From b819d3f1e6bf822ef5aa47e97fedb1200377726c Mon Sep 17 00:00:00 2001
From: Jeff Moe <moe@forksand.com>
Date: Sun, 15 Jul 2018 12:57:01 -0600
Subject: [PATCH] Scriptlet to collect borg keys

---
 .../resources/apps/borg/forksand-borg-check   |  2 +-
 .../resources/apps/borg/forksand-borg-create  |  2 +-
 source/resources/apps/borg/forksand-borg-info |  2 +-
 source/resources/apps/borg/forksand-borg-init |  4 +--
 source/resources/apps/borg/forksand-borg-list |  2 +-
 .../apps/borg/forksand-borg-tar-keys          | 25 +++++++++++++++++++
 6 files changed, 31 insertions(+), 6 deletions(-)
 create mode 100755 source/resources/apps/borg/forksand-borg-tar-keys

diff --git a/source/resources/apps/borg/forksand-borg-check b/source/resources/apps/borg/forksand-borg-check
index 6a2ce55..be65922 100755
--- a/source/resources/apps/borg/forksand-borg-check
+++ b/source/resources/apps/borg/forksand-borg-check
@@ -5,7 +5,7 @@
 
 export BORG_REPO="BACKUPS/borg/`hostname`"
 export BORG_SERVER="user@host"
-export BORG_PASSPHRASE="`cat /root/.borgpw`"
+#export BORG_PASSPHRASE="`cat /root/.borgpw`"
 export BORG_BINARY="borg1"
 #export BORG_DISPLAY_PASSPHRASE=0
 #export BORG_LOGGING_CONF=
diff --git a/source/resources/apps/borg/forksand-borg-create b/source/resources/apps/borg/forksand-borg-create
index fe61612..d283c42 100755
--- a/source/resources/apps/borg/forksand-borg-create
+++ b/source/resources/apps/borg/forksand-borg-create
@@ -7,7 +7,7 @@ set -x
 export MASTERDIRS="/etc /home /opt /root /srv /usr/local /var"
 export BORG_REPO="BACKUPS/borg/`hostname`"
 export BORG_SERVER="user@host"
-export BORG_PASSPHRASE="`cat /root/.borgpw`"
+#export BORG_PASSPHRASE="`cat /root/.borgpw`"
 export BORG_BINARY="borg1"
 #export BORG_DISPLAY_PASSPHRASE=0
 #export BORG_LOGGING_CONF=
diff --git a/source/resources/apps/borg/forksand-borg-info b/source/resources/apps/borg/forksand-borg-info
index f5198a2..d55c3de 100755
--- a/source/resources/apps/borg/forksand-borg-info
+++ b/source/resources/apps/borg/forksand-borg-info
@@ -5,7 +5,7 @@
 
 export BORG_REPO="BACKUPS/borg/`hostname`"
 export BORG_SERVER="user@host"
-export BORG_PASSPHRASE="`cat /root/.borgpw`"
+#export BORG_PASSPHRASE="`cat /root/.borgpw`"
 export BORG_BINARY="borg1"
 #export BORG_DISPLAY_PASSPHRASE=0
 #export BORG_LOGGING_CONF=
diff --git a/source/resources/apps/borg/forksand-borg-init b/source/resources/apps/borg/forksand-borg-init
index 5b31edf..d5a19ce 100755
--- a/source/resources/apps/borg/forksand-borg-init
+++ b/source/resources/apps/borg/forksand-borg-init
@@ -12,7 +12,7 @@ set -x
 
 export BORG_REPO="BACKUPS/borg/`hostname`"
 export BORG_SERVER="user@host"
-export BORG_PASSPHRASE="`cat /root/.borgpw`"
+#export BORG_PASSPHRASE="`cat /root/.borgpw`"
 export BORG_BINARY="borg1"
 #export BORG_DISPLAY_PASSPHRASE=0
 #export BORG_LOGGING_CONF=
@@ -30,7 +30,7 @@ export BORG_CACHE_DIR="/root/.cache/borg"
 mkdir -p $BORG_KEYS_DIR
 mkdir -p $BORG_CACHE_DIR
 
-ssh $BORG_SERVER "mkdir -p $BORG_REPO"
+$BORG_RSH $BORG_SERVER "mkdir -p $BORG_REPO"
 
 borg init								\
 	--verbose							\
diff --git a/source/resources/apps/borg/forksand-borg-list b/source/resources/apps/borg/forksand-borg-list
index accb434..024bf8b 100755
--- a/source/resources/apps/borg/forksand-borg-list
+++ b/source/resources/apps/borg/forksand-borg-list
@@ -5,7 +5,7 @@
 
 export BORG_REPO="BACKUPS/borg/`hostname`"
 export BORG_SERVER="user@host"
-export BORG_PASSPHRASE="`cat /root/.borgpw`"
+#export BORG_PASSPHRASE="`cat /root/.borgpw`"
 export BORG_BINARY="borg1"
 #export BORG_DISPLAY_PASSPHRASE=0
 #export BORG_LOGGING_CONF=
diff --git a/source/resources/apps/borg/forksand-borg-tar-keys b/source/resources/apps/borg/forksand-borg-tar-keys
new file mode 100755
index 0000000..dfb5cf4
--- /dev/null
+++ b/source/resources/apps/borg/forksand-borg-tar-keys
@@ -0,0 +1,25 @@
+#!/bin/bash
+# Copyright (C) 2018, Fork Sand, Inc.
+# GPLv3
+#
+# This scriptlet collects the keys needed to restore a backup,
+# should the host keys get lost.
+# Store on an external secure vault.
+
+set -x
+BORG_KEYS_DIR="/root/borg-`hostname`-keys"
+
+mv $BORG_KEYS_DIR $BORG_KEYS_DIR.bak
+mkdir -p $BORG_KEYS_DIR
+cp -a /root/.config/borg $BORG_KEYS_DIR/dot-config-borg
+cp -a /root/.ssh/id_ed25519-borg-`hostname` $BORG_KEYS_DIR/dot-ssh-id_ed25519-borg-`hostname`
+cp -a /root/.ssh/id_ed25519-borg-`hostname`.pub $BORG_KEYS_DIR/dot-ssh-id_ed25519-borg-`hostname`.pub
+
+cd /root
+tar jcf borg-`hostname`-keys.tar.bz2 borg-`hostname`-keys
+
+# manually remove this
+mv $BORG_KEYS_DIR $BORG_KEYS_DIR-done
+
+echo "Keys backup: $BORG_KEYS_DIR.tar.bz2"
+