chore: Add ssh scripts
This commit is contained in:
parent
c7ad95cd1f
commit
06ecaec729
GPG key ID:
38297DE43F75FFE2
3 changed files with 342 additions and 0 deletions
113
scripts/vaultwarden/backup-database-ssh.sh
Executable file
113
scripts/vaultwarden/backup-database-ssh.sh
Executable file
|
|
@ -0,0 +1,113 @@
|
|||
#!/bin/bash
|
||||
# Backup a remote Vaultwarden database using ssh.
|
||||
# Usage: backup-database [OPTIONS] <remote> <destination>
|
||||
|
||||
usage() {
|
||||
>&2 printf "Usage: %s <remote host> <destination>\n" "${0}"
|
||||
>&2 printf "It is assumed that the machine has passwordless access to the remote host.\n\n"
|
||||
>&2 printf "Options:\n"
|
||||
>&2 printf "\t-e \t Specify the environment file to use\n"
|
||||
>&2 printf "\t-h \t Show this message\n"
|
||||
exit "${1:-1}"
|
||||
}
|
||||
|
||||
# Get options
|
||||
|
||||
while getopts ":e:h" option; do
|
||||
case "${option}" in
|
||||
e)
|
||||
env_file="${OPTARG}"
|
||||
;;
|
||||
h)
|
||||
usage
|
||||
;;
|
||||
*)
|
||||
>&2 printf "Error: Invalid option: '%s'.\n" "${option}"
|
||||
usage
|
||||
;;
|
||||
esac
|
||||
done
|
||||
shift $(( OPTIND - 1 ))
|
||||
|
||||
# Check arguments
|
||||
|
||||
if [ $# -ne 2 ]; then
|
||||
>&2 printf "Error: You need to specify a destination and a remote host.\n"
|
||||
usage
|
||||
elif ! [ -d "${2}" ]; then
|
||||
>&2 printf "Error: Specified destination does not exist or is not readable : '%s'.\n" "${2}"
|
||||
usage
|
||||
else
|
||||
remote="${1}"
|
||||
local_destination="${2}"
|
||||
fi
|
||||
|
||||
# Abort entire script if any command fails
|
||||
set -e
|
||||
|
||||
# Test if environment file on remote exists.
|
||||
if ! ssh "${remote}" "test -f '${env_file:=.env}'"; then
|
||||
>&2 printf "Error: Environment file does not exist: '%s'.\n" "${env_file}"
|
||||
>&2 printf " Consider using the option '-e' to specify the correct environment file.\n"
|
||||
>&2 printf "Debug: PWD: '%s'.\n" "$(ssh "${remote}" 'pwd')"
|
||||
usage 2
|
||||
elif ! ssh "${remote}" "test -r '${env_file:=.env}'"; then
|
||||
>&2 printf "Error: Environment file is not readable: '%s'.\n" "${env_file}"
|
||||
>&2 printf " Make sure the user you are using connect as has access to the file.\n"
|
||||
usage 2
|
||||
fi
|
||||
|
||||
backupfile="vaultwarden_$( date +'%Y%m%d' ).tar.gz"
|
||||
|
||||
# Check if the script would override existing files.
|
||||
if [ -e "${local_destination}/${backupfile}" ]; then
|
||||
>&2 printf "Warning: The backup file '%s' already exists. Not overwriting.\n" "${local_destination}/${backupfile}"
|
||||
|
||||
while [[ -e "${local_destination}/${backupfile}" ]]; do
|
||||
backupfile="${backupfile%.tar.gz}_bis${counter:=1}.tar.gz"
|
||||
((counter++))
|
||||
done
|
||||
|
||||
>&2 printf "Warning: Using '%s' as a safe alternative backup file.\n" "${local_destination}/${backupfile}"
|
||||
fi
|
||||
|
||||
# Database backup
|
||||
|
||||
base_container='vaultwarden'
|
||||
database_container='vaultwarden-db'
|
||||
|
||||
# Create a temporary destination on remote host.
|
||||
remote_destination="$( ssh "${remote}" 'mktemp -d' )"
|
||||
printf "Debug: Using '%s' as a remote temporary directory.\n" "${remote_destination}"
|
||||
|
||||
# Filename for database backup
|
||||
database_backupfile="sqlbkp.bak"
|
||||
remote_database_backupfile="${remote_destination}/${database_backupfile}"
|
||||
|
||||
# Create backup file in docker container
|
||||
echo 'Info: Backing up database'
|
||||
ssh "${remote}" "docker exec --env-file '${env_file}' '${database_container}' pg_dump 'vaultwarden' -cwv -U 'vaultwarden' -h 'localhost' > '${remote_database_backupfile}'"
|
||||
# Restore using:
|
||||
# psql -U vaultwarden -h localhost -d vaultwarden -f "path/to/file"
|
||||
|
||||
# Files backup
|
||||
for file in 'attachments' 'sends' 'rsa_key.pem' 'rsa_key.pub.pem'; do # 'config.json'
|
||||
printf "Info: Copying %s\n" "${file}"
|
||||
ssh "${remote}" "docker cp -a '${base_container}:/data/${file}' '${remote_destination}'"
|
||||
done
|
||||
|
||||
# Copy everything over to local machine.
|
||||
echo 'Info: Copying to local machine.'
|
||||
ssh "${remote}" "tar -czf '${remote_destination}/${backupfile}' --exclude=${backupfile} ${remote_destination}"
|
||||
scp "${remote}:${remote_destination}/${backupfile}" "${local_destination}"
|
||||
|
||||
# Remove temporary destination on remote host.
|
||||
printf "Debug: Cleaning up '%s' on %s.\n" "${remote_destination}" "${remote}"
|
||||
ssh "${remote}" "rm -rf ${remote_destination}"
|
||||
|
||||
# Backup cleanup
|
||||
# Only keep 30 days of backups, seems about right.
|
||||
printf "Info: Cleaning up old database backups in '%s'\n" "${local_destination}"
|
||||
find "${local_destination}" -name 'vaultwarden_*.tar.gz' -type f -mtime +30 -print -delete
|
||||
|
||||
echo 'Done'
|
||||
Loading…
Add table
Add a link
Reference in a new issue