scripts

Scripts for general automations
git clone git://git.laack.co/scripts.git
Log | Files | Refs
commit 212d8f875b4aeab9293bde2f69f0582ec80d8dff
parent 0ab2803f5f332a83e448a6b78b7586f0e5715c4d
Author: Andrew Laack <andrew@laack.co>
Date:   Wed, 22 Apr 2026 10:27:13 -0500

Added restic + backup solution using restic to untrusted server

Diffstat:

Mbackup.sh | 2+-


Abackups/encrypted.sh | 19+++++++++++++++++++


Abackups/restic.sh | 20++++++++++++++++++++


Minstallers/arch-private-installation.sh | 3++-


Minstallers/arch-public-installation.sh | 3+--


5 files changed, 43 insertions(+), 4 deletions(-)

diff --git a/backup.sh b/backup.sh
@@ -6,7 +6,7 @@ mkdir -p ~/logs
 # have to do this because cron
 source ~/.bashrc
 
-if ~/bin/backups/simple.sh | tee ~/logs/backup.log 2>&1; then
+if ~/bin/backups/simple.sh | tee -a ~/logs/backup.log 2>&1; then
     echo "PASS: Backup Success" | tee -a ~/logs/backup.log
     # Don't notify in positive case.
     # echo "PASS: Backup Success" | email-send.sh "Backup succeeded"
diff --git a/backups/encrypted.sh b/backups/encrypted.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+# From a system with **full** backups of servers in /home/backup & $HOME/personal-files, encrypts both directories and sends them to the remote
+
+mkdir -p $HOME/backups
+
+rm $HOME/backups/hosts.tar.gpg || true
+tar -cf $HOME/backups/hosts.tar /home/backup
+gpg --batch --yes --passphrase $ENCRYPTION_PW -c $HOME/backups/hosts.tar
+
+
+rm $HOME/backups/personal.tar.gpg || true
+tar -cf $HOME/backups/personal.tar.gpg $HOME/personal-files
+gpg --batch --yes --passphrase $ENCRYPTION_PW -c $HOME/backups/personal.tar.gpg
+
+# scp $HOME/backups/personal.tar.gpg
+# scp $HOME/backups/hosts.tar.gpg
+
+# TODAY=$(date +%Y-%m-%d)
diff --git a/backups/restic.sh b/backups/restic.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+set -o pipefail
+
+mkdir -p ~/logs
+
+# have to do this because cron
+source ~/.bashrc
+
+# to init remote:
+# uses RESTIC_PASSWORD env var
+# restic -r sftp:root@andrew-1.selfhost.imbue.com:/backup/ init
+
+# I could set the env var for the repo path, but that would limit to one location of backups...
+
+# This is executed by cron
+
+restic -v -r sftp:root@andrew-1.selfhost.imbue.com:/backup/ backup /home/backup $HOME/personal-files | tee -a ~/logs/backup-restic.log 2>&1
+
+# restic -r sftp:root@andrew-1.selfhost.imbue.com:/backup/ -r restore latest --target /restored
diff --git a/installers/arch-private-installation.sh b/installers/arch-private-installation.sh
@@ -37,8 +37,9 @@ chmod 600 ~/.ssh/id_ed25519*
 sudo mkdir -p /home/backup
 sudo chown andrew /home/backup
 
-# CRON (backups script)
+# CRON (backups scripts)
 echo "0 8,14 * * * andrew /home/andrew/bin/backup.sh" | sudo tee -a /etc/crontab
+echo "0 8,14 * * * andrew /home/andrew/bin/backups/restic.sh" | sudo tee -a /etc/crontab
 
 # TODO: Is there a way to automatically trust fully this key?
 # Locally, I ran:
diff --git a/installers/arch-public-installation.sh b/installers/arch-public-installation.sh
@@ -3,7 +3,7 @@
 
 cd
 
-sudo pacman -S curl git gnome-keyring gcc make xorg-server libxft libxinerama freetype2 pkgconf ttf-fira-code zoxide fzf openssh less arandr pass pass-otp xclip xorg-xsetroot base-devel i3lock pandoc entr ripgrep wget jq man-db btop tmux rsync cronie mpv podman pavucontrol otf-latin-modern proton-vpn-gtk-app proton-vpn-cli tk brightnessctl zip unzip signal-desktop xorg-xset lynx figlet flameshot feh ffmpeg zathura-pdf-mupdf websocat xorg-xhost yt-dlp qemu-full qbittorrent alsa-utils pipewire-alsa pipewire-pulse sshfs iotop lsof neovim wireshark-qt nmap torbrowser-launcher bandwhich ghidra bind-tools whois dunst thunderbird graphviz gomuks element-desktop
+sudo pacman -S curl git gnome-keyring gcc make xorg-server libxft libxinerama freetype2 pkgconf ttf-fira-code zoxide fzf openssh less arandr pass pass-otp xclip xorg-xsetroot base-devel i3lock pandoc entr ripgrep wget jq man-db btop tmux rsync cronie mpv podman pavucontrol otf-latin-modern proton-vpn-gtk-app proton-vpn-cli tk brightnessctl zip unzip signal-desktop xorg-xset lynx figlet flameshot feh ffmpeg zathura-pdf-mupdf websocat xorg-xhost yt-dlp qemu-full qbittorrent alsa-utils pipewire-alsa pipewire-pulse sshfs iotop lsof neovim wireshark-qt nmap torbrowser-launcher bandwhich ghidra bind-tools whois dunst thunderbird graphviz restic
 
 # REMOVED:
 # newsboat -- too distracting, I would check it too frequently
@@ -16,7 +16,6 @@ sudo usermod -a -G wireshark $USER  # NOTE: Requires logout to be realized.
                                     # This allows the user to run wireshark without root
                                     # with interface listening.
 
-
 # xorg-xhost for containers to use my x server
 
 # TODO: Make this script idempotent.