-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathbackup_external
127 lines (102 loc) · 4.08 KB
/
backup_external
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
#!/bin/bash
set -e
set -o pipefail
KEYS='862134606E27D23BF68D1DA0796F7DAA1D643B75'
HOST="$(hostname -f)"
backup_dpkg() {
dpkg --get-selections \
| ssh -q -o CheckHostIP=no -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
[email protected] "cat > backup/${HOST}_packages"
}
backup_ldap() {
slapcat \
2> /dev/null \
| gpg --encrypt --always-trust -r ${KEYS} \
| ssh -q -o CheckHostIP=no -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
[email protected] "cat > backup/${HOST}_ldap.gpg"
}
backup_mediawiki() {
php /srv/www/de.chaosdorf.wiki/maintenance/dumpBackup.php --quiet --full \
| gzip \
| gpg --encrypt --always-trust -r ${KEYS} \
| ssh -q -o CheckHostIP=no -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
[email protected] "cat > backup/${HOST}_mediawiki.xml.gz.gpg"
}
backup_hedgedoc() {
docker exec chaosdorf-database-1 pg_dump hedgedoc -U hedgedoc \
| gpg --encrypt --always-trust -r ${KEYS} \
| ssh -q -o CheckHostIP=no -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
[email protected] "cat > backup/${HOST}_sql.gpg"
}
backup_sql() {
sh /root/sqldump.sh \
| gpg --encrypt --always-trust -r ${KEYS} \
| ssh -q -o CheckHostIP=no -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
[email protected] "cat > backup/${HOST}_sql.gpg"
}
backup_tar() {
tar --warning=no-file-ignored --warning=no-file-changed \
-C / -czf - "${1}" \
| gpg --encrypt --always-trust -r ${KEYS} \
| ssh -q -o CheckHostIP=no -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
[email protected] "cat > backup/${HOST}_${2}.tar.gz.gpg"
}
# Do not run *.chaosdorf.de backups simultaneously,
# omit this check when run manually.
if [ ! -t 0 ]; then
case "${HOST}" in
md.chaosdorf.de) sleep 30m ;; # 00:33
backend.chaosdorf.de) sleep 1h ;; # 01:03
extern.chaosdorf.de) sleep 8h ;; # 08:03
intern.chaosdorf.de) sleep 5h ;; # 05:03
shells.chaosdorf.de) sleep 4h ;; # 04:03
vm.chaosdorf.de) ;; # 00:03
esac
fi
curl -fsS -m 10 --retry 5 -o /dev/null -u $(python3 -c 'import json; f = open("/etc/nagios/api.json", "r"); data = json.load(f); print(":".join(data["auth"])); f.close()') -H 'Accept: application/json' -X POST 'https://icinga2.finalrewind.org:5665/v1/actions/process-check-result' -d '{ "type": "Service", "filter": "host.name==\"'${HOST}'\" && service.name==\"backup\"", "exit_status": 3, "plugin_output": "UNKNOWN - Backup Running"}' || true
if which dpkg > /dev/null 2>&1; then
backup_dpkg
fi
backup_tar boot boot
backup_tar etc etc
backup_tar root root
backup_tar usr/local usr_local
backup_tar var/local var_local
if ! echo "${HOST}" | fgrep -q .chaosdorf.space; then
backup_tar home home
backup_tar srv srv
fi
if echo "${HOST}" | fgrep -q -e feedback -e door -e donationprint -e unifiserver; then
backup_tar home home
fi
case "${HOST}" in
backend.chaosdorf.de)
backup_ldap
;;
dashboardserver.chaosdorf.space)
backup_tar srv srv
;;
dockerserver.chaosdorf.space)
backup_tar var/lib/docker/volumes/chaospizza_backup/_data/ chaospizza_backup_data
backup_tar var/lib/docker/volumes/mete_backup/_data/ mete_backup_data
;;
extern.chaosdorf.de)
backup_mediawiki
backup_tar var/lib/automysqlbackup automysqlbackup
backup_sql
;;
intern.chaosdorf.de)
backup_sql
backup_tar var/lib/automysqlbackup automysqlbackup
backup_tar var/mail var_mail
;;
shells.chaosdorf.de)
backup_tar var/spool/cron crontabs
;;
md.chaosdorf.de)
backup_hedgedoc
backup_tar $(docker volume inspect chaosdorf_uploads | jq -r '.[0].Mountpoint') hedgedoc_uploads
;;
esac
curl -s -u $(python3 -c 'import json; f = open("/etc/nagios/api.json", "r"); data = json.load(f); print(":".join(data["auth"])); f.close()') -H 'Accept: application/json' -X POST 'https://icinga2.finalrewind.org:5665/v1/actions/process-check-result' -d '{ "type": "Service", "filter": "host.name==\"'${HOST}'\" && service.name==\"backup\"", "exit_status": 0, "plugin_output": "OK"}' > /dev/null
exit 0