274 lines
8.5 KiB
Bash
Executable File
274 lines
8.5 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# .---. . .
|
|
# | | |
|
|
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
|
|
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
|
|
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
|
|
#
|
|
# Freedom in the Cloud
|
|
#
|
|
# Restore gogs from local storage - typically a USB drive
|
|
|
|
# License
|
|
# =======
|
|
#
|
|
# Copyright (C) 2015 Bob Mottram <bob@robotics.uk.to>
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
PROJECT_NAME='freedombone'
|
|
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
|
|
BACKUP_EXTRA_DIRECTORIES=/root/backup-extra-dirs.csv
|
|
|
|
export TEXTDOMAIN=${PROJECT_NAME}-restore-gogs
|
|
export TEXTDOMAINDIR="/usr/share/locale"
|
|
|
|
USB_DRIVE=/dev/sdb1
|
|
USB_MOUNT=/mnt/usb
|
|
|
|
# get default USB from config file
|
|
CONFIG_FILE=$HOME/${PROJECT_NAME}.cfg
|
|
if [ -f $CONFIG_FILE ]; then
|
|
if grep -q "USB_DRIVE=" $CONFIG_FILE; then
|
|
USB_DRIVE=$(cat $CONFIG_FILE | grep "USB_DRIVE=" | awk -F '=' '{print $2}')
|
|
fi
|
|
fi
|
|
|
|
ADMIN_USERNAME=
|
|
ADMIN_NAME=
|
|
|
|
# MariaDB password
|
|
DATABASE_PASSWORD=$(cat /root/dbpass)
|
|
|
|
MICROBLOG_DOMAIN_NAME=
|
|
HUBZILLA_DOMAIN_NAME=
|
|
OWNCLOUD_DOMAIN_NAME=
|
|
GIT_DOMAIN_NAME=
|
|
WIKI_DOMAIN_NAME=
|
|
FULLBLOG_DOMAIN_NAME=
|
|
|
|
function mount_drive {
|
|
if [ $1 ]; then
|
|
USB_DRIVE=/dev/${1}1
|
|
fi
|
|
|
|
# get the admin user
|
|
ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
|
|
if [ $2 ]; then
|
|
ADMIN_USERNAME=$2
|
|
fi
|
|
ADMIN_NAME=$(getent passwd $ADMIN_USERNAME | cut -d: -f5 | cut -d, -f1)
|
|
|
|
# check that the backup destination is available
|
|
if [ ! -b $USB_DRIVE ]; then
|
|
echo $"Please attach a USB drive"
|
|
exit 1
|
|
fi
|
|
|
|
# unmount if already mounted
|
|
umount -f $USB_MOUNT
|
|
if [ ! -d $USB_MOUNT ]; then
|
|
mkdir $USB_MOUNT
|
|
fi
|
|
if [ -f /dev/mapper/encrypted_usb ]; then
|
|
rm -rf /dev/mapper/encrypted_usb
|
|
fi
|
|
cryptsetup luksClose encrypted_usb
|
|
|
|
# mount the encrypted backup drive
|
|
cryptsetup luksOpen $USB_DRIVE encrypted_usb
|
|
if [ "$?" = "0" ]; then
|
|
USB_DRIVE=/dev/mapper/encrypted_usb
|
|
fi
|
|
mount $USB_DRIVE $USB_MOUNT
|
|
if [ ! "$?" = "0" ]; then
|
|
echo $"There was a problem mounting the USB drive to $USB_MOUNT"
|
|
rm -rf $USB_MOUNT
|
|
exit 2
|
|
fi
|
|
}
|
|
|
|
function unmount_drive {
|
|
sync
|
|
umount $USB_MOUNT
|
|
if [ ! "$?" = "0" ]; then
|
|
echo $"Unable to unmount the drive. This means that the backup did not work"
|
|
rm -rf $USB_MOUNT
|
|
exit 9
|
|
fi
|
|
rm -rf $USB_MOUNT
|
|
|
|
echo $"Setting permissions"
|
|
for d in /home/*/ ; do
|
|
USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
|
|
if [[ $USERNAME != "git" ]]; then
|
|
chown -R $USERNAME:$USERNAME /home/$USERNAME
|
|
fi
|
|
done
|
|
|
|
if [[ $USB_DRIVE == /dev/mapper/encrypted_usb ]]; then
|
|
echo $"Unmount encrypted USB"
|
|
cryptsetup luksClose encrypted_usb
|
|
fi
|
|
if [ -f /dev/mapper/encrypted_usb ]; then
|
|
rm -rf /dev/mapper/encrypted_usb
|
|
fi
|
|
}
|
|
|
|
function check_backup_exists {
|
|
if [ ! -d $USB_MOUNT/backup ]; then
|
|
echo $"No backup directory found on the USB drive."
|
|
unmount_drive
|
|
exit 2
|
|
fi
|
|
}
|
|
|
|
function check_admin_user {
|
|
echo $"Checking that admin user exists"
|
|
if [ ! -d /home/$ADMIN_USERNAME ]; then
|
|
echo $"Username $ADMIN_USERNAME not found. Reinstall ${PROJECT_NAME} with this username."
|
|
unmount_drive
|
|
exit 295
|
|
fi
|
|
}
|
|
|
|
function copy_gpg_keys {
|
|
echo $"Copying GPG keys from admin user to root"
|
|
cp -r /home/$ADMIN_USERNAME/.gnupg /root
|
|
}
|
|
|
|
function restore_directory_from_usb {
|
|
if [ ! -d ${1} ]; then
|
|
mkdir ${1}
|
|
fi
|
|
obnam restore -r $USB_MOUNT/backup/${2} --to ${1}
|
|
}
|
|
|
|
function restore_database {
|
|
RESTORE_SUBDIR="root"
|
|
|
|
if [ -d $USB_MOUNT/backup/${1} ]; then
|
|
echo $"Restoring ${1} database"
|
|
restore_directory_from_usb "/root/temp${1}data" "${1}data"
|
|
if [ ! -f /root/temp${1}data/${RESTORE_SUBDIR}/temp${1}data/${1}.sql ]; then
|
|
echo $"Unable to restore ${1} database"
|
|
rm -rf /root/temp${1}data
|
|
unmount_drive
|
|
exit 503
|
|
fi
|
|
mysqlsuccess=$(mysql -u root --password=$DATABASE_PASSWORD ${1} -o < /root/temp${1}data/${RESTORE_SUBDIR}/temp${1}data/${1}.sql)
|
|
if [ ! "$?" = "0" ]; then
|
|
echo "$mysqlsuccess"
|
|
unmount_drive
|
|
exit 964
|
|
fi
|
|
shred -zu /root/temp${1}data/${RESTORE_SUBDIR}/temp${1}data/*
|
|
rm -rf /root/temp${1}data
|
|
echo $"Restoring ${1} installation"
|
|
if [ ! -d /root/temp${1} ]; then
|
|
mkdir /root/temp${1}
|
|
fi
|
|
restore_directory_from_usb "/root/temp${1}" "${1}"
|
|
RESTORE_SUBDIR="var"
|
|
if [ ${2} ]; then
|
|
if [ -d /var/www/${2}/htdocs ]; then
|
|
if [ -d /root/temp${1}/${RESTORE_SUBDIR}/www/${2}/htdocs ]; then
|
|
rm -rf /var/www/${2}/htdocs
|
|
mv /root/temp${1}/${RESTORE_SUBDIR}/www/${2}/htdocs /var/www/${2}/
|
|
if [ ! "$?" = "0" ]; then
|
|
unmount_drive
|
|
exit 683
|
|
fi
|
|
if [ -d /etc/letsencrypt/live/${2} ]; then
|
|
ln -s /etc/letsencrypt/live/${2}/privkey.pem /etc/ssl/private/${2}.key
|
|
ln -s /etc/letsencrypt/live/${2}/fullchain.pem /etc/ssl/certs/${2}.pem
|
|
else
|
|
# Ensure that the bundled SSL cert is being used
|
|
if [ -f /etc/ssl/certs/${2}.bundle.crt ]; then
|
|
sed -i "s|${2}.crt|${2}.bundle.crt|g" /etc/nginx/sites-available/${2}
|
|
fi
|
|
fi
|
|
fi
|
|
fi
|
|
fi
|
|
fi
|
|
}
|
|
|
|
function update_domains {
|
|
if grep -q "Gogs domain" $COMPLETION_FILE; then
|
|
GIT_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Gogs domain" | awk -F ':' '{print $2}')
|
|
fi
|
|
}
|
|
|
|
function same_admin_user {
|
|
PREV_ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
|
|
if [[ "$PREV_ADMIN_USERNAME" != "$ADMIN_USERNAME" ]]; then
|
|
echo $"The admin username has changed from $PREV_ADMIN_USERNAME to $ADMIN_USERNAME. To restore you will first need to install a new ${PROJECT_NAME} system with an initial admin user named $PREV_ADMIN_USERNAME"
|
|
unmount_drive
|
|
exit 73265
|
|
fi
|
|
}
|
|
|
|
function restore_gogs {
|
|
if [ $GIT_DOMAIN_NAME ]; then
|
|
restore_database gogs ${GIT_DOMAIN_NAME}
|
|
if [ -d $USB_MOUNT/backup/gogs ]; then
|
|
echo $"Restoring Gogs settings"
|
|
if [ ! -d /home/git/go/src/github.com/gogits/gogs/custom ]; then
|
|
mkdir -p /home/git/go/src/github.com/gogits/gogs/custom
|
|
fi
|
|
cp -r /root/tempgogs/home/git/go/src/github.com/gogits/gogs/custom/* /home/git/go/src/github.com/gogits/gogs/custom
|
|
if [ ! "$?" = "0" ]; then
|
|
unmount_drive
|
|
exit 981
|
|
fi
|
|
echo $"Restoring Gogs repos"
|
|
restore_directory_from_usb /root/tempgogsrepos gogsrepos
|
|
cp -r /root/tempgogsrepos/home/git/gogs-repositories/* /home/git/gogs-repositories/
|
|
if [ ! "$?" = "0" ]; then
|
|
unmount_drive
|
|
exit 67574
|
|
fi
|
|
echo $"Restoring Gogs authorized_keys"
|
|
restore_directory_from_usb /root/tempgogsssh gogsssh
|
|
if [ ! -d /home/git/.ssh ]; then
|
|
mkdir /home/git/.ssh
|
|
fi
|
|
cp -r /root/tempgogsssh/home/git/.ssh/* /home/git/.ssh/
|
|
if [ ! "$?" = "0" ]; then
|
|
unmount_drive
|
|
exit 8463
|
|
fi
|
|
rm -rf /root/tempgogs
|
|
rm -rf /root/tempgogsrepos
|
|
rm -rf /root/tempgogsssh
|
|
chown -R git:git /home/git
|
|
fi
|
|
fi
|
|
}
|
|
|
|
mount_drive $1 $2
|
|
check_backup_exists
|
|
check_admin_user
|
|
copy_gpg_keys
|
|
same_admin_user
|
|
update_domains
|
|
restore_gogs
|
|
unmount_drive
|
|
|
|
echo $"Restore Gogs from USB drive is complete. You can now unplug it."
|
|
|
|
exit 0
|