Dateien nach "scripts" hochladen
This commit is contained in:
@@ -0,0 +1,129 @@
|
||||
#!/usr/bin/env bash
|
||||
# =============================================================================
|
||||
# setup.sh – Einmaliges Setup für Borg Backup auf dem Raspberry Pi
|
||||
# Als root oder mit sudo ausführen!
|
||||
# =============================================================================
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
RED='\033[0;31m'; GREEN='\033[0;32m'; YELLOW='\033[1;33m'; BLUE='\033[0;34m'; NC='\033[0m'
|
||||
log() { echo -e "${BLUE}[SETUP]${NC} $*"; }
|
||||
log_ok() { echo -e "${GREEN}[SETUP] ✓${NC} $*"; }
|
||||
log_warn(){ echo -e "${YELLOW}[SETUP] ⚠${NC} $*"; }
|
||||
log_err() { echo -e "${RED}[SETUP] ✗${NC} $*" >&2; }
|
||||
|
||||
# --- Root-Check --------------------------------------------------------------
|
||||
if [[ $EUID -ne 0 ]]; then
|
||||
log_err "Dieses Skript muss als root ausgeführt werden: sudo $0"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||
|
||||
# --- Konfiguration einlesen --------------------------------------------------
|
||||
CONFIG_FILE="${SCRIPT_DIR}/../config/backup.conf"
|
||||
if [[ ! -f "$CONFIG_FILE" ]]; then
|
||||
log_err "Bitte zuerst config/backup.conf ausfüllen!"
|
||||
exit 1
|
||||
fi
|
||||
source "$CONFIG_FILE"
|
||||
|
||||
log "========================================"
|
||||
log " Borg Backup Setup"
|
||||
log "========================================"
|
||||
|
||||
# --- 1. Borg installieren ----------------------------------------------------
|
||||
log "Installiere borgbackup..."
|
||||
apt-get update -qq
|
||||
apt-get install -y borgbackup
|
||||
log_ok "borgbackup installiert: $(borg --version)"
|
||||
|
||||
# --- 2. Backup-Benutzer anlegen ----------------------------------------------
|
||||
if ! id borgbackup &>/dev/null; then
|
||||
useradd -m -s /bin/bash borgbackup
|
||||
log_ok "Benutzer 'borgbackup' angelegt."
|
||||
else
|
||||
log_ok "Benutzer 'borgbackup' existiert bereits."
|
||||
fi
|
||||
|
||||
# --- 3. SSH-Schlüssel generieren ---------------------------------------------
|
||||
SSH_KEY_DIR="/home/borgbackup/.ssh"
|
||||
mkdir -p "$SSH_KEY_DIR"
|
||||
|
||||
if [[ ! -f "${SSH_KEY_PATH}" ]]; then
|
||||
sudo -u borgbackup ssh-keygen -t ed25519 \
|
||||
-f "${SSH_KEY_PATH}" \
|
||||
-C "borg-backup@$(hostname)" \
|
||||
-N ""
|
||||
log_ok "SSH-Schlüssel generiert: ${SSH_KEY_PATH}"
|
||||
else
|
||||
log_ok "SSH-Schlüssel existiert bereits: ${SSH_KEY_PATH}"
|
||||
fi
|
||||
|
||||
chown -R borgbackup:borgbackup "$SSH_KEY_DIR"
|
||||
chmod 700 "$SSH_KEY_DIR"
|
||||
chmod 600 "${SSH_KEY_PATH}"
|
||||
chmod 644 "${SSH_KEY_PATH}.pub"
|
||||
|
||||
# --- 4. Backup-Verzeichnis anlegen -------------------------------------------
|
||||
BACKUP_DIR="$(dirname "$BORG_REPO")"
|
||||
mkdir -p "$BACKUP_DIR"
|
||||
chown borgbackup:borgbackup "$BACKUP_DIR"
|
||||
log_ok "Backup-Verzeichnis: ${BACKUP_DIR}"
|
||||
|
||||
# --- 5. Skript-Berechtigungen setzen -----------------------------------------
|
||||
chmod +x "${SCRIPT_DIR}/backup-postgres.sh"
|
||||
chmod +x "${SCRIPT_DIR}/restore-postgres.sh" 2>/dev/null || true
|
||||
chmod +x "${SCRIPT_DIR}/verify-backup.sh" 2>/dev/null || true
|
||||
chown -R borgbackup:borgbackup "${SCRIPT_DIR}/.."
|
||||
log_ok "Skript-Berechtigungen gesetzt."
|
||||
|
||||
# --- 6. Systemd-Service installieren -----------------------------------------
|
||||
SYSTEMD_DIR="/etc/systemd/system"
|
||||
SYSTEMD_SRC="${SCRIPT_DIR}/../systemd"
|
||||
|
||||
if [[ -f "${SYSTEMD_SRC}/borg-backup.service" ]]; then
|
||||
cp "${SYSTEMD_SRC}/borg-backup.service" "${SYSTEMD_DIR}/"
|
||||
cp "${SYSTEMD_SRC}/borg-backup.timer" "${SYSTEMD_DIR}/"
|
||||
systemctl daemon-reload
|
||||
systemctl enable borg-backup.timer
|
||||
systemctl start borg-backup.timer
|
||||
log_ok "Systemd-Timer aktiviert."
|
||||
systemctl status borg-backup.timer --no-pager
|
||||
fi
|
||||
|
||||
# --- 7. Ausgabe: nächste Schritte --------------------------------------------
|
||||
echo ""
|
||||
log_warn "══════════════════════════════════════════"
|
||||
log_warn " Auf dem PostgreSQL-Server muss folgendes"
|
||||
log_warn " eingerichtet werden – Anleitung:"
|
||||
log_warn "══════════════════════════════════════════"
|
||||
echo ""
|
||||
echo " 1. Borg auf dem PostgreSQL-Server installieren:"
|
||||
echo " sudo apt install borgbackup"
|
||||
echo ""
|
||||
echo " 2. Benutzer 'borgclient' anlegen:"
|
||||
echo " sudo useradd -m -s /bin/bash borgclient"
|
||||
echo ""
|
||||
echo " 3. SSH-Schlüssel (öffentlich) auf dem Server autorisieren:"
|
||||
echo " sudo mkdir -p /home/borgclient/.ssh"
|
||||
echo " sudo nano /home/borgclient/.ssh/authorized_keys"
|
||||
echo ""
|
||||
echo " Folgenden Inhalt einfügen:"
|
||||
echo " ─────────────────────────────────────────────"
|
||||
cat "${SSH_KEY_PATH}.pub"
|
||||
echo " ─────────────────────────────────────────────"
|
||||
echo ""
|
||||
echo " 4. sudo-Berechtigung für pg_dump + psql einrichten:"
|
||||
echo " sudo visudo -f /etc/sudoers.d/borgclient"
|
||||
echo ""
|
||||
echo " Inhalt:"
|
||||
echo " borgclient ALL=(postgres) NOPASSWD: /usr/bin/pg_dump"
|
||||
echo " borgclient ALL=(postgres) NOPASSWD: /usr/bin/psql"
|
||||
echo ""
|
||||
echo " (Erlaubt Dump + Datenbankabfrage für alle Datenbanken)"
|
||||
echo ""
|
||||
echo " 5. Verbindungstest vom Pi aus:"
|
||||
echo " sudo -u borgbackup ssh -i ${SSH_KEY_PATH} ${PG_SSH_USER}@${PG_HOST} echo OK"
|
||||
echo ""
|
||||
log_ok "Setup abgeschlossen!"
|
||||
Reference in New Issue
Block a user