Restore gogs

src/freedombone-restore-gogs

@@ -0,0 +1,274 @@
+#!/bin/bash
+#
+# .---.                  .              .
+# |                      |              |
+# |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
+# |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
+# '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
+#
+#                    Freedom in the Cloud
+#
+# Restore gogs from local storage - typically a USB drive
+
+# License
+# =======
+#
+# Copyright (C) 2015 Bob Mottram <bob@robotics.uk.to>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+PROJECT_NAME='freedombone'
+COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
+BACKUP_EXTRA_DIRECTORIES=/root/backup-extra-dirs.csv
+
+export TEXTDOMAIN=${PROJECT_NAME}-restore-gogs
+export TEXTDOMAINDIR="/usr/share/locale"
+
+USB_DRIVE=/dev/sdb1
+USB_MOUNT=/mnt/usb
+
+# get default USB from config file
+CONFIG_FILE=$HOME/${PROJECT_NAME}.cfg
+if [ -f $CONFIG_FILE ]; then
+    if grep -q "USB_DRIVE=" $CONFIG_FILE; then
+        USB_DRIVE=$(cat $CONFIG_FILE | grep "USB_DRIVE=" | awk -F '=' '{print $2}')
+    fi
+fi
+
+ADMIN_USERNAME=
+ADMIN_NAME=
+
+# MariaDB password
+DATABASE_PASSWORD=$(cat /root/dbpass)
+
+MICROBLOG_DOMAIN_NAME=
+HUBZILLA_DOMAIN_NAME=
+OWNCLOUD_DOMAIN_NAME=
+GIT_DOMAIN_NAME=
+WIKI_DOMAIN_NAME=
+FULLBLOG_DOMAIN_NAME=
+
+function mount_drive {
+    if [ $1 ]; then
+        USB_DRIVE=/dev/${1}1
+    fi
+
+    # get the admin user
+    ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
+    if [ $2 ]; then
+        ADMIN_USERNAME=$2
+    fi
+    ADMIN_NAME=$(getent passwd $ADMIN_USERNAME | cut -d: -f5 | cut -d, -f1)
+
+    # check that the backup destination is available
+    if [ ! -b $USB_DRIVE ]; then
+        echo $"Please attach a USB drive"
+        exit 1
+    fi
+
+    # unmount if already mounted
+    umount -f $USB_MOUNT
+    if [ ! -d $USB_MOUNT ]; then
+        mkdir $USB_MOUNT
+    fi
+    if [ -f /dev/mapper/encrypted_usb ]; then
+        rm -rf /dev/mapper/encrypted_usb
+    fi
+    cryptsetup luksClose encrypted_usb
+
+    # mount the encrypted backup drive
+    cryptsetup luksOpen $USB_DRIVE encrypted_usb
+    if [ "$?" = "0" ]; then
+        USB_DRIVE=/dev/mapper/encrypted_usb
+    fi
+    mount $USB_DRIVE $USB_MOUNT
+    if [ ! "$?" = "0" ]; then
+        echo $"There was a problem mounting the USB drive to $USB_MOUNT"
+        rm -rf $USB_MOUNT
+        exit 2
+    fi
+}
+
+function unmount_drive {
+    sync
+    umount $USB_MOUNT
+    if [ ! "$?" = "0" ]; then
+        echo $"Unable to unmount the drive. This means that the backup did not work"
+        rm -rf $USB_MOUNT
+        exit 9
+    fi
+    rm -rf $USB_MOUNT
+
+    echo $"Setting permissions"
+    for d in /home/*/ ; do
+        USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
+        if [[ $USERNAME != "git" ]]; then
+            chown -R $USERNAME:$USERNAME /home/$USERNAME
+        fi
+    done
+
+    if [[ $USB_DRIVE == /dev/mapper/encrypted_usb ]]; then
+        echo $"Unmount encrypted USB"
+        cryptsetup luksClose encrypted_usb
+    fi
+    if [ -f /dev/mapper/encrypted_usb ]; then
+        rm -rf /dev/mapper/encrypted_usb
+    fi
+}
+
+function check_backup_exists {
+    if [ ! -d $USB_MOUNT/backup ]; then
+        echo $"No backup directory found on the USB drive."
+        unmount_drive
+        exit 2
+    fi
+}
+
+function check_admin_user {
+    echo $"Checking that admin user exists"
+    if [ ! -d /home/$ADMIN_USERNAME ]; then
+        echo $"Username $ADMIN_USERNAME not found. Reinstall ${PROJECT_NAME} with this username."
+        unmount_drive
+        exit 295
+    fi
+}
+
+function copy_gpg_keys {
+    echo $"Copying GPG keys from admin user to root"
+    cp -r /home/$ADMIN_USERNAME/.gnupg /root
+}
+
+function restore_directory_from_usb {
+    if [ ! -d ${1} ]; then
+        mkdir ${1}
+    fi
+    obnam restore -r $USB_MOUNT/backup/${2} --to ${1}
+}
+
+function restore_database {
+    RESTORE_SUBDIR="root"
+
+    if [ -d $USB_MOUNT/backup/${1} ]; then
+        echo $"Restoring ${1} database"
+        restore_directory_from_usb "/root/temp${1}data" "${1}data"
+        if [ ! -f /root/temp${1}data/${RESTORE_SUBDIR}/temp${1}data/${1}.sql ]; then
+            echo $"Unable to restore ${1} database"
+            rm -rf /root/temp${1}data
+            unmount_drive
+            exit 503
+        fi
+        mysqlsuccess=$(mysql -u root --password=$DATABASE_PASSWORD ${1} -o < /root/temp${1}data/${RESTORE_SUBDIR}/temp${1}data/${1}.sql)
+        if [ ! "$?" = "0" ]; then
+            echo "$mysqlsuccess"
+            unmount_drive
+            exit 964
+        fi
+        shred -zu /root/temp${1}data/${RESTORE_SUBDIR}/temp${1}data/*
+        rm -rf /root/temp${1}data
+        echo $"Restoring ${1} installation"
+        if [ ! -d /root/temp${1} ]; then
+            mkdir /root/temp${1}
+        fi
+        restore_directory_from_usb "/root/temp${1}" "${1}"
+        RESTORE_SUBDIR="var"
+        if [ ${2} ]; then
+            if [ -d /var/www/${2}/htdocs ]; then
+                if [ -d /root/temp${1}/${RESTORE_SUBDIR}/www/${2}/htdocs ]; then
+                    rm -rf /var/www/${2}/htdocs
+                    mv /root/temp${1}/${RESTORE_SUBDIR}/www/${2}/htdocs /var/www/${2}/
+                    if [ ! "$?" = "0" ]; then
+                        unmount_drive
+                        exit 683
+                    fi
+                    if [ -d /etc/letsencrypt/live/${2} ]; then
+                        ln -s /etc/letsencrypt/live/${2}/privkey.pem /etc/ssl/private/${2}.key
+                        ln -s /etc/letsencrypt/live/${2}/fullchain.pem /etc/ssl/certs/${2}.pem
+                    else
+                        # Ensure that the bundled SSL cert is being used
+                        if [ -f /etc/ssl/certs/${2}.bundle.crt ]; then
+                            sed -i "s|${2}.crt|${2}.bundle.crt|g" /etc/nginx/sites-available/${2}
+                        fi
+                    fi
+                fi
+            fi
+        fi
+    fi
+}
+
+function update_domains {
+    if grep -q "Gogs domain" $COMPLETION_FILE; then
+        GIT_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Gogs domain" | awk -F ':' '{print $2}')
+    fi
+}
+
+function same_admin_user {
+    PREV_ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
+    if [[ "$PREV_ADMIN_USERNAME" != "$ADMIN_USERNAME" ]]; then
+        echo $"The admin username has changed from $PREV_ADMIN_USERNAME to $ADMIN_USERNAME. To restore you will first need to install a new ${PROJECT_NAME} system with an initial admin user named $PREV_ADMIN_USERNAME"
+        unmount_drive
+        exit 73265
+    fi
+}
+
+function restore_gogs {
+    if [ $GIT_DOMAIN_NAME ]; then
+        restore_database gogs ${GIT_DOMAIN_NAME}
+        if [ -d $USB_MOUNT/backup/gogs ]; then
+            echo $"Restoring Gogs settings"
+            if [ ! -d /home/git/go/src/github.com/gogits/gogs/custom ]; then
+                mkdir -p /home/git/go/src/github.com/gogits/gogs/custom
+            fi
+            cp -r /root/tempgogs/home/git/go/src/github.com/gogits/gogs/custom/* /home/git/go/src/github.com/gogits/gogs/custom
+            if [ ! "$?" = "0" ]; then
+                unmount_drive
+                exit 981
+            fi
+            echo $"Restoring Gogs repos"
+            restore_directory_from_usb /root/tempgogsrepos gogsrepos
+            cp -r /root/tempgogsrepos/home/git/gogs-repositories/* /home/git/gogs-repositories/
+            if [ ! "$?" = "0" ]; then
+                unmount_drive
+                exit 67574
+            fi
+            echo $"Restoring Gogs authorized_keys"
+            restore_directory_from_usb /root/tempgogsssh gogsssh
+            if [ ! -d /home/git/.ssh ]; then
+                mkdir /home/git/.ssh
+            fi
+            cp -r /root/tempgogsssh/home/git/.ssh/* /home/git/.ssh/
+            if [ ! "$?" = "0" ]; then
+                unmount_drive
+                exit 8463
+            fi
+            rm -rf /root/tempgogs
+            rm -rf /root/tempgogsrepos
+            rm -rf /root/tempgogsssh
+            chown -R git:git /home/git
+        fi
+    fi
+}
+
+mount_drive $1 $2
+check_backup_exists
+check_admin_user
+copy_gpg_keys
+restore_configuration
+same_admin_user
+update_domains
+restore_gogs
+unmount_drive
+
+echo $"Restore Gogs from USB drive is complete. You can now unplug it."
+
+exit 0