From dc37b97e919e67935b0bc44452b05b941d5556f8 Mon Sep 17 00:00:00 2001
From: Tibo De Peuter <tibo.depeuter@gmail.com>
Date: Tue, 10 Oct 2023 22:36:57 +0200
Subject: [PATCH] Move and improve vaultwarden backup

---
 backups/create_vaultwarden_backup.sh   | 36 ------------
 scripts/vaultwarden/backup_database.sh | 77 ++++++++++++++++++++++++++
 2 files changed, 77 insertions(+), 36 deletions(-)
 delete mode 100755 backups/create_vaultwarden_backup.sh
 create mode 100755 scripts/vaultwarden/backup_database.sh

diff --git a/backups/create_vaultwarden_backup.sh b/backups/create_vaultwarden_backup.sh
deleted file mode 100755
index 652da10..0000000
--- a/backups/create_vaultwarden_backup.sh
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/bin/bash
-# Backup script for Vaultwarden in a kubernetes cluster
-
-BACKUP_DEST='/mnt/PRIVATE_DOCS/BACKUPS/vaultwarden'
-PASSFILE='./vaultwarden_pass.txt'
-
-# Create filename for database
-database_backupfile="vaultwarden-sqlbkp_$(date +'%Y%m%d').bak"
-
-# Retrieve container names
-base_container="$( docker ps --format '{{.Names}}' | grep vaultwarden_vaultwarden )"
-database_container="$( docker ps --format '{{.Names}}' | grep vaultwarden-postgresql_vaultwarden-postgresql )"
-
-# Abort entire script if any command fails
-set -e
-
-# Database backup
->&2 echo 'Backing up database'
-internal_database_backupfile="/tmp/${database_backupfile}"
-# Create backup file in docker container
-docker exec --env-file "${PASSFILE}" "${database_container}" pg_dump 'vaultwarden' -cwv -h 'localhost' -U 'vaultwarden' -f "${internal_database_backupfile}"
-# Copy backup outside container
-docker cp "${database_container}":"${internal_database_backupfile}" "${BACKUP_DEST}"
-
-# Files backup
-for file in 'attachments' 'sends' 'config.json' 'rsa_key.pem' 'rsa_key.pub.pem'; do
-	>&2 printf 'Copying %s\n' "${file}"
-	docker cp -a "${base_container}":"/data/${file}" "${BACKUP_DEST}"
-done
-
-# Backup cleanup
-# Only keep 30 days of backups, seems about right.
->&2 echo 'Cleaning up old database backups'
-find "${BACKUP_DEST}" -name '*sqlbkp*' -type f -mtime +30 -print -delete
-
->&2 echo 'Done'
diff --git a/scripts/vaultwarden/backup_database.sh b/scripts/vaultwarden/backup_database.sh
new file mode 100755
index 0000000..0b0c640
--- /dev/null
+++ b/scripts/vaultwarden/backup_database.sh
@@ -0,0 +1,77 @@
+#!/bin/bash
+# Backup Vaultwarden database in a Kubernetes environment.
+# Usage: backup-database [OPTIONS] <destination>
+
+usage() {
+    >&2 printf "Usage: %s <destination>\n" "${0}"
+    >&2 printf "Options:\n"
+    >&2 printf "\t-e \t Specify the environment file to use\n"
+    exit "${1:-1}"
+}
+
+# Get options
+
+while getopts ":e:" option; do
+    case "${option}" in
+        e)
+            if ! [ -f "${OPTARG}" ]; then
+                >&2 printf "Error: Specified environment file does not exist: '%s'.\n" "${OPTARG}"
+            elif ! [ -r "${OPTARG}" ]; then
+                >&2 printf "Error: Specified environment file is not readable: '%s'.\n" "${OPTARG}"
+            fi
+            env_file="${OPTARG}"
+            ;;
+        *)
+            >&2 printf "Error: Invalid option: '%s'.\n" "${option}"
+            usage
+            ;;
+    esac
+done
+shift $(( OPTIND - 1 ))
+
+# Check arguments
+
+if [ $# -ne 1 ]; then
+    >&2 printf "Error: You need to specify a destination.\n"
+    usage
+elif ! [ -d "${1}" ]; then
+    >&2 printf "Error: Specified destination does not exist or is not readable : '%s'.\n" "${1}"
+    usage
+else
+    destination="${1}"
+fi
+
+# Retrieve container names
+base_container="$( docker ps --format '{{.Names}}' | grep -E 'vaultwarden-2_vaultwarden-2-[0-9a-z]{10}-[0-9a-z]{5}' )"
+database_container="$( docker ps --format '{{.Names}}' | grep postgres_vaultwarden-2-cnpg-main-1 )"
+
+if ! [[ -n "${base_container}" && -n "${database_container}" ]]; then
+    >&2 printf "Error: Not all containers could be found.\n"
+    exit 2
+fi
+
+# Abort entire script if any command fails
+set -e
+
+# Database backup
+
+# Filename for database backup
+database_backupfile="vaultwarden-sqlbkp_$(date +'%Y%m%d').bak"
+host_database_backupfile="${destination}/${database_backupfile}"
+
+# Create backup file in docker container
+echo 'Backing up database'
+docker exec --env-file "${env_file:=.env}" "${database_container}" pg_dump 'vaultwarden' -cwv -h 'localhost' -U 'vaultwarden' > "${host_database_backupfile}"
+
+# Files backup
+for file in 'attachments' 'sends' 'rsa_key.pem' 'rsa_key.pub.pem'; do  # 'config.json'
+    printf 'Copying %s\n' "${file}"
+    docker cp -a "${base_container}":"/data/${file}" "${destination}"
+done
+
+# Backup cleanup
+# Only keep 30 days of backups, seems about right.
+echo 'Cleaning up old database backups'
+find "${destination}" -name '*sqlbkp*' -type f -mtime +30 -print -delete
+
+echo 'Done'