jens/infra-borgbackup-postgresql
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Dateien nach "scripts" hochladen

Browse Source
This commit is contained in:
Jens Beckmann
2026-05-31 17:35:00 +00:00
parent f656a3d9db
commit a01d6a9c96
1 changed files with 129 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
scripts/setup.sh
+129
View File
@@ -0,0 +1,129 @@
#!/usr/bin/env bash
# =============================================================================
# setup.sh Einmaliges Setup für Borg Backup auf dem Raspberry Pi
# Als root oder mit sudo ausführen!
# =============================================================================
set -euo pipefail
RED='\033[0;31m'; GREEN='\033[0;32m'; YELLOW='\033[1;33m'; BLUE='\033[0;34m'; NC='\033[0m'
log() { echo -e "${BLUE}[SETUP]${NC} $*"; }
log_ok() { echo -e "${GREEN}[SETUP] ✓${NC} $*"; }
log_warn(){ echo -e "${YELLOW}[SETUP] ⚠${NC} $*"; }
log_err() { echo -e "${RED}[SETUP] ✗${NC} $*" >&2; }
# --- Root-Check --------------------------------------------------------------
if [[ $EUID -ne 0 ]]; then
log_err "Dieses Skript muss als root ausgeführt werden: sudo $0"
exit 1
fi
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
# --- Konfiguration einlesen --------------------------------------------------
CONFIG_FILE="${SCRIPT_DIR}/../config/backup.conf"
if [[ ! -f "$CONFIG_FILE" ]]; then
log_err "Bitte zuerst config/backup.conf ausfüllen!"
exit 1
fi
source "$CONFIG_FILE"
log "========================================"
log " Borg Backup Setup"
log "========================================"
# --- 1. Borg installieren ----------------------------------------------------
log "Installiere borgbackup..."
apt-get update -qq
apt-get install -y borgbackup
log_ok "borgbackup installiert: $(borg --version)"
# --- 2. Backup-Benutzer anlegen ----------------------------------------------
if ! id borgbackup &>/dev/null; then
useradd -m -s /bin/bash borgbackup
log_ok "Benutzer 'borgbackup' angelegt."
else
log_ok "Benutzer 'borgbackup' existiert bereits."
fi
# --- 3. SSH-Schlüssel generieren ---------------------------------------------
SSH_KEY_DIR="/home/borgbackup/.ssh"
mkdir -p "$SSH_KEY_DIR"
if [[ ! -f "${SSH_KEY_PATH}" ]]; then
sudo -u borgbackup ssh-keygen -t ed25519 \
-f "${SSH_KEY_PATH}" \
-C "borg-backup@$(hostname)" \
-N ""
log_ok "SSH-Schlüssel generiert: ${SSH_KEY_PATH}"
else
log_ok "SSH-Schlüssel existiert bereits: ${SSH_KEY_PATH}"
fi
chown -R borgbackup:borgbackup "$SSH_KEY_DIR"
chmod 700 "$SSH_KEY_DIR"
chmod 600 "${SSH_KEY_PATH}"
chmod 644 "${SSH_KEY_PATH}.pub"
# --- 4. Backup-Verzeichnis anlegen -------------------------------------------
BACKUP_DIR="$(dirname "$BORG_REPO")"
mkdir -p "$BACKUP_DIR"
chown borgbackup:borgbackup "$BACKUP_DIR"
log_ok "Backup-Verzeichnis: ${BACKUP_DIR}"
# --- 5. Skript-Berechtigungen setzen -----------------------------------------
chmod +x "${SCRIPT_DIR}/backup-postgres.sh"
chmod +x "${SCRIPT_DIR}/restore-postgres.sh" 2>/dev/null || true
chmod +x "${SCRIPT_DIR}/verify-backup.sh" 2>/dev/null || true
chown -R borgbackup:borgbackup "${SCRIPT_DIR}/.."
log_ok "Skript-Berechtigungen gesetzt."
# --- 6. Systemd-Service installieren -----------------------------------------
SYSTEMD_DIR="/etc/systemd/system"
SYSTEMD_SRC="${SCRIPT_DIR}/../systemd"
if [[ -f "${SYSTEMD_SRC}/borg-backup.service" ]]; then
cp "${SYSTEMD_SRC}/borg-backup.service" "${SYSTEMD_DIR}/"
cp "${SYSTEMD_SRC}/borg-backup.timer" "${SYSTEMD_DIR}/"
systemctl daemon-reload
systemctl enable borg-backup.timer
systemctl start borg-backup.timer
log_ok "Systemd-Timer aktiviert."
systemctl status borg-backup.timer --no-pager
fi
# --- 7. Ausgabe: nächste Schritte --------------------------------------------
echo ""
log_warn "══════════════════════════════════════════"
log_warn " Auf dem PostgreSQL-Server muss folgendes"
log_warn " eingerichtet werden Anleitung:"
log_warn "══════════════════════════════════════════"
echo ""
echo " 1. Borg auf dem PostgreSQL-Server installieren:"
echo " sudo apt install borgbackup"
echo ""
echo " 2. Benutzer 'borgclient' anlegen:"
echo " sudo useradd -m -s /bin/bash borgclient"
echo ""
echo " 3. SSH-Schlüssel (öffentlich) auf dem Server autorisieren:"
echo " sudo mkdir -p /home/borgclient/.ssh"
echo " sudo nano /home/borgclient/.ssh/authorized_keys"
echo ""
echo " Folgenden Inhalt einfügen:"
echo " ─────────────────────────────────────────────"
cat "${SSH_KEY_PATH}.pub"
echo " ─────────────────────────────────────────────"
echo ""
echo " 4. sudo-Berechtigung für pg_dump + psql einrichten:"
echo " sudo visudo -f /etc/sudoers.d/borgclient"
echo ""
echo " Inhalt:"
echo " borgclient ALL=(postgres) NOPASSWD: /usr/bin/pg_dump"
echo " borgclient ALL=(postgres) NOPASSWD: /usr/bin/psql"
echo ""
echo " (Erlaubt Dump + Datenbankabfrage für alle Datenbanken)"
echo ""
echo " 5. Verbindungstest vom Pi aus:"
echo " sudo -u borgbackup ssh -i ${SSH_KEY_PATH} ${PG_SSH_USER}@${PG_HOST} echo OK"
echo ""
log_ok "Setup abgeschlossen!"