austindebest/proxpanel
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
95633a6722624692421e7eba2e3f82c5d52d7459
proxpanel/infra/deploy/db-backup-encrypted.sh

75 lines
2.0 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
set -Eeuo pipefail
APP_DIR="${APP_DIR:-/opt/proxpanel}"
ENV_FILE="${ENV_FILE:-$APP_DIR/.env.production}"
SECRET_FILE="${SECRET_FILE:-$APP_DIR/.backup.env}"
BACKUP_ROOT="${BACKUP_ROOT:-/opt/proxpanel-backups/daily}"
RETENTION_DAYS="${RETENTION_DAYS:-14}"
log() {
printf '[%s] %s\n' "$(date -u +'%Y-%m-%d %H:%M:%S UTC')" "$*"
}
die() {
printf '[ERROR] %s\n' "$*" >&2
exit 1
}
require_file() {
[[ -f "$1" ]] || die "Missing required file: $1"
}
require_command() {
command -v "$1" >/dev/null 2>&1 || die "Missing required command: $1"
}
main() {
require_command docker
require_command openssl
require_command sha256sum
require_file "$ENV_FILE"
require_file "$SECRET_FILE"
# shellcheck disable=SC1090
source "$ENV_FILE"
# shellcheck disable=SC1090
source "$SECRET_FILE"
[[ -n "${BACKUP_ENCRYPTION_KEY:-}" ]] || die "BACKUP_ENCRYPTION_KEY is empty in $SECRET_FILE"
export BACKUP_ENCRYPTION_KEY
[[ -n "${POSTGRES_USER:-}" ]] || die "POSTGRES_USER missing in $ENV_FILE"
[[ -n "${POSTGRES_DB:-}" ]] || die "POSTGRES_DB missing in $ENV_FILE"
local ts backup_dir plain_sql encrypted_sql
ts="$(date -u +%Y%m%d-%H%M%S)"
backup_dir="${BACKUP_ROOT}/${ts}"
plain_sql="${backup_dir}/proxpanel.sql"
encrypted_sql="${plain_sql}.enc"
mkdir -p "$backup_dir"
chmod 700 "$backup_dir"
log "Creating plaintext dump"
docker exec proxpanel-postgres pg_dump -U "$POSTGRES_USER" -d "$POSTGRES_DB" --clean --if-exists >"$plain_sql"
log "Encrypting dump"
openssl enc -aes-256-cbc -salt -pbkdf2 -iter 200000 \
-in "$plain_sql" \
-out "$encrypted_sql" \
-pass env:BACKUP_ENCRYPTION_KEY
log "Writing checksum"
sha256sum "$encrypted_sql" >"${encrypted_sql}.sha256"
rm -f "$plain_sql"
chmod 600 "$encrypted_sql" "${encrypted_sql}.sha256"
log "Applying retention policy (${RETENTION_DAYS} days)"
find "$BACKUP_ROOT" -mindepth 1 -maxdepth 1 -type d -mtime +"$RETENTION_DAYS" -exec rm -rf {} +
log "Encrypted backup created: $encrypted_sql"
}
main "$@"
Reference in New Issue View Git Blame Copy Permalink