free
/
freedomboneeee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
freedomboneeee/src/freedombone-restore-remote

904 lines
33 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
# _____ _ _
# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
# | __| _| -_| -_| . | . | | . | . | | -_|
# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___|
#
# Freedom in the Cloud
#
# Restore from a given remote server
#
# License
# =======
#
# Copyright (C) 2015-2018 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
PROJECT_NAME='freedombone'
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
MONGODB_APPS_FILE=$HOME/.mongodbapps
BACKUP_EXTRA_DIRECTORIES=/root/backup-extra-dirs.csv
export TEXTDOMAIN=${PROJECT_NAME}-restore-remote
export TEXTDOMAINDIR="/usr/share/locale"
UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
for f in $UTILS_FILES
do
source "$f"
done
SERVER_NAME="$1"
# whether to restore everything or just a specific application
RESTORE_APP='all'
if [ "${2}" ]; then
RESTORE_APP="${2}"
fi
ADMIN_USERNAME=$(get_completion_param "Admin user")
ADMIN_EMAIL_ADDRESS=${ADMIN_USERNAME}@${HOSTNAME}
# Temporary location for data to be backed up to other servers
SERVER_DIRECTORY=/root/remoterestore
BACKUP_LIST=/home/${ADMIN_USERNAME}/backup.list
if [ ! "$SERVER_NAME" ]; then
echo $'restorefromfriend [server]'
exit 1
fi
if [ ! -f "$BACKUP_LIST" ]; then
echo $"No friends list found at $BACKUP_LIST"
exit 2
fi
if ! grep -q "$SERVER_NAME" "$BACKUP_LIST"; then
echo $"Server not found within the friends list"
exit 3
fi
REMOTE_SERVER=$(grep -i "$SERVER_NAME" "$BACKUP_LIST" | awk -F ' ' '{print $1}')
REMOTE_SSH_PORT=$(grep -i "$SERVER_NAME" "$BACKUP_LIST" | awk -F ' ' '{print $2}')
REMOTE_DIRECTORY=$(grep -i "$SERVER_NAME" "$BACKUP_LIST" | awk -F ' ' '{print $3}')
REMOTE_PASSWORD=$(grep -i "$SERVER_NAME" "$BACKUP_LIST" | awk -F ' ' '{print $4}')
REMOTE_SERVER=$REMOTE_SERVER:$REMOTE_DIRECTORY
NOW=$(date +"%Y-%m-%d %H:%M:%S")
echo "$NOW Starting restore from $REMOTE_SERVER" >> /var/log/remotebackups.log
if ! rsync -ratlzv --rsh="/usr/bin/sshpass -p $REMOTE_PASSWORD ssh -p $REMOTE_SSH_PORT -o StrictHostKeyChecking=no" "$REMOTE_SERVER/backup" "$SERVER_DIRECTORY"; then
echo "$NOW Restore from $REMOTE_SERVER failed" >> /var/log/remotebackups.log
# Send a warning email
echo "Restore from $REMOTE_SERVER failed" | mail -s "${PROJECT_NAME} restore from friend" "$ADMIN_EMAIL_ADDRESS"
exit 790
else
echo "$NOW Restored encrypted data from $REMOTE_SERVER" >> /var/log/remotebackups.log
fi
# MariaDB password
DATABASE_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
function copy_gpg_keys {
echo $"Copying GPG keys from admin user to root"
cp -r "/home/$ADMIN_USERNAME/.gnupg" /root
gpg_set_permissions root
}
function restore_blocklist {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'blocklist' ]]; then
return
fi
fi
if [ -d "$USB_MOUNT/backup/blocklist" ]; then
echo $"Restoring blocklist"
temp_restore_dir=/root/tempblocklist
restore_directory_from_friend $temp_restore_dir blocklist
if [ -d $temp_restore_dir/root/tempbackupblocklist ]; then
cp -f $temp_restore_dir/root/tempbackupblocklist/${PROJECT_NAME}-firewall-domains.cfg /root/${PROJECT_NAME}-firewall-domains.cfg
else
cp -f $temp_restore_dir/${PROJECT_NAME}-firewall-domains.cfg /root/${PROJECT_NAME}-firewall-domains.cfg
fi
rm -rf $temp_restore_dir
firewall_refresh_blocklist
fi
}
function restore_configfiles {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'configfiles' ]]; then
return
fi
fi
if [ -d $SERVER_DIRECTORY/backup/configfiles ]; then
echo $"Restoring configuration files"
temp_restore_dir=/root/tempconfigfiles
restore_directory_from_friend $temp_restore_dir configfiles
if [ -d $temp_restore_dir/root ]; then
if [ -f $temp_restore_dir/root/.nostore ]; then
if [ ! -f /root/.nostore ]; then
touch /root/.nostore
fi
else
if [ -f /root/.nostore ]; then
rm /root/.nostore
fi
fi
else
if [ -f $temp_restore_dir/.nostore ]; then
if [ ! -f /root/.nostore ]; then
touch /root/.nostore
fi
else
if [ -f /root/.nostore ]; then
rm /root/.nostore
fi
fi
fi
#if [ -f $temp_restore_dir$NODEJS_INSTALLED_APPS_FILE ]; then
# cp -f $temp_restore_dir$NODEJS_INSTALLED_APPS_FILE $NODEJS_INSTALLED_APPS_FILE
#fi
#if [ -f $temp_restore_dir/root/${PROJECT_NAME}.cfg ]; then
# cp -f $temp_restore_dir/root/${PROJECT_NAME}.cfg $CONFIGURATION_FILE
# if [ ! "$?" = "0" ]; then
# unmount_drive
# rm -rf $temp_restore_dir
# exit 5372
# fi
#fi
if [ -f "$temp_restore_dir$MONGODB_APPS_FILE" ]; then
if ! cp -f "$temp_restore_dir$MONGODB_APPS_FILE" "$MONGODB_APPS_FILE"; then
unmount_drive
rm -rf $temp_restore_dir
exit 7835335
fi
fi
#if [ -f $CONFIGURATION_FILE ]; then
# # install according to the config file
# freedombone -c $CONFIGURATION_FILE
#fi
#if [ -f $temp_restore_dir/root/${PROJECT_NAME}-completed.txt ]; then
# cp -f $temp_restore_dir/root/${PROJECT_NAME}-completed.txt $COMPLETION_FILE
# if [ ! "$?" = "0" ]; then
# unmount_drive
# rm -rf $temp_restore_dir
# exit 7252
# fi
#fi
if [ -f "${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES}" ]; then
if ! cp -f "${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES}" "${BACKUP_EXTRA_DIRECTORIES}"; then
unmount_drive
rm -rf $temp_restore_dir
exit 62121
fi
fi
# restore nginx password hashes
if [ -f $temp_restore_dir/root/htpasswd ]; then
cp -f $temp_restore_dir/root/htpasswd /etc/nginx/.htpasswd
fi
rm -rf $temp_restore_dir
fi
}
function restore_mariadb {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'mariadb' ]]; then
return
fi
fi
if [[ $(is_completed install_mariadb) == "0" ]]; then
function_check install_mariadb
install_mariadb
fi
if [ -d $SERVER_DIRECTORY/backup/mariadb ]; then
echo $"Restoring MariaDB settings"
temp_restore_dir=/root/tempmariadb
restore_directory_from_friend $temp_restore_dir mariadb
store_original_mariadb_password
echo $'Obtaining MariaDB password'
db_pass=$(cat /root/.mariadboriginal)
if [ ${#db_pass} -gt 0 ]; then
echo $"Restore the MariaDB user table"
if [ -d ${temp_restore_dir}${temp_restore_dir} ]; then
mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}${temp_restore_dir}/mysql.sql)
else
mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}/mysql.sql)
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
echo $"Try again using the password obtained from backup"
db_pass=$(${PROJECT_NAME}-pass -u root -a mariadb)
if [ -d ${temp_restore_dir}${temp_restore_dir} ]; then
mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}${temp_restore_dir}/mysql.sql)
else
mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}/mysql.sql)
fi
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
echo "$mysqlsuccess"
exit 962
fi
echo $"Restarting database"
systemctl restart mariadb
echo $"Ensure MariaDB handles authentication"
MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
mariadb_fix_authentication
fi
rm -rf ${temp_restore_dir}
fi
}
function restore_postgresql {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'postgresql' ]]; then
return
fi
fi
if [[ $(is_completed install_postgresql) == "0" ]]; then
function_check install_postgresql
install_postgresql
fi
if [ -d $SERVER_DIRECTORY/backup/postgresql ]; then
echo $"Restoring Postgresql settings"
temp_restore_dir=/root/temppostgresql
restore_directory_from_friend $temp_restore_dir postgresql
store_original_postgresql_password
echo $'Obtaining Postgresql password'
db_pass=$(cat /root/.postgresqloriginal)
if [ ${#db_pass} -gt 0 ]; then
echo $"Restore the Postgresql user table"
if [ -d ${temp_restore_dir}${temp_restore_dir} ]; then
mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}${temp_restore_dir}/postgresql.sql)
else
mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}/postgresql.sql)
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
echo $"Try again using the password obtained from backup"
db_pass=$("${PROJECT_NAME}-pass" -u root -a postgresql)
if [ -d ${temp_restore_dir}${temp_restore_dir} ]; then
mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}${temp_restore_dir}/postgresql.sql)
else
mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}/postgresql.sql)
fi
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
echo "$mysqlsuccess"
exit 962
fi
echo $"Restarting database"
systemctl restart postgresql
echo $"Ensure postgresql handles authentication"
POSTGRESQL_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a postgresql)
fi
rm -rf ${temp_restore_dir}
fi
}
function restore_letsencrypt {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'letsencrypt' ]]; then
return
fi
fi
if [ -d $SERVER_DIRECTORY/backup/letsencrypt ]; then
echo $"Restoring Lets Encrypt settings"
restore_directory_from_friend /etc/letsencrypt letsencrypt
fi
}
function restore_passwordstore {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'passwords' ]]; then
return
fi
fi
if [ -d $SERVER_DIRECTORY/backup/passwordstore ]; then
store_original_mariadb_password
echo $"Restoring password store"
restore_directory_from_friend /root/.passwords passwordstore
fi
}
function restore_tor {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'tor' ]]; then
return
fi
fi
if [ -d $SERVER_DIRECTORY/backup/tor ]; then
echo $"Restoring Tor settings"
restore_directory_from_friend /var/lib/tor tor
fi
}
function restore_mutt_settings {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'mutt' ]]; then
return
fi
fi
for d in $SERVER_DIRECTORY/backup/mutt/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
# skip over configurations
if [[ "$USERNAME" == *'configs' ]]; then
continue
fi
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d "$SERVER_DIRECTORY/backup/mutt/$USERNAME" ]; then
if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser "$USERNAME"
fi
echo $"Restoring Mutt configurations for $USERNAME"
restore_directory_from_friend "/home/$USERNAME/.mutt" "mutt/${USERNAME}configs"
echo $"Restoring Mutt settings for $USERNAME"
temp_restore_dir=/root/tempmutt
restore_directory_from_friend ${temp_restore_dir} "mutt/$USERNAME"
if [ -d "${temp_restore_dir}/home/$USERNAME/tempbackup" ]; then
if [ -f "${temp_restore_dir}/home/$USERNAME/tempbackup/.muttrc" ]; then
cp -f "${temp_restore_dir}/home/$USERNAME/tempbackup/.muttrc" "/home/$USERNAME/.muttrc"
sed -i '/set sidebar_delim/d' "/home/$USERNAME/.muttrc"
sed -i '/set sidebar_sort/d' "/home/$USERNAME/.muttrc"
fi
if [ -f "${temp_restore_dir}/home/$USERNAME/tempbackup/Muttrc" ]; then
cp -f "${temp_restore_dir}/home/$USERNAME/tempbackup/Muttrc" /etc/Muttrc
sed -i '/set sidebar_delim/d' /etc/Muttrc
sed -i '/set sidebar_sort/d' /etc/Muttrc
fi
else
if [ -f ${temp_restore_dir}/.muttrc ]; then
cp -f "${temp_restore_dir}/.muttrc" "/home/$USERNAME/.muttrc"
sed -i '/set sidebar_delim/d' "/home/$USERNAME/.muttrc"
sed -i '/set sidebar_sort/d' "/home/$USERNAME/.muttrc"
fi
if [ -f ${temp_restore_dir}/Muttrc ]; then
cp -f ${temp_restore_dir}/Muttrc /etc/Muttrc
sed -i '/set sidebar_delim/d' /etc/Muttrc
sed -i '/set sidebar_sort/d' /etc/Muttrc
fi
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
rm -rf ${temp_restore_dir}
exit 276
fi
rm -rf ${temp_restore_dir}
fi
fi
done
}
function restore_gpg {
if [[ $RESTORE_APP != 'gpg' ]]; then
return
fi
for d in $SERVER_DIRECTORY/backup/gnupg/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d "$SERVER_DIRECTORY/backup/gnupg/$USERNAME" ]; then
if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser "$USERNAME"
fi
echo $"Restoring gnupg settings for $USERNAME"
temp_restore_dir=/root/tempgnupg
restore_directory_from_friend ${temp_restore_dir} "gnupg/$USERNAME"
if [ -d "${temp_restore_dir}/home/$USERNAME/.gnupg" ]; then
cp -r "${temp_restore_dir}/home/$USERNAME/.gnupg" "/home/$USERNAME/"
else
if [ ! -d "/home/$USERNAME/.gnupg" ]; then
mkdir "/home/$USERNAME/.gnupg"
fi
cp -r "${temp_restore_dir}/"* "/home/$USERNAME/.gnupg/"
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
rm -rf ${temp_restore_dir}
exit 276
fi
rm -rf ${temp_restore_dir}
if [[ "$USERNAME" == "$ADMIN_USERNAME" ]]; then
if ! cp -r "/home/$USERNAME/.gnupg" /root; then
exit 283
fi
gpg_set_permissions root
fi
fi
fi
done
}
function restore_procmail {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'procmail' ]]; then
return
fi
fi
for d in $SERVER_DIRECTORY/backup/procmail/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d "$SERVER_DIRECTORY/backup/procmail/$USERNAME" ]; then
if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser "$USERNAME"
fi
echo $"Restoring procmail settings for $USERNAME"
temp_restore_dir=/root/tempprocmail
restore_directory_from_friend ${temp_restore_dir} "procmail/$USERNAME"
if [ -d "${temp_restore_dir}/home/$USERNAME/tempbackup" ]; then
cp -f "${temp_restore_dir}/home/$USERNAME/tempbackup/.procmailrc" "/home/$USERNAME/"
else
cp -f "${temp_restore_dir}/.procmailrc" "/home/$USERNAME/.procmailrc"
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
rm -rf ${temp_restore_dir}
exit 276
fi
rm -rf ${temp_restore_dir}
fi
fi
done
}
function restore_spamassassin {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'spamassassin' ]]; then
return
fi
fi
for d in $SERVER_DIRECTORY/backup/spamassassin/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d "$SERVER_DIRECTORY/backup/spamassassin/$USERNAME" ]; then
if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser "$USERNAME"
fi
echo $"Restoring spamassassin settings for $USERNAME"
temp_restore_dir=/root/tempspamassassin
restore_directory_from_friend $temp_restore_dir "spamassassin/$USERNAME"
if [ -d "$temp_restore_dir/home/$USERNAME" ]; then
cp -rf "$temp_restore_dir/home/$USERNAME/.spamassassin" "/home/$USERNAME/"
else
if [ ! -d "/home/$USERNAME/.spamassassin" ]; then
mkdir "/home/$USERNAME/.spamassassin"
fi
cp -rf $temp_restore_dir/* "/home/$USERNAME/.spamassassin/"
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir
exit 276
fi
rm -rf $temp_restore_dir
fi
fi
done
}
function restore_admin_readme {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'readme' ]]; then
return
fi
fi
if [ -d $SERVER_DIRECTORY/backup/readme ]; then
echo $"Restoring README"
temp_restore_dir=/root/tempreadme
restore_directory_from_friend $temp_restore_dir readme
if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup" ]; then
cp -f "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/README" "/home/$ADMIN_USERNAME/"
else
cp -f "$temp_restore_dir/README" "/home/$ADMIN_USERNAME/README"
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir
exit 276
fi
rm -rf $temp_restore_dir
fi
}
function restore_ssh_keys {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'ssh' ]]; then
return
fi
fi
for d in $SERVER_DIRECTORY/backup/ssh/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d "$SERVER_DIRECTORY/backup/ssh/$USERNAME" ]; then
if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser "$USERNAME"
fi
echo $"Restoring ssh keys for $USERNAME"
temp_restore_dir=/root/tempssh
restore_directory_from_friend $temp_restore_dir "ssh/$USERNAME"
if [ -d "$temp_restore_dir/home/$USERNAME/.ssh" ]; then
cp -r "$temp_restore_dir/home/$USERNAME/.ssh" "/home/$USERNAME/"
else
if [ ! -d "/home/$USERNAME/.ssh" ]; then
mkdir "/home/$USERNAME/.ssh"
fi
cp -r $temp_restore_dir/* "/home/$USERNAME/.ssh/"
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir
exit 664
fi
rm -rf $temp_restore_dir
fi
fi
done
}
function restore_user_config {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'userconfig' ]]; then
return
fi
fi
for d in $SERVER_DIRECTORY/backup/config/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d "$SERVER_DIRECTORY/backup/config/$USERNAME" ]; then
if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser "$USERNAME"
fi
echo $"Restoring config files for $USERNAME"
temp_restore_dir=/root/tempconfig
restore_directory_from_friend $temp_restore_dir "config/$USERNAME"
if [ -d "$temp_restore_dir/home/$USERNAME" ]; then
cp -r "$temp_restore_dir/home/$USERNAME/.config" "/home/$USERNAME/"
else
if [ ! -d "/home/$USERNAME/.config" ]; then
mkdir "/home/$USERNAME/.config"
fi
cp -r "$temp_restore_dir/"* "/home/$USERNAME/.config/"
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir
exit 664
fi
rm -rf $temp_restore_dir
fi
fi
done
}
function restore_user_monkeysphere {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'usermonkeysphere' ]]; then
return
fi
fi
for d in $SERVER_DIRECTORY/backup/monkeysphere/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d "$SERVER_DIRECTORY/backup/monkeysphere/$USERNAME" ]; then
if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser "$USERNAME"
fi
echo $"Restoring monkeysphere ids for $USERNAME"
temp_restore_dir=/root/tempmonkeysphere
restore_directory_from_friend $temp_restore_dir "monkeysphere/$USERNAME"
if [ -d "$temp_restore_dir/home/$USERNAME/.monkeysphere" ]; then
cp -r "$temp_restore_dir/home/$USERNAME/.monkeysphere" "/home/$USERNAME/"
else
if [ ! -d "/home/$USERNAME/.monkeysphere" ]; then
mkdir "/home/$USERNAME/.monkeysphere"
fi
cp -r $temp_restore_dir/* "/home/$USERNAME/.monkeysphere/"
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir
exit 664
fi
rm -rf $temp_restore_dir
fi
fi
# The admin user is the identity certifier
MY_EMAIL_ADDRESS="${ADMIN_USERNAME}@${HOSTNAME}"
read_config_param MY_EMAIL_ADDRESS
MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$ADMIN_USERNAME" "$MY_EMAIL_ADDRESS")
fpr=$(gpg --with-colons --fingerprint "$MY_GPG_PUBLIC_KEY_ID" | grep fpr | head -n 1 | awk -F ':' '{print $10}')
monkeysphere-authentication add-identity-certifier "$fpr"
monkeysphere-authentication update-users
done
}
function restore_user_fin {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'userfin' ]]; then
return
fi
fi
for d in $SERVER_DIRECTORY/backup/fin/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d "$SERVER_DIRECTORY/backup/fin/$USERNAME" ]; then
if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser "$USERNAME"
fi
echo $"Restoring fin files for $USERNAME"
temp_restore_dir=/root/tempfin
restore_directory_from_friend $temp_restore_dir "fin/$USERNAME"
if [ -d "$temp_restore_dir/home/$USERNAME/.fin" ]; then
cp -r "$temp_restore_dir/home/$USERNAME/.fin" "/home/$USERNAME/"
else
if [ ! -d "/home/$USERNAME/.fin" ]; then
mkdir "/home/$USERNAME/.fin"
fi
cp -r $temp_restore_dir/* "/home/$USERNAME/.fin/"
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir
exit 664
fi
rm -rf $temp_restore_dir
fi
fi
done
}
function restore_user_local {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'userlocal' ]]; then
return
fi
fi
for d in $SERVER_DIRECTORY/backup/local/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d "$SERVER_DIRECTORY/backup/local/$USERNAME" ]; then
if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser "$USERNAME"
fi
echo $"Restoring local files for $USERNAME"
temp_restore_dir=/root/templocal
restore_directory_from_friend $temp_restore_dir "local/$USERNAME"
if [ -d "$temp_restore_dir/home/$USERNAME/.local" ]; then
cp -r "$temp_restore_dir/home/$USERNAME/.local" "/home/$USERNAME/"
else
if [ ! -d "/home/$USERNAME/.local" ]; then
mkdir "/home/$USERNAME/.local"
fi
cp -r $temp_restore_dir/* "/home/$USERNAME/.local/"
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir
exit 664
fi
rm -rf $temp_restore_dir
fi
fi
done
}
function restore_certs {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'certs' ]]; then
return
fi
fi
if [ -d $SERVER_DIRECTORY/backup/ssl ]; then
echo $"Restoring certificates"
restore_directory_from_friend /root/tempssl ssl
if [ -d /root/tempssl/etc/ssl ]; then
cp -r /root/tempssl/etc/ssl/* /etc/ssl
else
cp -r /root/tempssl/* /etc/ssl/
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
exit 276
fi
rm -rf /root/tempssl
update-ca-certificates
# restore ownership
if [ -f /etc/ssl/private/xmpp.key ]; then
chown prosody:prosody /etc/ssl/private/xmpp.key
chown prosody:prosody /etc/ssl/certs/xmpp.*
fi
if [ -d /etc/dovecot ]; then
chown root:dovecot /etc/ssl/private/dovecot.*
chown root:dovecot /etc/ssl/certs/dovecot.*
fi
if [ -f /etc/ssl/private/exim.key ]; then
cp /etc/ssl/private/exim.key /etc/exim4
cp /etc/ssl/certs/exim.crt /etc/exim4
cp /etc/ssl/certs/exim.dhparam /etc/exim4
chown root:Debian-exim /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam
chmod 640 /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam
fi
if [ -f /etc/ssl/private/mumble.key ]; then
if [ -d /var/lib/mumble-server ]; then
cp /etc/ssl/certs/mumble.* /var/lib/mumble-server
cp /etc/ssl/private/mumble.key /var/lib/mumble-server
chown -R mumble-server:mumble-server /var/lib/mumble-server
fi
fi
fi
}
function restore_personal_settings {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'personal' ]]; then
return
fi
fi
for d in $SERVER_DIRECTORY/backup/personal/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d "$SERVER_DIRECTORY/backup/personal/$USERNAME" ]; then
if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser "$USERNAME"
fi
echo $"Restoring personal settings for $USERNAME"
temp_restore_dir=/root/temppersonal
restore_directory_from_friend $temp_restore_dir "personal/$USERNAME"
if [ -d "$temp_restore_dir/home/$USERNAME/personal" ]; then
if [ -d "/home/$USERNAME/personal" ]; then
rm -rf "/home/$USERNAME/personal"
fi
# shellcheck disable=SC2086
mv $temp_restore_dir/home/$USERNAME/personal /home/$USERNAME
else
if [ ! -d "/home/$USERNAME/personal" ]; then
mkdir "/home/$USERNAME/personal"
fi
cp -r $temp_restore_dir/* "/home/$USERNAME/personal/"
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
exit 18437643
fi
rm -rf $temp_restore_dir
fi
fi
done
}
function restore_mailing_list {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'mailinglist' ]]; then
return
fi
fi
if [ -d /var/spool/mlmmj ]; then
echo $"Restoring public mailing list"
temp_restore_dir=/root/tempmailinglist
restore_directory_from_friend $temp_restore_dir mailinglist
if [ -d $temp_restore_dir/root/spool/mlmmj ]; then
cp -r $temp_restore_dir/root/spool/mlmmj/* /var/spool/mlmmj
else
cp -r $temp_restore_dir/* /var/spool/mlmmj/
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
exit 526
fi
rm -rf $temp_restore_dir
fi
}
function restore_email {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'email' ]]; then
return
fi
fi
for d in $SERVER_DIRECTORY/backup/mail/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d "$SERVER_DIRECTORY/backup/mail/$USERNAME" ]; then
if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser "$USERNAME"
fi
echo $"Restoring emails for $USERNAME"
temp_restore_dir=/root/tempmail
restore_directory_from_friend $temp_restore_dir "mail/$USERNAME"
if [ ! -d "/home/$USERNAME/Maildir" ]; then
mkdir "/home/$USERNAME/Maildir"
fi
if [ -d "$temp_restore_dir/root/tempbackupemail/$USERNAME" ]; then
tar -xzvf "$temp_restore_dir/root/tempbackupemail/$USERNAME/maildir.tar.gz" -C /
else
tar -xzvf $temp_restore_dir/maildir.tar.gz -C /
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
exit 927
fi
rm -rf $temp_restore_dir
fi
fi
done
}
# Social key management
# Recover any key fragments and reconstruct the gpg key
${PROJECT_NAME}-recoverkey -u "${ADMIN_USERNAME}" -l "$BACKUP_LIST"
copy_gpg_keys
gpg_agent_setup root
restore_blocklist
restore_configfiles
restore_passwordstore
restore_mariadb
restore_postgresql
restore_letsencrypt
restore_mutt_settings
restore_gpg
restore_procmail
restore_spamassassin
restore_admin_readme
restore_ssh_keys
restore_user_config
restore_user_monkeysphere
restore_user_fin
restore_user_local
restore_certs
restore_personal_settings
restore_mailing_list
restore_email
restore_apps remote
set_user_permissions
update_default_domain
# ensure that all TLS certificates are pinned
#${PROJECT_NAME}-pin-cert all
echo $"*** Remote restore was successful ***"
exit 0
Reference in New Issue View Git Blame Copy Permalink