|
|
|
# Create the gpg key
|
|
|
|
|
|
|
|
First you have to create a gpg key for generating the backups. Either you generate a key without passphrase to allow for automatic backups or you specify the passphrase on the command line when running backups.
|
|
|
|
|
|
|
|
## Key without passphrase
|
|
|
|
|
|
|
|
Generate the key:
|
|
|
|
|
|
|
|
```bash
|
|
|
|
$ gpg --quick-gen-key --passphrase "" backup
|
|
|
|
```
|
|
|
|
|
|
|
|
To export the key to a file first list the keys:
|
|
|
|
|
|
|
|
```bash
|
|
|
|
$ gpg -K
|
|
|
|
```
|
|
|
|
|
|
|
|
Then export the one you want with:
|
|
|
|
|
|
|
|
```bash
|
|
|
|
$ gpg --export $KEYID >/tmp/key.export
|
|
|
|
```
|
|
|
|
|
|
|
|
This can then be imported on the target machine via:
|
|
|
|
|
|
|
|
```bash
|
|
|
|
gpg --import </tmp/key.export
|
|
|
|
```
|
|
|
|
|
|
|
|
## Key with passphrase
|
|
|
|
|
|
|
|
Same as above but without the `--passphrase` part.
|
|
|
|
|
|
|
|
# Create the backup
|
|
|
|
|
|
|
|
Create the batch file for the backup.
|
|
|
|
|
|
|
|
```bash
|
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
TARGET='rsync://backup@$DOMAIN/$PATH'
|
|
|
|
|
|
|
|
KEY='--encrypt-key $key'
|
|
|
|
|
|
|
|
# create the backup, incrementally and a full one every month
|
|
|
|
duplicity incr --full-if-older-than 1M --name "$name" "$KEY" "$path" "${TARGET}/${sub_folder}"
|
|
|
|
|
|
|
|
# remove backups older than 3 months
|
|
|
|
PASSPHRASE="" duplicity remove-older-than 3M --force "$KEY" "${TARGET}/${sub_folder}"
|
|
|
|
```
|
|
|
|
|
|
|
|
If you have a passphrase for the gpg key, provide it as an environment variable to duplicity.
|
|
|
|
|
|
|
|
| Variable | Function |
|
|
|
|
| --- | --- |
|
|
|
|
| `$name` | The name of the backup, prefixed to the generated file |
|
|
|
|
| `$path` | The path to backup |
|
|
|
|
| `$sub_folder` | The sub folder where to store this on the backup machine |
|
|
|
|
|
|
|
|
To have an rsync server as above and only allow rsync login follow the guide in [Rsync only SSH](tutorials/rsync-only-ssh). |
|
|
|
\ No newline at end of file |
