jens/infra-borgbackup-postgresql
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
infra-borgbackup-postgresql/scripts/setup.sh
T
jens a01d6a9c96 Dateien nach "scripts" hochladen
2026-05-31 17:35:00 +00:00

130 lines
5.0 KiB
Bash
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#!/usr/bin/env bash
# =============================================================================
# setup.sh Einmaliges Setup für Borg Backup auf dem Raspberry Pi
# Als root oder mit sudo ausführen!
# =============================================================================
set -euo pipefail
RED='\033[0;31m'; GREEN='\033[0;32m'; YELLOW='\033[1;33m'; BLUE='\033[0;34m'; NC='\033[0m'
log() { echo -e "${BLUE}[SETUP]${NC} $*"; }
log_ok() { echo -e "${GREEN}[SETUP] ✓${NC} $*"; }
log_warn(){ echo -e "${YELLOW}[SETUP] ⚠${NC} $*"; }
log_err() { echo -e "${RED}[SETUP] ✗${NC} $*" >&2; }
# --- Root-Check --------------------------------------------------------------
if [[ $EUID -ne 0 ]]; then
log_err "Dieses Skript muss als root ausgeführt werden: sudo $0"
exit 1
fi
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
# --- Konfiguration einlesen --------------------------------------------------
CONFIG_FILE="${SCRIPT_DIR}/../config/backup.conf"
if [[ ! -f "$CONFIG_FILE" ]]; then
log_err "Bitte zuerst config/backup.conf ausfüllen!"
exit 1
fi
source "$CONFIG_FILE"
log "========================================"
log " Borg Backup Setup"
log "========================================"
# --- 1. Borg installieren ----------------------------------------------------
log "Installiere borgbackup..."
apt-get update -qq
apt-get install -y borgbackup
log_ok "borgbackup installiert: $(borg --version)"
# --- 2. Backup-Benutzer anlegen ----------------------------------------------
if ! id borgbackup &>/dev/null; then
useradd -m -s /bin/bash borgbackup
log_ok "Benutzer 'borgbackup' angelegt."
else
log_ok "Benutzer 'borgbackup' existiert bereits."
fi
# --- 3. SSH-Schlüssel generieren ---------------------------------------------
SSH_KEY_DIR="/home/borgbackup/.ssh"
mkdir -p "$SSH_KEY_DIR"
if [[ ! -f "${SSH_KEY_PATH}" ]]; then
sudo -u borgbackup ssh-keygen -t ed25519 \
-f "${SSH_KEY_PATH}" \
-C "borg-backup@$(hostname)" \
-N ""
log_ok "SSH-Schlüssel generiert: ${SSH_KEY_PATH}"
else
log_ok "SSH-Schlüssel existiert bereits: ${SSH_KEY_PATH}"
fi
chown -R borgbackup:borgbackup "$SSH_KEY_DIR"
chmod 700 "$SSH_KEY_DIR"
chmod 600 "${SSH_KEY_PATH}"
chmod 644 "${SSH_KEY_PATH}.pub"
# --- 4. Backup-Verzeichnis anlegen -------------------------------------------
BACKUP_DIR="$(dirname "$BORG_REPO")"
mkdir -p "$BACKUP_DIR"
chown borgbackup:borgbackup "$BACKUP_DIR"
log_ok "Backup-Verzeichnis: ${BACKUP_DIR}"
# --- 5. Skript-Berechtigungen setzen -----------------------------------------
chmod +x "${SCRIPT_DIR}/backup-postgres.sh"
chmod +x "${SCRIPT_DIR}/restore-postgres.sh" 2>/dev/null || true
chmod +x "${SCRIPT_DIR}/verify-backup.sh" 2>/dev/null || true
chown -R borgbackup:borgbackup "${SCRIPT_DIR}/.."
log_ok "Skript-Berechtigungen gesetzt."
# --- 6. Systemd-Service installieren -----------------------------------------
SYSTEMD_DIR="/etc/systemd/system"
SYSTEMD_SRC="${SCRIPT_DIR}/../systemd"
if [[ -f "${SYSTEMD_SRC}/borg-backup.service" ]]; then
cp "${SYSTEMD_SRC}/borg-backup.service" "${SYSTEMD_DIR}/"
cp "${SYSTEMD_SRC}/borg-backup.timer" "${SYSTEMD_DIR}/"
systemctl daemon-reload
systemctl enable borg-backup.timer
systemctl start borg-backup.timer
log_ok "Systemd-Timer aktiviert."
systemctl status borg-backup.timer --no-pager
fi
# --- 7. Ausgabe: nächste Schritte --------------------------------------------
echo ""
log_warn "══════════════════════════════════════════"
log_warn " Auf dem PostgreSQL-Server muss folgendes"
log_warn " eingerichtet werden Anleitung:"
log_warn "══════════════════════════════════════════"
echo ""
echo " 1. Borg auf dem PostgreSQL-Server installieren:"
echo " sudo apt install borgbackup"
echo ""
echo " 2. Benutzer 'borgclient' anlegen:"
echo " sudo useradd -m -s /bin/bash borgclient"
echo ""
echo " 3. SSH-Schlüssel (öffentlich) auf dem Server autorisieren:"
echo " sudo mkdir -p /home/borgclient/.ssh"
echo " sudo nano /home/borgclient/.ssh/authorized_keys"
echo ""
echo " Folgenden Inhalt einfügen:"
echo " ─────────────────────────────────────────────"
cat "${SSH_KEY_PATH}.pub"
echo " ─────────────────────────────────────────────"
echo ""
echo " 4. sudo-Berechtigung für pg_dump + psql einrichten:"
echo " sudo visudo -f /etc/sudoers.d/borgclient"
echo ""
echo " Inhalt:"
echo " borgclient ALL=(postgres) NOPASSWD: /usr/bin/pg_dump"
echo " borgclient ALL=(postgres) NOPASSWD: /usr/bin/psql"
echo ""
echo " (Erlaubt Dump + Datenbankabfrage für alle Datenbanken)"
echo ""
echo " 5. Verbindungstest vom Pi aus:"
echo " sudo -u borgbackup ssh -i ${SSH_KEY_PATH} ${PG_SSH_USER}@${PG_HOST} echo OK"
echo ""
log_ok "Setup abgeschlossen!"
Reference in New Issue View Git Blame Copy Permalink