Scriptlet to collect borg keys

6 years ago · b819d3f1e6
parent 7cb890890b
commit b819d3f1e6
6 changed files with 31 additions and 6 deletions
--- a/source/resources/apps/borg/forksand-borg-check
+++ b/source/resources/apps/borg/forksand-borg-check
@ -5,7 +5,7 @@

 export BORG_REPO="BACKUPS/borg/`hostname`"
 export BORG_SERVER="user@host"
-export BORG_PASSPHRASE="`cat /root/.borgpw`"
+#export BORG_PASSPHRASE="`cat /root/.borgpw`"
 export BORG_BINARY="borg1"
 #export BORG_DISPLAY_PASSPHRASE=0
 #export BORG_LOGGING_CONF=
--- a/source/resources/apps/borg/forksand-borg-create
+++ b/source/resources/apps/borg/forksand-borg-create
@ -7,7 +7,7 @@ set -x
 export MASTERDIRS="/etc /home /opt /root /srv /usr/local /var"
 export BORG_REPO="BACKUPS/borg/`hostname`"
 export BORG_SERVER="user@host"
-export BORG_PASSPHRASE="`cat /root/.borgpw`"
+#export BORG_PASSPHRASE="`cat /root/.borgpw`"
 export BORG_BINARY="borg1"
 #export BORG_DISPLAY_PASSPHRASE=0
 #export BORG_LOGGING_CONF=
--- a/source/resources/apps/borg/forksand-borg-info
+++ b/source/resources/apps/borg/forksand-borg-info
@ -5,7 +5,7 @@

 export BORG_REPO="BACKUPS/borg/`hostname`"
 export BORG_SERVER="user@host"
-export BORG_PASSPHRASE="`cat /root/.borgpw`"
+#export BORG_PASSPHRASE="`cat /root/.borgpw`"
 export BORG_BINARY="borg1"
 #export BORG_DISPLAY_PASSPHRASE=0
 #export BORG_LOGGING_CONF=
--- a/source/resources/apps/borg/forksand-borg-init
+++ b/source/resources/apps/borg/forksand-borg-init
@ -12,7 +12,7 @@ set -x

 export BORG_REPO="BACKUPS/borg/`hostname`"
 export BORG_SERVER="user@host"
-export BORG_PASSPHRASE="`cat /root/.borgpw`"
+#export BORG_PASSPHRASE="`cat /root/.borgpw`"
 export BORG_BINARY="borg1"
 #export BORG_DISPLAY_PASSPHRASE=0
 #export BORG_LOGGING_CONF=
@ -30,7 +30,7 @@ export BORG_CACHE_DIR="/root/.cache/borg"
 mkdir -p $BORG_KEYS_DIR
 mkdir -p $BORG_CACHE_DIR

-ssh $BORG_SERVER "mkdir -p $BORG_REPO"
+$BORG_RSH $BORG_SERVER "mkdir -p $BORG_REPO"

 borg init								\
 	--verbose							\
--- a/source/resources/apps/borg/forksand-borg-list
+++ b/source/resources/apps/borg/forksand-borg-list
@ -5,7 +5,7 @@

 export BORG_REPO="BACKUPS/borg/`hostname`"
 export BORG_SERVER="user@host"
-export BORG_PASSPHRASE="`cat /root/.borgpw`"
+#export BORG_PASSPHRASE="`cat /root/.borgpw`"
 export BORG_BINARY="borg1"
 #export BORG_DISPLAY_PASSPHRASE=0
 #export BORG_LOGGING_CONF=
--- a/source/resources/apps/borg/forksand-borg-tar-keys
+++ b/source/resources/apps/borg/forksand-borg-tar-keys
@ -0,0 +1,25 @@
+#!/bin/bash
+# Copyright (C) 2018, Fork Sand, Inc.
+# GPLv3
+#
+# This scriptlet collects the keys needed to restore a backup,
+# should the host keys get lost.
+# Store on an external secure vault.
+
+set -x
+BORG_KEYS_DIR="/root/borg-`hostname`-keys"
+
+mv $BORG_KEYS_DIR $BORG_KEYS_DIR.bak
+mkdir -p $BORG_KEYS_DIR
+cp -a /root/.config/borg $BORG_KEYS_DIR/dot-config-borg
+cp -a /root/.ssh/id_ed25519-borg-`hostname` $BORG_KEYS_DIR/dot-ssh-id_ed25519-borg-`hostname`
+cp -a /root/.ssh/id_ed25519-borg-`hostname`.pub $BORG_KEYS_DIR/dot-ssh-id_ed25519-borg-`hostname`.pub
+
+cd /root
+tar jcf borg-`hostname`-keys.tar.bz2 borg-`hostname`-keys
+
+# manually remove this
+mv $BORG_KEYS_DIR $BORG_KEYS_DIR-done
+
+echo "Keys backup: $BORG_KEYS_DIR.tar.bz2"
+