#!/bin/bash
# Backup a remote Vaultwarden database using ssh.
# Usage: backup-database [OPTIONS] <remote> <destination>

usage() {
    >&2 printf "Usage: %s <remote host> <destination>\n" "${0}"
    >&2 printf "It is assumed that the machine has passwordless access to the remote host.\n\n"
    >&2 printf "Options:\n"
    >&2 printf "\t-e \t Specify the environment file to use\n"
    >&2 printf "\t-h \t Show this message\n"
    exit "${1:-1}"
}

# Get options

while getopts ":e:h" option; do
    case "${option}" in
        e)
            env_file="${OPTARG}"
            ;;
        h)
            usage
            ;;
        *)
            >&2 printf "Error: Invalid option: '%s'.\n" "${option}"
            usage
            ;;
    esac
done
shift $(( OPTIND - 1 ))

# Check arguments

if [ $# -ne 2 ]; then
    >&2 printf "Error: You need to specify a destination and a remote host.\n"
    usage
elif ! [ -d "${2}" ]; then
    >&2 printf "Error: Specified destination does not exist or is not readable : '%s'.\n" "${2}"
    usage
else
    remote="${1}"
    local_destination="${2}"
fi

# Abort entire script if any command fails
set -e

# Test if environment file on remote exists.
if ! ssh "${remote}" "test -f '${env_file:=.env}'"; then
    >&2 printf "Error: Environment file does not exist: '%s'.\n" "${env_file}"
    >&2 printf "       Consider using the option '-e' to specify the correct environment file.\n"
    >&2 printf "Debug: PWD: '%s'.\n" "$(ssh "${remote}" 'pwd')"
    usage 2
elif ! ssh "${remote}" "test -r '${env_file:=.env}'"; then
    >&2 printf "Error: Environment file is not readable: '%s'.\n" "${env_file}"
    >&2 printf "       Make sure the user you are using connect as has access to the file.\n"
    usage 2
fi

backupfile="vaultwarden_$( date +'%Y%m%d' ).tar.gz"

# Check if the script would override existing files.
if [ -e "${local_destination}/${backupfile}" ]; then
    >&2 printf "Warning: The backup file '%s' already exists. Not overwriting.\n" "${local_destination}/${backupfile}"

    while [[ -e "${local_destination}/${backupfile}" ]]; do
        backupfile="${backupfile%.tar.gz}_bis${counter:=1}.tar.gz"
        ((counter++))
    done

    >&2 printf "Warning: Using '%s' as a safe alternative backup file.\n" "${local_destination}/${backupfile}"
fi

# Database backup

base_container='vaultwarden'
database_container='vaultwarden-db'

# Create a temporary destination on remote host.
remote_destination="$( ssh "${remote}" 'mktemp -d' )"
printf "Debug: Using '%s' as a remote temporary directory.\n" "${remote_destination}"

# Filename for database backup
database_backupfile="sqlbkp.bak"
remote_database_backupfile="${remote_destination}/${database_backupfile}"

# Create backup file in docker container
echo 'Info: Backing up database'
ssh "${remote}" "docker exec --env-file '${env_file}' '${database_container}' pg_dump 'vaultwarden' -cwv  -U 'vaultwarden' -h 'localhost' > '${remote_database_backupfile}'"
# Restore using:
# psql -U vaultwarden -h localhost -d vaultwarden -f "path/to/file"

# Files backup
for file in 'attachments' 'sends' 'rsa_key.pem' 'rsa_key.pub.pem'; do  # 'config.json'
    printf "Info: Copying %s\n" "${file}"
    ssh "${remote}" "docker cp -a '${base_container}:/data/${file}' '${remote_destination}'"
done

# Copy everything over to local machine.
echo 'Info: Copying to local machine.'
ssh "${remote}" "tar -czf '${remote_destination}/${backupfile}' --exclude=${backupfile} ${remote_destination}"
scp "${remote}:${remote_destination}/${backupfile}" "${local_destination}"

# Remove temporary destination on remote host.
printf "Debug: Cleaning up '%s' on %s.\n" "${remote_destination}" "${remote}"
ssh "${remote}" "rm -rf ${remote_destination}"

# Backup cleanup
# Only keep 30 days of backups, seems about right.
printf "Info: Cleaning up old database backups in '%s'\n" "${local_destination}"
find "${local_destination}" -name 'vaultwarden_*.tar.gz' -type f -mtime +30 -print -delete

echo 'Done'