freedombone/src/freedombone-backup-local

#!/bin/bash
#  _____               _           _
# |   __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
# |   __|  _| -_| -_| . | . |     | . | . |   | -_|
# |__|  |_| |___|___|___|___|_|_|_|___|___|_|_|___|
#
#                              Freedom in the Cloud
#
# Backup to local storage - typically a USB drive

# License
# =======
#
# Copyright (C) 2015-2018 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

PROJECT_NAME='freedombone'
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
MONGODB_APPS_FILE=$HOME/.mongodbapps
BACKUP_EXTRA_DIRECTORIES=/root/backup-extra-dirs.csv
ENABLE_BACKUP_VERIFICATION="no"

export TEXTDOMAIN=${PROJECT_NAME}-backup-local
export TEXTDOMAINDIR="/usr/share/locale"

PROJECT_INSTALL_DIR=/usr/local/bin
if [ -f /usr/bin/${PROJECT_NAME} ]; then
    PROJECT_INSTALL_DIR=/usr/bin
fi

function please_wait {
        local str width height length

        width=$(tput cols)
        height=$(tput lines)
        str="Standby to backup to USB"
        length=${#str}
        clear
        tput cup $((height / 2)) $(((width / 2) - (length / 2)))
        echo "$str"
        tput cup $((height * 3 / 5)) $(((width / 2)))
        echo -n ''
}

please_wait

source "$PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars"

# include utils which allow function_check and drive mount
UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
for f in $UTILS_FILES
do
    source "$f"
done

clear

USB_DRIVE=/dev/sdb1
USB_MOUNT=/mnt/usb

read_config_param USB_DRIVE

ADMIN_USERNAME=
ADMIN_NAME=

# The name of a currently suspended site
# Sites are suspended so that verification should work
SUSPENDED_SITE=

DATABASE_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)

function make_backup_directory {
    # make a backup directory on the drive
    if [ ! -d $USB_MOUNT/backup ]; then
        mkdir $USB_MOUNT/backup
    fi
    if [ ! -d $USB_MOUNT/backup ]; then
        echo $"There was a problem making the directory $USB_MOUNT/backup."
        umount $USB_MOUNT
        rm -rf $USB_MOUNT
        exit 3
    fi
}

function check_storage_space_remaining {
    # Check space remaining on the usb drive
    used_percent=$(df -k $USB_MOUNT | tail -n 1 | awk -F ' ' '{print $5}' | awk -F '%' '{print $1}')
    if [ "$used_percent" -gt 95 ]; then
        echo $"Less than 5% of space remaining on backup drive"
        umount $USB_MOUNT
        rm -rf $USB_MOUNT
        exit 4
    fi
}

function backup_users {
    # Backup user files
    for d in /home/*/ ; do
        USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
        if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
            # Backup any gpg keys
            if [ -d "/home/$USERNAME/.gnupg" ]; then
                echo $"Backing up gpg keys for $USERNAME"
                backup_directory_to_usb "/home/$USERNAME/.gnupg" "gnupg/$USERNAME"
            fi

            # Backup any personal settings
            if [ -d "/home/$USERNAME/personal" ]; then
                echo $"Backing up personal settings for $USERNAME"
                backup_directory_to_usb "/home/$USERNAME/personal" "personal/$USERNAME"
            fi

            # Backup ssh keys
            if [ -d "/home/$USERNAME/.ssh" ]; then
                echo $"Backing up ssh keys for $USERNAME"
                backup_directory_to_usb "/home/$USERNAME/.ssh" "ssh/$USERNAME"
            fi

            # Backup fin database if it exists
            if [ -d "/home/$USERNAME/.fin" ]; then
                echo $"Backing up fin files for $USERNAME"
                backup_directory_to_usb "/home/$USERNAME/.fin" "fin/$USERNAME"
            fi

            # Backup emacs
            if [ -d "/home/$USERNAME/.emacs.d" ]; then
                echo $"Backing up Emacs config for $USERNAME"
                if [ -f "/home/$USERNAME/.emacs" ]; then
                    cp "/home/$USERNAME/.emacs" "/home/$USERNAME/.emacs.d/dotemacs"
                fi
                backup_directory_to_usb "/home/$USERNAME/.emacs.d" "config/$USERNAME"
            fi

            # Backup user configs
            if [ -d "/home/$USERNAME/.config" ]; then
                echo $"Backing up config files for $USERNAME"
                backup_directory_to_usb "/home/$USERNAME/.config" "config/$USERNAME"
            fi

            # Backup monkeysphere
            if [ -d "/home/$USERNAME/.monkeysphere" ]; then
                echo $"Backing up monkeysphere files for $USERNAME"
                backup_directory_to_usb "/home/$USERNAME/.monkeysphere" "monkeysphere/$USERNAME"
            fi

            # Backup user local
            if [ -d "/home/$USERNAME/.local" ]; then
                echo $"Backing up local files for $USERNAME"
                backup_directory_to_usb "/home/$USERNAME/.local" "local/$USERNAME"
            fi

            # Backup mutt
            if [ -f "/home/$USERNAME/.muttrc" ]; then
                echo $"Backing up Mutt settings for $USERNAME"
                if [ ! -d "/home/$USERNAME/tempbackup" ]; then
                    mkdir -p "/home/$USERNAME/tempbackup"
                fi
                cp "/home/$USERNAME/.muttrc" "/home/$USERNAME/tempbackup"
                if [ -f /etc/Muttrc ]; then
                    cp /etc/Muttrc "/home/$USERNAME/tempbackup"
                fi
                backup_directory_to_usb "/home/$USERNAME/tempbackup" "mutt/$USERNAME"
            fi
            if [ -d "/home/$USERNAME/.mutt" ]; then
                echo $"Backing up Mutt configurations for $USERNAME"
                backup_directory_to_usb "/home/$USERNAME/.mutt" "mutt/${USERNAME}configs"
            fi

            # Backup email
            if [ -d "/home/$USERNAME/Maildir" ]; then
                echo $"Stopping mail server"
                systemctl stop exim4
                echo $"Creating an email archive for $USERNAME"
                if [ ! -d "/root/tempbackupemail/$USERNAME" ]; then
                    mkdir -p "/root/tempbackupemail/$USERNAME"
                fi
                tar -czvf "/root/tempbackupemail/$USERNAME/maildir.tar.gz" "/home/$USERNAME/Maildir"
                echo $"Restarting mail server"
                systemctl start exim4
                echo $"Backing up emails for $USERNAME"
                backup_directory_to_usb "/root/tempbackupemail/$USERNAME" "mail/$USERNAME"
            fi

            # Backup spamassassin
            if [ -d "/home/$USERNAME/.spamassassin" ]; then
                echo $"Backing up spamassassin settings for $USERNAME"
                backup_directory_to_usb "/home/$USERNAME/.spamassassin" "spamassassin/$USERNAME"
            fi

            # Backup procmail
            if [ -f "/home/$USERNAME/.procmailrc" ]; then
                echo $"Backing up procmail settings for $USERNAME"
                if [ ! -d "/home/$USERNAME/tempbackup" ]; then
                    mkdir -p "/home/$USERNAME/tempbackup"
                fi
                cp "/home/$USERNAME/.procmailrc" "/home/$USERNAME/tempbackup"
                backup_directory_to_usb "/home/$USERNAME/tempbackup" "procmail/$USERNAME"
            fi

            gpg_agent_enable "$USERNAME"
        fi
    done
}

function backup_directories {
    # directories to be backed up (source,dest)
    backup_dirs=(
        "/etc/letsencrypt,                      letsencrypt"
        "/etc/ssl,                              ssl"
        "/var/spool/mlmmj,                      mailinglist"
        "/etc/nginx/sites-available,            web"
        "/var/lib/tor,                          tor"
        "/root/.passwords,                      passwordstore"
    )

    # shellcheck disable=SC2068
    for dr in ${backup_dirs[@]}
    do
        # if this directory exists then back it up to the given destination
        source_directory=$(echo "$dr" | awk -F ',' '{print $1}'  | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
        if [ -d "$source_directory" ]; then
            dest_directory=$(echo "$dr" | awk -F ',' '{print $2}'  | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
            echo $"Backing up $source_directory to $dest_directory"
            backup_directory_to_usb "$source_directory" "$dest_directory"
        fi

        restart_site
    done
}

function remove_backup_directory {
    if [ "$1" ]; then
        if [[ "$1" == "remove" ]]; then
            if [ -d $USB_MOUNT/backup ]; then
                rm -rf $USB_MOUNT/backup
                echo $'Existing backup directory removed'
                backup_unmount_drive
                exit 0
            fi
        fi
    fi
}

function prepare_directories {
    # Some miscellaneous preparation for backing up directories
    if [ -d /var/lib/tox-bootstrapd ]; then
        cp /etc/tox-bootstrapd.conf /var/lib/tox-bootstrapd
        if [ -d /var/lib/tox-bootstrapd/Maildir ]; then
            rm -rf /var/lib/tox-bootstrapd/Maildir
        fi
    fi
}

function backup_blocklist {
    if [ ! -f /root/${PROJECT_NAME}-firewall-domains.cfg ]; then
        return
    fi
    echo $"Backing up ${PROJECT_NAME} blocklist"
    temp_backup_dir=/root/tempbackupblocklist
    if [ ! -d $temp_backup_dir ]; then
        mkdir -p $temp_backup_dir
    fi
    if [ -f "$NODEJS_INSTALLED_APPS_FILE" ]; then
        cp -f /root/${PROJECT_NAME}-firewall-domains.cfg $temp_backup_dir
    fi
    backup_directory_to_usb $temp_backup_dir blocklist
    rm -rf $temp_backup_dir
}

function backup_configfiles {
    echo $"Backing up ${PROJECT_NAME} configuration files"
    temp_backup_dir=/root/tempbackupconfig
    if [ ! -d $temp_backup_dir ]; then
        mkdir -p $temp_backup_dir
    fi
    if [ -f "$NODEJS_INSTALLED_APPS_FILE" ]; then
        cp -f "$NODEJS_INSTALLED_APPS_FILE" $temp_backup_dir
    fi
    if [ -f /root/.nostore ]; then
        cp -f /root/.nostore $temp_backup_dir
    else
        if [ -f $temp_backup_dir/.nostore ]; then
            rm $temp_backup_dir/.nostore
        fi
    fi
    cp -f "$CONFIGURATION_FILE" $temp_backup_dir
    cp -f "$COMPLETION_FILE" $temp_backup_dir
    if [ -f $BACKUP_EXTRA_DIRECTORIES ]; then
        cp -f $BACKUP_EXTRA_DIRECTORIES $temp_backup_dir
    fi
    if [ -f "$MONGODB_APPS_FILE" ]; then
        cp -f "$MONGODB_APPS_FILE" $temp_backup_dir
    fi
    # nginx password hashes
    if [ -f /etc/nginx/.htpasswd ]; then
        cp -f /etc/nginx/.htpasswd $temp_backup_dir/htpasswd
    fi
    backup_directory_to_usb $temp_backup_dir configfiles
    rm -rf $temp_backup_dir
}

function backup_admin_readme {
    if [ -f /home/$ADMIN_USERNAME/README ]; then
        echo $"Backing up README"
        temp_backup_dir=/home/$ADMIN_USERNAME/tempbackup
        if [ ! -d $temp_backup_dir ]; then
            mkdir -p $temp_backup_dir
        fi
        cp -f /home/$ADMIN_USERNAME/README $temp_backup_dir
        backup_directory_to_usb $temp_backup_dir readme
    fi
}

function backup_mariadb {
    if [ ${#DATABASE_PASSWORD} -gt 1 ]; then
        temp_backup_dir=/root/tempmariadb
        if [ ! -d $temp_backup_dir ]; then
            mkdir $temp_backup_dir
        fi
        keep_database_running
        mysqldump --lock-tables --password="$DATABASE_PASSWORD" mysql user > $temp_backup_dir/mysql.sql
        if [ ! -s $temp_backup_dir/mysql.sql ]; then
            echo $"Unable to backup mysql settings"
            rm -rf $temp_backup_dir
            umount $USB_MOUNT
            rm -rf $USB_MOUNT
            exit 8
        fi
        echo "$DATABASE_PASSWORD" > $temp_backup_dir/db
        chmod 400 $temp_backup_dir/db
        backup_directory_to_usb $temp_backup_dir mariadb
    fi
}

function backup_postgresql {
    if [ ! -d /etc/postgresql ]; then
        return
    fi

    temp_backup_dir=/root/temppostgresql
    if [ ! -d $temp_backup_dir ]; then
        mkdir $temp_backup_dir
    fi
    # shellcheck disable=SC2024
    sudo -u postgres pg_dumpall --roles-only > "$temp_backup_dir/postgresql.sql"
    if [ ! -s $temp_backup_dir/postgresql.sql ]; then
        echo $"Unable to backup postgresql settings"
        rm -rf $temp_backup_dir
        umount $USB_MOUNT
        rm -rf $USB_MOUNT
        exit 684365
    fi
    echo "$DATABASE_PASSWORD" > $temp_backup_dir/db
    chmod 400 $temp_backup_dir/db
    backup_directory_to_usb $temp_backup_dir postgresql
}

# has the remove option been set ?
remove_option=$2
if [[ $1 == "remove" ]]; then
    remove_option=$1
fi

gpg_agent_setup root
backup_mount_drive "$1" "$2"
remove_backup_directory "$remove_option"
make_backup_directory
check_storage_space_remaining
backup_users
prepare_directories
backup_directories
backup_apps local
backup_configfiles
backup_blocklist
backup_admin_readme
backup_mariadb
backup_postgresql
backup_extra_directories local
backup_unmount_drive $USB_DRIVE $USB_MOUNT
echo $"Backup to USB drive is complete. You can now unplug it."

exit 0