}" 'mktemp -d' )"
+printf "Debug: Using '%s' as a remote temporary directory.\n" "${remote_destination}"
+
+# Filename for database backup
+database_backupfile="sqlbkp.bak"
+remote_database_backupfile="${remote_destination}/${database_backupfile}"
+
+# Create backup file in docker container
+echo 'Info: Backing up database'
+ssh "${remote}" "docker exec --env-file '${env_file}' '${database_container}' pg_dump 'vaultwarden' -cwv  -U 'vaultwarden' -h 'localhost' > '${remote_database_backupfile}'"
+# Restore using:
+# psql -U vaultwarden -h localhost -d vaultwarden -f "path/to/file"
+
+# Files backup
+for file in 'attachments' 'sends' 'rsa_key.pem' 'rsa_key.pub.pem'; do  # 'config.json'
+    printf "Info: Copying %s\n" "${file}"
+    ssh "${remote}" "docker cp -a '${base_container}:/data/${file}' '${remote_destination}'"
+done
+
+# Copy everything over to local machine.
+echo 'Info: Copying to local machine.'
+ssh "${remote}" "tar -czf '${remote_destination}/${backupfile}' --exclude=${backupfile} ${remote_destination}"
+scp "${remote}:${remote_destination}/${backupfile}" "${local_destination}"
+
+# Remove temporary destination on remote host.
+printf "Debug: Cleaning up '%s' on %s.\n" "${remote_destination}" "${remote}"
+ssh "${remote}" "rm -rf ${remote_destination}"
+
+# Backup cleanup
+# Only keep 30 days of backups, seems about right.
+printf "Info: Cleaning up old database backups in '%s'\n" "${local_destination}"
+find "${local_destination}" -name 'vaultwarden_*.tar.gz' -type f -mtime +30 -print -delete
+
+echo 'Done'