rene/nchsdhg-agathe-backup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: rene:main
Branches Tags
rene:main rene:codex/Tomedo rene:codex/tomedo_only
...
pull from: rene:codex/tomedo_only
Branches Tags
rene:main rene:codex/Tomedo rene:codex/tomedo_only

2 Commits
main ... codex/tome

Author SHA1 Message Date
René Mathieu
6808715b3d Add timestamped Pushover start/end messages 2026-03-11 08:31:21 +01:00
René Mathieu
681f7f0cfc Create Tomedo-only backup script 2026-03-11 08:28:29 +01:00
1 changed files with 64 additions and 267 deletions
Expand all files Collapse all files

331
scripts/agathe_backup.sh
View File

@@ -1,14 +1,11 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# Robust: WireGuard hoch, CIFS mounten (inkl. Stale-Handle-Fix), rsync, # Tomedo-only Backup:
# nur erlaubte Dateitypen zusätzlich nach paperless-consume (flach, OHNE GIF), # WireGuard hoch, CIFS mounten (inkl. Stale-Handle-Fix),
# Paperless-Backup rsync als echtes Sync (mit --delete), # danach nur Tomedo Snapshot + Tomedo Files per rsync.
# Anmeldung ebenfalls sync + consume,
# zusätzlich: Borg lokal (inkrementell, versioniert) + Mirror per rsync auf CIFS (mit delete),
# robust gegen CIFS-Aussetzer: ensure_cifs + rsync temp-dir lokal + Mount-Fallback.
# Zusätzlich: Pushover-Benachrichtigung bei Erfolg/Fehler. # Zusätzlich: Pushover-Benachrichtigung bei Erfolg/Fehler.
# Fix: Wenn wg0 schon aktiv ist, wird es nicht erneut gestartet und beim Cleanup # Wenn wg0 schon aktiv ist, wird es nicht erneut gestartet und beim Cleanup
# nur dann beendet, wenn dieses Skript es selbst hochgebracht hat. # nur dann beendet, wenn dieses Skript es selbst hochgebracht hat.
# Zusätzlich: Schutz gegen parallele Ausführung per flock. # Schutz gegen parallele Ausführung per flock.
set -Eeuo pipefail set -Eeuo pipefail
@@ -18,23 +15,12 @@ set -Eeuo pipefail
WG_IF="wg0" WG_IF="wg0"
VPN_TEST_IP="10.202.101.10" VPN_TEST_IP="10.202.101.10"
WG_WAS_STARTED_BY_SCRIPT=0 WG_WAS_STARTED_BY_SCRIPT=0
PUSHOVER_FAILURE_SENT=0
LOCK_FILE="/var/lock/agathe_backup.lock" LOCK_FILE="/var/lock/agathe_backup.lock"
CIFS_SHARE="//10.202.101.10/nchsdhg" CIFS_SHARE="//10.202.101.10/nchsdhg"
CIFS_MOUNTPOINT="/mnt/nchsdhg_agathe" CIFS_MOUNTPOINT="/mnt/nchsdhg_agathe"
DEST_GROOT="${CIFS_MOUNTPOINT}/groot_mobile/"
DEST_ANMELDUNG="${CIFS_MOUNTPOINT}/Anmeldung/"
DEST_PAPERLESS_BACKUP="${CIFS_MOUNTPOINT}/paperless-backup/"
SRC_GROOT="/mnt/groot/"
SRC_ANMELDUNG="/mnt/Anmeldung/"
SRC_PAPERLESS_BACKUP="/mnt/paperless-backup/daily/"
PAPERLESS_CONSUME="/mnt/paperless-consume"
CIFS_USER="nchsdhg" CIFS_USER="nchsdhg"
CIFS_PASS="mugkeN-zexdab-9gyfky" CIFS_PASS="mugkeN-zexdab-9gyfky"
CIFS_CRED_FILE="" # z.B. "/etc/samba/cred_nchsdhg" CIFS_CRED_FILE="" # z.B. "/etc/samba/cred_nchsdhg"
@@ -47,70 +33,35 @@ PUSHOVER_API_TOKEN="a3xzevfk8vwpbj6wp6duzbwy43pcmx"
PUSHOVER_TITLE="nchsdhg" PUSHOVER_TITLE="nchsdhg"
# ----------------------------- # -----------------------------
# Borg (lokal + Mirror auf CIFS) # Tomedo Backup
# ----------------------------- # -----------------------------
LOCAL_BORG_REPO="/var/backups/borg/agathe" TOMEDO_SRC_ROOT="/mnt/TomedoBackup"
LOCAL_BORG_BASE="/var/backups/borg" TOMEDO_LAST_FILE="${TOMEDO_SRC_ROOT}/lastFilesBackup"
REMOTE_BORG_MIRROR="${CIFS_MOUNTPOINT}/borg-mirror/agathe" TOMEDO_DEST_ROOT="${CIFS_MOUNTPOINT}/TomedoBackup"
TOMEDO_MACOS_EXCLUDES="${TOMEDO_DEST_ROOT}/macos.excludes"
BORG_PASSPHRASE_FILE="/root/.config/borg/passphrase" TOMEDO_FILES_EXCLUDES="${TOMEDO_DEST_ROOT}/files.excludes"
BORG_LOCK_WAIT="120"
KEEP_DAILY=7
KEEP_WEEKLY=4
KEEP_MONTHLY=6
# Mirror: Ziel exakt wie Quelle (löscht auf Ziel, was lokal nicht mehr existiert)
MIRROR_DELETE="1"
# Optional: nach jedem Lauf borg check machen (kostet Zeit)
BORG_CHECK="0"
# rsync Optionen (CIFS-freundlich: kein owner/group/perms setzen)
# Zusätzlich: --temp-dir=/tmp -> rsync mkstemp NICHT auf CIFS (hilft bei CIFS-Reconnect/Timeouts)
RSYNC_OPTS=(-rltvh --info=progress2 --no-owner --no-group --no-perms --temp-dir=/tmp)
RSYNC_EXCLUDES=(--exclude="#recycle/" --exclude=".DS_Store" --exclude="._*" --exclude="Thumbs.db")
# Paperless Backup: echtes Sync (LÖSCHT auf Ziel, was in Quelle nicht mehr existiert)
RSYNC_DELETE_OPTS=(--delete --delete-delay)
# Optional: Testlauf für delete (auf "1" setzen um erstmal nur zu sehen, was gelöscht würde)
DRY_RUN_DELETE="0"
# Welche Dateien nach paperless-consume? (OHNE GIF)
CONSUME_EXT_REGEX='\.([Pp][Dd][Ff]|[Dd][Oo][Cc][Xx]?|[Xx][Ll][Ss][Xx]?|[Pp][Pp][Tt][Xx]?|[Oo][Dd][Tt]|[Oo][Dd][Ss]|[Oo][Dd][Pp]|[Rr][Tt][Ff]|[Tt][Xx][Tt]|[Cc][Ss][Vv]|[Mm][Dd]|[Hh][Tt][Mm][Ll]?|[Jj][Pp][Ee]?[Gg]|[Pp][Nn][Gg]|[Tt][Ii][Ff][Ff]?|[Ww][Ee][Bb][Pp]|[Hh][Ee][Ii][Cc])$'
# ----------------------------- # -----------------------------
# Hilfsfunktionen # Hilfsfunktionen
# ----------------------------- # -----------------------------
log() { echo "[$(date +'%F %T')] $*"; } log() { echo "[$(date +'%F %T')] $*"; }
ts_now() { date +'%F %T'; }
send_pushover() { send_pushover() {
local message="$1" local message="$1"
local priority="${2:-0}" local priority="${2:-0}"
if command -v curl >/dev/null 2>&1; then if command -v curl >/dev/null 2>&1; then
local rc curl -s \
set +e
curl -fsS --max-time 20 --retry 2 --retry-delay 2 \
--form-string "token=${PUSHOVER_API_TOKEN}" \ --form-string "token=${PUSHOVER_API_TOKEN}" \
--form-string "user=${PUSHOVER_USER_TOKEN}" \ --form-string "user=${PUSHOVER_USER_TOKEN}" \
--form-string "title=${PUSHOVER_TITLE}" \ --form-string "title=${PUSHOVER_TITLE}" \
--form-string "message=${message}" \ --form-string "message=${message}" \
--form-string "priority=${priority}" \ --form-string "priority=${priority}" \
https://api.pushover.net/1/messages.json >/dev/null https://api.pushover.net/1/messages.json >/dev/null || true
rc=$?
set -e
if [[ "$rc" -ne 0 ]]; then
log "WARNUNG: Pushover konnte nicht gesendet werden (curl Exit-Code: $rc)."
return 1
fi
else else
log "WARNUNG: curl fehlt, Pushover konnte nicht gesendet werden." log "WARNUNG: curl fehlt, Pushover konnte nicht gesendet werden."
return 1
fi fi
return 0
} }
need_root() { need_root() {
@@ -160,22 +111,13 @@ on_error() {
local exit_code=$? local exit_code=$?
local line_no="${1:-unknown}" local line_no="${1:-unknown}"
log "FEHLER in Zeile ${line_no}, Exit-Code ${exit_code}" log "FEHLER in Zeile ${line_no}, Exit-Code ${exit_code}"
if send_pushover "Backup FEHLER auf $(hostname): Zeile ${line_no}, Exit-Code ${exit_code}" 1; then send_pushover "Backup FEHLER auf $(hostname): Zeile ${line_no}, Exit-Code ${exit_code}" 1
PUSHOVER_FAILURE_SENT=1
fi
trap - EXIT trap - EXIT
cleanup cleanup
exit "$exit_code" exit "$exit_code"
} }
on_exit() { on_exit() {
local exit_code=$?
if [[ "$exit_code" -ne 0 && "$PUSHOVER_FAILURE_SENT" -eq 0 ]]; then
log "WARNUNG: Abbruch ohne ERR-Notification erkannt (Exit-Code ${exit_code}), sende Fallback-Pushover."
if send_pushover "Backup FEHLER auf $(hostname): Exit-Code ${exit_code} (EXIT trap)." 1; then
PUSHOVER_FAILURE_SENT=1
fi
fi
cleanup cleanup
} }
@@ -183,7 +125,7 @@ trap 'on_error $LINENO' ERR
trap on_exit EXIT trap on_exit EXIT
check_deps() { check_deps() {
local deps=(wg-quick wg mount rsync ping mountpoint umount awk cp date basename tee mktemp sleep id mkdir rm dirname borg df curl hostname flock) local deps=(wg-quick wg mount rsync ping mountpoint umount date sleep id mkdir rm dirname curl hostname flock cat)
for d in "${deps[@]}"; do for d in "${deps[@]}"; do
command -v "$d" >/dev/null 2>&1 || { echo "Fehlt: $d"; exit 1; } command -v "$d" >/dev/null 2>&1 || { echo "Fehlt: $d"; exit 1; }
done done
@@ -278,206 +220,65 @@ ensure_cifs() {
fi fi
} }
copy_to_paperless_flat_if_allowed_ext() { rsync_tomedo_backup() {
local src="$1"
local rel="$2"
local base
base="$(basename "$src")"
[[ "$base" == ._* ]] && return 0
[[ ! "$base" =~ $CONSUME_EXT_REGEX ]] && return 0
mkdir -p "$PAPERLESS_CONSUME"
local dst="$PAPERLESS_CONSUME/$base"
if [[ -e "$dst" ]]; then
local ts name ext
ts="$(date +%Y%m%d-%H%M%S)"
name="${base%.*}"
ext="${base##*.}"
if [[ "$base" == *.* && "$ext" != "$base" ]]; then
dst="$PAPERLESS_CONSUME/${name}_${ts}.${ext}"
else
dst="$PAPERLESS_CONSUME/${base}_${ts}"
fi
fi
log "Paperless copy: $rel -> $(basename "$dst")"
cp --preserve=mode,timestamps -- "$src" "$dst" || {
log "WARNUNG: cp fehlgeschlagen: '$src' -> '$dst' (mache weiter)"
return 0
}
}
rsync_and_copy_to_consume_flat() {
local SRC="$1"
local DEST="$2"
local LABEL="$3"
ensure_cifs ensure_cifs
log "== rsync ${LABEL}: $SRC -> $DEST ==" log "== Tomedo Backup starten =="
mkdir -p "$DEST"
local tmpfile rc if [[ ! -f "$TOMEDO_LAST_FILE" ]]; then
tmpfile="$(mktemp)" log "FEHLER: Datei fehlt: $TOMEDO_LAST_FILE"
set +e
rsync "${RSYNC_OPTS[@]}" "${RSYNC_EXCLUDES[@]}" --out-format='%i %n' "$SRC" "$DEST" | tee "$tmpfile"
rc=${PIPESTATUS[0]}
set -e
log "rsync(${LABEL}) Exit-Code: $rc"
if [[ "$rc" -ne 0 && "$rc" -ne 23 && "$rc" -ne 24 ]]; then
log "FEHLER: rsync (${LABEL}) Exit-Code $rc"
exit "$rc"
fi
if [[ "$rc" -ne 0 ]]; then
log "WARNUNG: rsync (${LABEL}) Exit-Code $rc (mache trotzdem weiter)"
fi
log "== Kopiere zusätzlich (${LABEL}) (NUR erlaubte Endungen, OHNE GIF) flach nach: $PAPERLESS_CONSUME =="
awk '
$1 !~ /^\./ && $1 ~ /^.[f]/ {
$1=""; sub(/^ /,""); print
}
' "$tmpfile" | while IFS= read -r rel; do
local local_src="${SRC}${rel}"
if [[ ! -f "$local_src" ]]; then
log "WARNUNG: Quelle nicht gefunden (überspringe): $local_src"
continue
fi
copy_to_paperless_flat_if_allowed_ext "$local_src" "$rel"
done
rm -f "$tmpfile"
}
rsync_paperless_backup() {
ensure_cifs
log "== rsync Paperless Backup (SYNC mit delete): $SRC_PAPERLESS_BACKUP -> $DEST_PAPERLESS_BACKUP =="
if [[ -z "$DEST_PAPERLESS_BACKUP" || "$DEST_PAPERLESS_BACKUP" == "/" ]]; then
log "FEHLER: DEST_PAPERLESS_BACKUP ist unsicher gesetzt."
exit 1 exit 1
fi fi
mkdir -p "$DEST_PAPERLESS_BACKUP" local last_backup
last_backup="$(cat "$TOMEDO_LAST_FILE")"
local extra=() if [[ -z "$last_backup" ]]; then
if [[ "$DRY_RUN_DELETE" == "1" ]]; then log "FEHLER: $TOMEDO_LAST_FILE ist leer"
extra+=(--dry-run)
log "HINWEIS: DRY RUN aktiv (es wird nichts wirklich gelöscht/kopiert)."
fi
rsync "${RSYNC_OPTS[@]}" "${RSYNC_EXCLUDES[@]}" "${RSYNC_DELETE_OPTS[@]}" "${extra[@]}" \
"$SRC_PAPERLESS_BACKUP" "$DEST_PAPERLESS_BACKUP"
}
# -----------------------------
# Borg: lokal sichern + Mirror auf CIFS
# -----------------------------
run_borg_allow_warning() {
local label="$1"
shift
local rc
set +e
"$@"
rc=$?
set -e
if [[ "$rc" -ge 2 ]]; then
log "FEHLER: ${label} fehlgeschlagen (Exit-Code ${rc})."
return "$rc"
fi
if [[ "$rc" -eq 1 ]]; then
log "WARNUNG: ${label} mit Warnungen beendet (Exit-Code 1), mache weiter."
fi
}
borg_local_backup() {
log "== Borg lokal Backup -> $LOCAL_BORG_REPO =="
if [[ ! -d "$LOCAL_BORG_REPO" ]]; then
log "FEHLER: Lokales Borg Repo fehlt: $LOCAL_BORG_REPO (einmal borg init ausführen)"
exit 1
fi
if [[ ! -f "$BORG_PASSPHRASE_FILE" ]]; then
log "FEHLER: Passphrase-Datei fehlt: $BORG_PASSPHRASE_FILE"
exit 1 exit 1
fi fi
export BORG_PASSPHRASE local src_snapshot="${TOMEDO_SRC_ROOT}/${last_backup}/"
BORG_PASSPHRASE="$(<"$BORG_PASSPHRASE_FILE")" local dst_snapshot="${TOMEDO_DEST_ROOT}/${last_backup}"
export BORG_LOCK_WAIT="$BORG_LOCK_WAIT" local src_files="${TOMEDO_SRC_ROOT}/files/"
local dst_files="${TOMEDO_DEST_ROOT}/files"
local archive="agathe-$(hostname)-$(date +%F_%H%M%S)" if [[ ! -d "$src_snapshot" ]]; then
log "Platz lokal: $(df -h "$LOCAL_BORG_BASE" | tail -1)" log "FEHLER: Tomedo Snapshot-Ordner fehlt: $src_snapshot"
exit 1
run_borg_allow_warning "borg create" borg create --stats --compression zstd,6 \
"$LOCAL_BORG_REPO::$archive" \
/ \
/boot \
/boot/efi \
--numeric-ids \
--one-file-system \
--exclude /proc \
--exclude /sys \
--exclude /dev \
--exclude /run \
--exclude /tmp \
--exclude /var/tmp \
--exclude /mnt \
--exclude /media \
--exclude /var/cache \
--exclude /var/lib/docker \
--exclude /var/lib/containerd \
--exclude /swapfile \
--exclude /mnt/paperless \
--exclude /mnt/paperless-consume \
--exclude /mnt/paperless-backup \
--exclude /mnt/nchsdhg_agathe \
--exclude /mnt/groot \
--exclude-caches
run_borg_allow_warning "borg prune" borg prune -v --list "$LOCAL_BORG_REPO" \
--keep-daily="$KEEP_DAILY" \
--keep-weekly="$KEEP_WEEKLY" \
--keep-monthly="$KEEP_MONTHLY" \
--prefix "agathe-$(hostname)-"
if [[ "$BORG_CHECK" == "1" ]]; then
run_borg_allow_warning "borg check" borg check -v --verify-data "$LOCAL_BORG_REPO"
fi fi
log "Lokales Borg Backup fertig: $archive" if [[ ! -d "$src_files" ]]; then
} log "FEHLER: Tomedo files-Ordner fehlt: $src_files"
exit 1
rsync_borg_mirror_to_cifs() {
log "== Spiegel Borg Repo per rsync -> $REMOTE_BORG_MIRROR =="
ensure_cifs
mkdir -p "$REMOTE_BORG_MIRROR"
local extra=()
if [[ "$MIRROR_DELETE" == "1" ]]; then
extra+=(--delete --delete-delay)
log "Mirror: delete aktiv (Ziel wird an Quelle angepasst)."
else
log "Mirror: delete NICHT aktiv."
fi fi
rsync -rltvh --info=progress2 --no-owner --no-group --no-perms --temp-dir=/tmp \ if [[ ! -f "$TOMEDO_MACOS_EXCLUDES" ]]; then
"${extra[@]}" \ log "FEHLER: Exclude-Datei fehlt: $TOMEDO_MACOS_EXCLUDES"
"$LOCAL_BORG_REPO/" \ exit 1
"$REMOTE_BORG_MIRROR/" fi
if [[ ! -f "$TOMEDO_FILES_EXCLUDES" ]]; then
log "FEHLER: Exclude-Datei fehlt: $TOMEDO_FILES_EXCLUDES"
exit 1
fi
mkdir -p "$dst_snapshot" "$dst_files"
log "== rsync Tomedo Snapshot: $src_snapshot -> $dst_snapshot =="
rsync -r -l -t -O --info=progress2 \
--exclude-from "$TOMEDO_MACOS_EXCLUDES" \
"$src_snapshot" \
"$dst_snapshot"
log "== rsync Tomedo Files: $src_files -> $dst_files =="
rsync -r -l -t -O --info=progress2 \
--exclude-from "$TOMEDO_MACOS_EXCLUDES" \
--exclude-from "$TOMEDO_FILES_EXCLUDES" \
"$src_files" \
"$dst_files"
log "== Tomedo Backup fertig: $last_backup =="
} }
# ----------------------------- # -----------------------------
@@ -487,16 +288,12 @@ need_root
check_deps check_deps
acquire_lock acquire_lock
send_pushover "Backup START auf $(hostname) um $(ts_now)."
bringup_wg bringup_wg
mount_cifs mount_cifs
rsync_and_copy_to_consume_flat "$SRC_GROOT" "$DEST_GROOT" "GROOT" rsync_tomedo_backup
rsync_and_copy_to_consume_flat "$SRC_ANMELDUNG" "$DEST_ANMELDUNG" "ANMELDUNG"
rsync_paperless_backup
borg_local_backup
rsync_borg_mirror_to_cifs
log "== Fertig. ==" log "== Fertig. =="
send_pushover "Backup erfolgreich auf $(hostname) abgeschlossen." send_pushover "Backup ENDE auf $(hostname) um $(ts_now)."