glaszig · January 24, 2020 15:23
diff --git a/gitea-backup-s3.sh b/gitea-backup-s3.sh
 #!/usr/bin/env sh
 #
 # requires openssl >= 1.1.1 due to usage of -pbkdf2 option
 #
 # to decrypt the encrypted backup:
 #   openssl aes-256-cbc -d -a -salt -pbkdf2 -in gitea-dump.zip.enc -out gitea-dump.zip -pass pass:your-password
 #
 # conifgure with a dotfile `.backuprc` in your $HOME:
 #   BUCKET="foobar"
 #   GITEA_CUSTOM=/usr/local/etc/gitea
 #   BACKUP_PASSWORD="your-password"
 #
 # run via cron like this:
 #   0 5 * * * /path/to/backup.sh
 #

 BACKUP_PATH=${BACKUP_PATH:-"/tmp/gitea-backup"}
 BUCKET_KEY_PREFIX=${BUCKET_KEY_PREFIX:-"gitea-backup"}
 DEFAULT_BUCKET_LIFECYCLE=$(cat << JSON
 {
  "Rules": [
    {
       "ID": "Expires in 30 days",
       "Prefix": "$BUCKET_KEY_PREFIX/*",
       "Status": "Enabled",
       "Expiration": {
         "Days": 30
       }
    }
  ]
 }
 JSON
 )
 BUCKET_LIFECYCLE=${BUCKET_LIFECYCLE:-"$DEFAULT_BUCKET_LIFECYCLE"}

 if [ -f "$HOME/.backuprc" ]; then
  . "$HOME/.backuprc"
 fi

 if [ "x$BUCKET" == "x" ]; then
  echo "WARNING: You need to specifiy the bucket name via the BUCKET env var."
  exit 1
 fi

 if [ "x$GITEA_CUSTOM" == "x" ]; then
  echo "WARNING: You need to specifiy Gitea's config path via the GITEA_CUSTOM env var."
  exit 1
 fi

 if [ "x$BACKUP_PASSWORD" == "x" ]; then
  echo "WARNING: You need to specifiy the backup password via the BACKUP_PASSWORD env var."
  exit 1
 fi

 echo "Starting backup process"
 echo

 bucket_exists=$(aws s3api head-bucket --bucket "$BUCKET" 2> /dev/null)
 if [ $? != 0 ]; then
  echo "Creating bucket ${BUCKET}"
  echo "========================="
  aws s3api create-bucket --bucket ${BUCKET} --create-bucket-configuration LocationConstraint=eu-central-1 --acl private
 fi
 aws s3api put-bucket-lifecycle-configuration --bucket "$BUCKET" --lifecycle-configuration "$BUCKET_LIFECYCLE"

 echo "Creating backup"
 echo "==============="
 mkdir -p "${BACKUP_PATH}"
 cd "${BACKUP_PATH}"
 gitea dump -c /usr/local/etc/gitea/conf/app.ini
 dump_file=$(ls -t|head -1)

 echo "Encrypting backup"
 echo "================="
 openssl aes-256-cbc -a -salt -pbkdf2 -in $dump_file -out ${dump_file}.enc -pass env:BACKUP_PASSWORD
 rm $dump_file

 echo "Storing backup off-site"
 echo "======================="
 aws s3 cp ${dump_file}.enc s3://${BUCKET}/$BUCKET_KEY_PREFIX/${dump_file}.enc


 echo "Cleaning up"
 echo "==========="
 cd -
 rm -rf "${BACKUP_PATH}"

 echo "Finished backup process"
 echo
	#!/usr/bin/env sh
	#
	# requires openssl >= 1.1.1 due to usage of -pbkdf2 option
	#
	# to decrypt the encrypted backup:
	# openssl aes-256-cbc -d -a -salt -pbkdf2 -in gitea-dump.zip.enc -out gitea-dump.zip -pass pass:your-password
	#
	# conifgure with a dotfile `.backuprc` in your $HOME:
	# BUCKET="foobar"
	# GITEA_CUSTOM=/usr/local/etc/gitea
	# BACKUP_PASSWORD="your-password"
	#
	# run via cron like this:
	# 0 5 * * * /path/to/backup.sh
	#

	BACKUP_PATH=${BACKUP_PATH:-"/tmp/gitea-backup"}
	BUCKET_KEY_PREFIX=${BUCKET_KEY_PREFIX:-"gitea-backup"}
	DEFAULT_BUCKET_LIFECYCLE=$(cat << JSON
	{
	"Rules": [
	{
	"ID": "Expires in 30 days",
	"Prefix": "$BUCKET_KEY_PREFIX/*",
	"Status": "Enabled",
	"Expiration": {
	"Days": 30
	}
	}
	]
	}
	JSON
	)
	BUCKET_LIFECYCLE=${BUCKET_LIFECYCLE:-"$DEFAULT_BUCKET_LIFECYCLE"}

	if [ -f "$HOME/.backuprc" ]; then
	. "$HOME/.backuprc"
	fi

	if [ "x$BUCKET" == "x" ]; then
	echo "WARNING: You need to specifiy the bucket name via the BUCKET env var."
	exit 1
	fi

	if [ "x$GITEA_CUSTOM" == "x" ]; then
	echo "WARNING: You need to specifiy Gitea's config path via the GITEA_CUSTOM env var."
	exit 1
	fi

	if [ "x$BACKUP_PASSWORD" == "x" ]; then
	echo "WARNING: You need to specifiy the backup password via the BACKUP_PASSWORD env var."
	exit 1
	fi

	echo "Starting backup process"
	echo

	bucket_exists=$(aws s3api head-bucket --bucket "$BUCKET" 2> /dev/null)
	if [ $? != 0 ]; then
	echo "Creating bucket ${BUCKET}"
	echo "========================="
	aws s3api create-bucket --bucket ${BUCKET} --create-bucket-configuration LocationConstraint=eu-central-1 --acl private
	fi
	aws s3api put-bucket-lifecycle-configuration --bucket "$BUCKET" --lifecycle-configuration "$BUCKET_LIFECYCLE"

	echo "Creating backup"
	echo "==============="
	mkdir -p "${BACKUP_PATH}"
	cd "${BACKUP_PATH}"
	gitea dump -c /usr/local/etc/gitea/conf/app.ini
	dump_file=$(ls -t\|head -1)

	echo "Encrypting backup"
	echo "================="
	openssl aes-256-cbc -a -salt -pbkdf2 -in $dump_file -out ${dump_file}.enc -pass env:BACKUP_PASSWORD
	rm $dump_file

	echo "Storing backup off-site"
	echo "======================="
	aws s3 cp ${dump_file}.enc s3://${BUCKET}/$BUCKET_KEY_PREFIX/${dump_file}.enc


	echo "Cleaning up"
	echo "==========="
	cd -
	rm -rf "${BACKUP_PATH}"

	echo "Finished backup process"
	echo