From 593a4e2b283d39337562708d5d77524bec064e8a Mon Sep 17 00:00:00 2001
From: adrien <ponsinadrien@gmail.com>
Date: Thu, 29 Apr 2021 13:47:12 +0200
Subject: [PATCH] First commit

---
 LICENSE            | 21 +++++++++++
 README.md          | 94 ++++++++++++++++++++++++++++++++++++++++++++++
 vaultwarden-backup | 52 +++++++++++++++++++++++++
 3 files changed, 167 insertions(+)
 create mode 100644 LICENSE
 create mode 100644 README.md
 create mode 100644 vaultwarden-backup

diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..7bbdad8
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2021 Adrien
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..c62b23f
--- /dev/null
+++ b/README.md
@@ -0,0 +1,94 @@
+# vaultwarden-backup
+This script saves the Vaultwarden SQLite database, and sends a message to a Telegram bot.
+
+## Introduction
+The SQLite database file (`db.sqlite3`) stores almost all important Vaultwarden data/state (database entries, users, organizations, device metadata...), with the main exception being attachments, which are stored as separate files on the filesystem.
+
+You should generally use the `.backup` command in the SQLite CLI to back up the database file. This command uses the [Online Backup API][online_backup_api], which SQLite documents as the [best way][best_way] to back up a database file that may be in active use. If you can ensure the database will not be in use when a backup runs, you can also use other methods such as the `.dump` command, or simply copying all the SQLite database files (including the `-wal` file, if present).
+
+You can learn more here: https://github.com/dani-garcia/vaultwarden/wiki/Backing-up-your-vault
+
+## Requirements
+
+### Software
+It is clearly necessary to have deployed a Vaultwarden instance on your server. I wrote an article about this topic here: https://illuad.fr/2020/06/11/install-vaultwarden.html
+
+Since a message is sent to a Telegram bot, it is necessary to have one configured. I wrote an article about this topic here: https://illuad.fr/2020/10/27/get-a-telegram-alert-on-a-ssh-login-with-pam.html
+
+### System
+This script can run on any GNU/Linux machine.
+
+This script uses `sqlite3` command, so make sure it is installed on your system.
+
+## Installation
+Since this script must be executed with root rights, it is a good practice to place it in `/usr/local/sbin/`.
+
+```
+sudo curl -Lo /usr/local/sbin/vaultwarden-backup -sSf https://gitea.illuad.fr/adrien/vaultwarden-backup/raw/branch/master/vaultwarden-backup
+sudo chmod 750 /usr/local/sbin/vaultwarden-backup
+```
+
+Create the logs' directory.
+
+```
+sudo mkdir -p /var/log/backup/vaultwarden-backup
+```
+
+## Configuration
+This script requires the configuration of 2 variables to work: `key` and `chat_id`.
+
+Variables `key` and `chat_id` correspond to the API key and the chat id obtained during the bot creation process.
+
+#### Fast variables setting
+For the `key` variable.
+
+```
+sudo sed -i "s/key=/key=<your_key>/" /usr/local/sbin/vaultwarden-backup
+```
+
+For the `chat_id` variable.
+
+```
+sudo sed -i "s/chat_id=/chat_id=<your_chat_id>/" /usr/local/sbin/vaultwarden-backup
+```
+
+## Automation
+Running this script automatically is a good idea, here is what you should have in the cron jobs of the root user.
+
+```
+sudo crontab -l
+*/15 * * * * /usr/local/sbin/vaultwarden-backup
+```
+
+Every 15 minutes, the script will saves the Vaultwarden SQLite database into `/var/local/vaultwarden/backups/`.
+
+If you keep all the backups, the storage space will quickly become full, so it is necessary to delete them as time goes on.
+
+```
+sudo crontab -l
+*/16 * * * * /usr/bin/find /var/local/vaultwarden/backups/ -type d -mmin +60 -exec rm -rf {} \;
+```
+
+Every 16 minutes, the script will delete the backups that are 60 minutes old.
+
+## Restore a backup
+Make sure Vaultwarden service is stopped.
+
+```
+sudo systemctl stop vaultwarden.service
+```
+
+Replace `<date>` with the folder name (the date you want to restore the data).
+
+```
+sudo cp /var/local/vaultwarden/backups/<date>/backup.sqlite3 /var/lib/vaultwarden/data/db.sqlite3
+```
+
+Start Vaultwarden service.
+
+```
+sudo systemctl start vaultwarden.service
+```
+
+[online_backup_api]: https://www.sqlite.org/backup.html
+[best_way]: https://www.sqlite.org/howtocorrupt.html#_backup_or_restore_while_a_transaction_is_active
diff --git a/vaultwarden-backup b/vaultwarden-backup
new file mode 100644
index 0000000..c5d989f
--- /dev/null
+++ b/vaultwarden-backup
@@ -0,0 +1,52 @@
+#! /usr/bin/env bash
+
+# all executed commands are printed to stdout
+set -x
+
+# redirect stdout (and stderr to stdout) to a file
+exec 1> /var/log/backup/vaultwarden-backup/vaultwarden-backup-$(date +%F).log 2>&1
+
+# abort on nonzero exitstatus
+set -o errexit
+
+# abort on unbound variable
+set -o nounset
+
+# don't hide errors within pipes
+set -o pipefail
+
+# set your API key here
+key=
+
+# set your chat id here
+chat_id=
+
+function send_message() {
+	if [ $# -eq 0 ]
+	then
+		echo "No argument supplied. Please specify the message to send."
+	else
+		curl --silent --show-error --fail --request POST https://api.telegram.org/${key}/sendMessage --data chat_id=${chat_id} --data text="${1}" --output /dev/null
+	fi
+}
+
+function backup_vaultwarden {
+	# retrieve the date in YYYY-MM-DD format and the timestamp in H-M-S format
+	backup_time=$(date +%Y-%m-%d_%I-%M-%S)
+	
+	# set the destination directory for backups
+	destination_directory=/var/local/vaultwarden/backups/${backup_time}
+	
+	# create the destination directory
+	mkdir --parents ${destination_directory}
+
+	# save the SQLite 3 database
+	if /usr/bin/sqlite3 /var/lib/vaultwarden/data/db.sqlite3 ".backup ${destination_directory}/backup.sqlite3"
+	then
+		send_message "[Backup] - Vaultwarden has just been backuped."
+	else
+		send_message "[Backup] - Error during Vaultwarden bacup. Please log in as soon as possible and see what went wrong."
+	fi
+}
+
+backup_vaultwarden