From 2ba536ba378229341a1198cba81290a7b3d5b11e Mon Sep 17 00:00:00 2001
From: Andrew Engelbrecht <andrew@engelbrecht.io>
Date: Mon, 11 Oct 2021 18:19:28 -0400
Subject: [PATCH] Early version of Kaya, a restic backup wrapper

---
 kaya        | 60 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 kaya-client | 31 +++++++++++++++++++++++++++
 2 files changed, 91 insertions(+)
 create mode 100755 kaya
 create mode 100755 kaya-client

diff --git a/kaya b/kaya
new file mode 100755
index 0000000..076761d
--- /dev/null
+++ b/kaya
@@ -0,0 +1,60 @@
+#! /bin/bash
+
+# This file is part of Kaya.
+#
+# Kaya is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Kaya is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Kaya.  If not, see <https://www.gnu.org/licenses/>.
+#
+# Copyright 2021 Andrew Engelbrecht
+#
+
+backup_options="--one-file-system / /srv"
+remote_user="root"
+
+backuproot=/backups/kaya
+local_port=8000 	# use 'rest-server --listen ...'
+remote_port=8777	# some aribtrary port
+
+hostname="$1"
+backup_dir="${backuproot}/${hostname}"
+password_file="${backup_dir}/repo-password"
+htpasswd_file="${backuproot}/.htpasswd"
+
+## create restic backup repo and store the new password in plaintext, and hashed in .htpasswd
+if [[ ! -d $backup_dir ]] ; then
+
+	echo "kaya: Creating backup directory..."
+
+	mkdir -p "${backup_dir}"; chmod 700 "${backup_dir}"
+	touch "${password_file}"; chmod 400 "${password_file}"; pwgen 30 1 > "${password_file}"
+
+	RESTIC_PASSWORD="$(cat "${password_file}")" restic -r "${backup_dir}" init > /dev/null
+
+	touch "${htpasswd_file}"; chmod 600 "${htpasswd_file}"
+	flock -w 10 "${htpasswd_file}.flock" -c "htpasswd -i -B '${htpasswd_file}' '${hostname}'" < "${password_file}" 2>&1 | grep -E -v "(Adding|Updating) password for user" 1>&2
+
+	echo "kaya: Waiting 15s for rest-server file reload (first snapshot only)..."
+	sleep 15
+fi
+
+echo "kaya: Starting backup of ${hostname}"
+echo
+
+# make the backup over a forwarded port
+cat << EOF | ssh -R ${remote_port}:localhost:${local_port} "${remote_user}@${hostname}" kaya-client
+$remote_port
+$hostname
+$(cat "${password_file}")
+$backup_options
+EOF
+
diff --git a/kaya-client b/kaya-client
new file mode 100755
index 0000000..86f8af4
--- /dev/null
+++ b/kaya-client
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+# This file is part of Kaya.
+#
+# Kaya is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Kaya is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Kaya.  If not, see <https://www.gnu.org/licenses/>.
+#
+# Copyright 2021 Andrew Engelbrecht
+#
+
+# settings come in on stdin
+read -r port
+read -r hostname
+read -r password
+read -r options
+
+username="${hostname}"
+backupdir="${hostname}"
+
+RESTIC_REPOSITORY="rest:http://${username}:${password}@localhost:${port}/${backupdir}/" RESTIC_PASSWORD="${password}" restic backup ${options}
+
-- 
2.25.1