Permette di effettuare backup incrementali cifrati in GPG con duplicity sfruttando lo spazio gratuito di Google Drive.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Claudio Maradonna 0705700f7b Merge branch 'yamabik0-master-patch-30206' into 'master' 1 year ago
conf_example script fixes 3 years ago
gdrive add gdrive dir 3 years ago
keys add keep files to dir 3 years ago
logs add keep files to dir 3 years ago
.gitignore add gdrive dir 3 years ago
LICENSE Add LICENSE 3 years ago
README.md Update README.md 1 year ago
backup-full minor fixes to the README 3 years ago
backup-inc README update and test function 3 years ago
restore script fixes 3 years ago

README.md

duplicity-automated-backups

This repository contains a collection of scripts made to speed up the configuration process for automating encrypted backups.

Prerequisities

You should have already installed:

  • duplicity (0.7.14+)
  • pydrive (needed to use Google Drive as the hosting for the backups)

You can use pip to install both; if you run into some errors try to manually update dependencies like google-auth and oauth2client first

Setup steps

GPG key creation

  1. Create and generate on your PC a new GPG key (making it non-expiring is reccomended): gpg --full-generate-key
  2. Export both the private and the pub key: gpg --armor --export user@example.org > publickey.pub
    gpg --armor --export-secret-key user@example > privatekey
  3. Encrypt the private key with a symmetric cipher (and save the password): gpg --output privatekey.gpg --symmetric privatekey
  4. Put the encrypted privatekey and the publickey on the server with scp and import the publickey: gpg --import publickey.pub
  5. Edit the imported key to trust it: gpg --edit-key user@example.org trust

Google API Credentials

  1. Log in into your account and access https://console.developers.google.com
  2. Click on "Create Project"; and once it's created click on the project and then on "APIs & auth" on the sidebar.
  3. Go to the "Drive API" on the section called "Google Apps APIs" and click on "Enable API"
  4. Once enabled go on "Credentials" (located in the sidebar) and click on "Add Credentials".
  5. Select "OAuth Client ID", then "Other" and then "Create".
  6. Obtain your "Client ID" and "Client Secret" and save it for later
  7. An additional link-based verification is needed by Google: since the default backup script sends the stdin and stderr to a log file and you need to input a code you need to first execute duplicity "manually".
    To do this you can use a premade status function in the env file: source env_to_set; duplicity_test_run; unsource env_to_set.
    Copy and paste the link from the terminal and then copy the verification string back on it.

Enviroment configuration

  1. SSH into the server and clone the repository (inside /root): git clone https://gitlab.com/unitoo/duplicity-automated-backups.git duplicity
  2. Copy the conf_example\credentials file and put it into the duplicity/gdrive folder
  3. Edit the client_id and client_secret entries with the credentials obtained on the step before
  4. Copy the conf_exampl\env_to_set inside duplicity/ and edit it according to the comments
  5. Copy and edit the conf_example\whitelist file and add the files/directories you want to include in the backup
  6. Move the previously exported public and private keys inside the keys directory
  7. Add some crontab entries to execute, for example, the backup-inc script daily and the backup-full script monthly:
crontab -e

# m h  dom mon dow   command
0 2 * * * /root/duplicity/backup-inc
0 0 1 * * /root/duplicity/backup-full

Restore process

The restore script, if executed, will perfom a full backup inside a newly created backup-dir directory. The private key must be already imported and the user will be prompted for its password.
A symmtric-encrypted copy of the private key should be inside the server's duplicity/keys directory; if the restore is being done outside the server you will need the credentials file and the env_to_set as well as the private key.
Partial file recovery can be done using the --file-to-restore Duplicity option, further documentation can be found online or in its man page.

Notes

  • Google Drive isn't the only possible location for your backups: other services such as Dropbox and Mega can be used and further documentation about Duplicity can be found online/on its man page.
  • The archive dir (which is by default /root/.cache/duplicity/backup) must be synched with the remote one to let the process work without a private key: if its content gets deleted Duplicity will need the private key (which is not left unencrypted/imported on the server for security reasons) to decrypt the remote contents and so it will fail and send an alert email; this can be fixed by temporarily importing the private key and manually executing the script to let Duplicity sync the metadata.
  • The env_to_set file can be useful if sourced to let other scripts use the variables and the functions inside it.