#!/bin/bash
# Backup script for Vaultwarden in a Kubernetes cluster

PROGRAM_NAME='backup_vaultwarden'
printlog () {
    printf '%s: %s\n' "${PROGRAM_NAME}" "${1}"
}

BACKUP_DEST='/mnt/PRIVATE_DOCS/BACKUPS/vaultwarden'
PASSFILE='./vaultwarden_pass.txt'

# Create filename for database
database_backupfile="vaultwarden-sqlbkp_$( date +'%Y%m%d' ).bak"

# Retrieve container names
base_container="$( docker ps --format '{{.Names}}' | grep vaultwarden_vaultwarden )"
database_container="$( docker ps --format '{{.Names}}' | grep vaultwarden-postgresql_vaultwarden-postgresql )"

# Abort entire script if any command fails
set -e

# Database backup
printlog 'Backing up database'
internal_database_backupfile="/tmp/${database_backupfile}"
# Create backup file in docker container
docker exec --env-file "${PASSFILE}" "${database_container}" pg_dump 'vaultwarden' -cwv -h 'localhost' -U 'vaultwarden' -f "${internal_database_backupfile}"
# Copy backup outside container
docker cp "${database_container}":"${internal_database_backupfile}" "${BACKUP_DEST}"

# Files backup
for file in 'attachments' 'sends' 'config.json' 'rsa_key.pem' 'rsa_key.pub.pem'; do
    printlog "$( printf 'Copying %s\n' "${file}" )"
	docker cp -a "${base_container}":"/data/${file}" "${BACKUP_DEST}"
done

# Backup cleanup
# Only keep 30 days of backups, seems about right.
printlog 'Cleaning up old database backups'
find "${BACKUP_DEST}" -name '*sqlbkp*' -type f -mtime +30 -print -delete

printlog 'Done'