Backup system

Imported both the server- and client-side backup scripts.

backup/ssh-client/README

@@ -0,0 +1,31 @@
+Client-side scripts for SSH backup
+===================================
+
+The scripts in this directory are meant to be used with the backup server's SSH
+fetch script.
+
+
+Installation
+-------------
+
+1/ Create an user that uses the backup-user-shell as its shell and
+	/var/lib/rbackup as its home directory.
+2/ Authorize the server's SSH key (limiting the key to the backup server's
+	address is a good idea) to log in as that specific user
+3/ Authorize the backup user to run the main script as root (see sudo.example)
+
+If you want the archive sent to the backup server to be encrypted locally,
+write the encryption key in the /etc/rbackup-encryption-key file (mode 0600 for
+root). Otherwise, make sure the file does not exist.
+
+
+Notes
+------
+
+1/ If the backup server is compromised, then so is the system being backed up.
+
+2/ If you use local encryption (which would mitigate the problem described
+	above), make sure you have a copy of the key somewhere.
+
+3/ If you want to use something other than /var/lib/rbackup as the user's home
+	directory, you'll have to change the backup-user-shell script.

backup/ssh-client/backup-client

@@ -0,0 +1,56 @@
+#!/bin/bash
+
+function printToServer
+{
+	echo "...SRC...$*" >&2
+}
+
+function catToServer
+{
+	sed -e 's/^/...SRC.../' < "$1" >&2
+}
+
+read backup_directory
+
+if [ -z "$backup_directory" ]; then
+	printToServer "ERROR: no directory to backup"
+	exit 1
+else
+	backup_directory="`echo "/$backup_directory" | sed -e 's/\/\+/\//g' -e 's/\/$//'`"
+	if ! [ -d "$backup_directory" ]; then
+		printToServer "ERROR: missing directory $backup_directory"
+		exit 1
+	fi
+fi
+
+backup_exclude=( )
+while read backup_edir; do
+	backup_exclude=( ${backup_exclude[@]} $backup_edir )
+done
+
+
+command='ionice -c2 -n7 tar --numeric-owner --one-file-system --ignore-failed-read --warning=none -c'
+index=
+for index in $( seq 0 $(( ${#backup_exclude[@]} - 1 )) ); do
+	command="$command"' "--exclude='"`echo "./${backup_exclude[$index]}" | sed -e 's/\/\+/\//g' -e 's/\/$//'`"'"'
+done
+command="$command"' ".'"$backup_directory"'"'
+if [ -f "/etc/rbackup-encryption-key" ]; then
+	command="$command | nice -n20 openssl enc -kfile /etc/rbackup-encryption-key -aes-256-cbc -e"
+fi
+printToServer "Remote host ready"
+
+tarerrors="`mktemp`"
+chmod 600 "$tarerrors"
+cd /
+
+eval $command 2>"$tarerrors"
+if ! [ -z "`cat $tarerrors`" ]; then
+	printToServer "FETCH ERROR: something went wrong while creating the archive:" >&2
+	printToServer "-----------------------------------------------------" >&2
+	catToServer "$tarerrors"
+	printToServer "-----------------------------------------------------" >&2
+	rm -f "$tarerrors"
+	exit 1
+fi
+rm -f "$tarerrors"

backup/ssh-client/backup-user-shell

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+exec sudo /bin/bash /var/lib/rbackup/backup-client

backup/ssh-client/sudo.example

@@ -0,0 +1,4 @@
+# Remote backup system, assuming the remote backup user is "rbackup" and
+# the script has been installed in /var/lib/rbackup
+#
+rbackup ALL= (root) NOPASSWD: /bin/bash /var/lib/rbackup/backup-client