Doubling down on safety in bash

backups/create_calibre-web_backup.sh

@@ -1,19 +1,33 @@
 #!/bin/bash
 # Backup script for Calibre-web in a kubernetes cluster
 
-BACKUP_DEST="/mnt/PRIVATE_DOCS/BACKUPS/calibre-web"
-DATABASE_FILE="/config/app.db"
+BACKUP_DEST='/mnt/PRIVATE_DOCS/BACKUPS/calibre-web'
+DATABASE_FILE='/config/app.db'
 
-backup_filename="calibre-web-app_$(date +'%Y%m%d').db"
+# Create filename for database backup
+database_backupfile="calibre-web-app_$(date +'%Y%m%d').db"
 
 # Retrieve container name
-base_container=$( docker ps --format "{{.Names}}" | grep tkioskje-calibre-web_tkioskje-calibre-web )
+base_container="$( docker ps --format '{{.Names}}' | grep tkioskje-calibre-web_tkioskje-calibre-web )"
 
 # Abort entire script if any command fails
 set -e
 
 # Database backup
->&2 echo "Backing up database"
-docker cp "${base_container}":"${DATABASE_FILE}" "${BACKUP_DEST}/${backup_filename}"
+>&2 echo 'Backing up database'
+docker cp "${base_container}":"${DATABASE_FILE}" "${BACKUP_DEST}/${database_backupfile}"
 
->&2 echo "Done"
+# Backup cleanup
+# Only keep 30 most recent backups
+>&2 echo 'Cleaning up old database backups'
+pushd "${BACKUP_DEST}"
+excess="$( ls -x  | head -n -30 )"
+if [ -n "${excess}" ]; then
+	>&2 echo "Removing ${excess}"
+	rm "${excess}"
+else
+	>&2 echo 'Skipping: nothing to remove'
+fi
+popd
+
+>&2 echo 'Done'

backups/create_vaultwarden_backup.sh

@@ -1,26 +1,29 @@
 #!/bin/bash
 # Backup script for Vaultwarden in a kubernetes cluster
 
-BACKUP_DEST="/mnt/PRIVATE_DOCS/BACKUPS/vaultwarden"
-PASSFILE="./vaultwarden_pass.txt"
+BACKUP_DEST='/mnt/PRIVATE_DOCS/BACKUPS/vaultwarden'
+PASSFILE='./vaultwarden_pass.txt'
 
-BACKUP_FILENAME=vaultwarden-sqlbkp_`date +"%Y%m%d"`.bak
+# Create filename for database
+database_backupfile="vaultwarden-sqlbkp_$(date +'%Y%m%d').bak"
 
 # Retrieve container names
-base_container=$( docker ps --format "{{.Names}}" | grep vaultwarden_vaultwarden )
-database_container=$( docker ps --format "{{.Names}}" | grep vaultwarden-postgresql_vaultwarden-postgresql )
+base_container="$( docker ps --format '{{.Names}}' | grep vaultwarden_vaultwarden )"
+database_container="$( docker ps --format '{{.Names}}' | grep vaultwarden-postgresql_vaultwarden-postgresql )"
 
 # Abort entire script if any command fails
 set -e
 
 # Database backup
->&2 echo "Backing up database"
-internal_backup="/tmp/${BACKUP_FILENAME}"
-docker exec --env-file "${PASSFILE}" "${database_container}" pg_dump "vaultwarden" -cwv -h "localhost" -U "vaultwarden" -f "${internal_backup}"
-docker cp "${database_container}":"${internal_backup}" "${BACKUP_DEST}"
+>&2 echo 'Backing up database'
+internal_database_backupfile="/tmp/${database_backupfile}"
+# Create backup file in docker container
+docker exec --env-file "${PASSFILE}" "${database_container}" pg_dump 'vaultwarden' -cwv -h 'localhost' -U 'vaultwarden' -f "${internal_database_backupfile}"
+# Copy backup outside container
+docker cp "${database_container}":"${internal_database_backupfile}" "${BACKUP_DEST}"
 
 # Files backup
-files=("attachments" "sends" "config.json" "rsa_key.pem" "rsa_key.pub.pem")
+files=('attachments' 'sends' 'config.json' 'rsa_key.pem' 'rsa_key.pub.pem')
 for file in "${files[@]}"; do
 	>&2 echo "Copying ${file}"
 	docker cp -a "${base_container}":"/data/${file}" "${BACKUP_DEST}"
@@ -28,11 +31,15 @@ done
 
 # Backup cleanup
 # Only keep the 30 most recent backups => probably a month worth of backups, seems about right.
+>&2 echo 'Cleaning up old database backups'
 pushd "${BACKUP_DEST}"
-rm $( ls -l |
-	grep sqlbkp |                            # Only cleanup database backups
-	sed -E 's/.*\s([a-z0-9_-]+\.bak)$/\1/' | # Take file part
-	head -n -30 )                            # Keep 30 backups
+excess="$( ls -1 | grep sqlbkp | head -n -30 )"
+if [ -n "${excess}" ]; then
+	>&2 echo "Removing ${excess}"
+	rm "${excess}"
+else
+	>&2 echo 'Skipping: nothing to remove'
+fi
 popd
 
->&2 echo "Done"
+>&2 echo 'Done'