First commit
This commit is contained in:
commit
593a4e2b28
21
LICENSE
Normal file
21
LICENSE
Normal file
@ -0,0 +1,21 @@
|
||||
MIT License
|
||||
|
||||
Copyright (c) 2021 Adrien
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
||||
94
README.md
Normal file
94
README.md
Normal file
@ -0,0 +1,94 @@
|
||||
# vaultwarden-backup
|
||||
This script saves the Vaultwarden SQLite database, and sends a message to a Telegram bot.
|
||||
|
||||
## Introduction
|
||||
The SQLite database file (`db.sqlite3`) stores almost all important Vaultwarden data/state (database entries, users, organizations, device metadata...), with the main exception being attachments, which are stored as separate files on the filesystem.
|
||||
|
||||
You should generally use the `.backup` command in the SQLite CLI to back up the database file. This command uses the [Online Backup API][online_backup_api], which SQLite documents as the [best way][best_way] to back up a database file that may be in active use. If you can ensure the database will not be in use when a backup runs, you can also use other methods such as the `.dump` command, or simply copying all the SQLite database files (including the `-wal` file, if present).
|
||||
|
||||
You can learn more here: https://github.com/dani-garcia/vaultwarden/wiki/Backing-up-your-vault
|
||||
|
||||
## Requirements
|
||||
|
||||
### Software
|
||||
It is clearly necessary to have deployed a Vaultwarden instance on your server. I wrote an article about this topic here: https://illuad.fr/2020/06/11/install-vaultwarden.html
|
||||
|
||||
Since a message is sent to a Telegram bot, it is necessary to have one configured. I wrote an article about this topic here: https://illuad.fr/2020/10/27/get-a-telegram-alert-on-a-ssh-login-with-pam.html
|
||||
|
||||
### System
|
||||
This script can run on any GNU/Linux machine.
|
||||
|
||||
This script uses `sqlite3` command, so make sure it is installed on your system.
|
||||
|
||||
## Installation
|
||||
Since this script must be executed with root rights, it is a good practice to place it in `/usr/local/sbin/`.
|
||||
|
||||
```
|
||||
sudo curl -Lo /usr/local/sbin/vaultwarden-backup -sSf https://gitea.illuad.fr/adrien/vaultwarden-backup/raw/branch/master/vaultwarden-backup
|
||||
sudo chmod 750 /usr/local/sbin/vaultwarden-backup
|
||||
```
|
||||
|
||||
Create the logs' directory.
|
||||
|
||||
```
|
||||
sudo mkdir -p /var/log/backup/vaultwarden-backup
|
||||
```
|
||||
|
||||
## Configuration
|
||||
This script requires the configuration of 2 variables to work: `key` and `chat_id`.
|
||||
|
||||
Variables `key` and `chat_id` correspond to the API key and the chat id obtained during the bot creation process.
|
||||
|
||||
#### Fast variables setting
|
||||
For the `key` variable.
|
||||
|
||||
```
|
||||
sudo sed -i "s/key=/key=<your_key>/" /usr/local/sbin/vaultwarden-backup
|
||||
```
|
||||
|
||||
For the `chat_id` variable.
|
||||
|
||||
```
|
||||
sudo sed -i "s/chat_id=/chat_id=<your_chat_id>/" /usr/local/sbin/vaultwarden-backup
|
||||
```
|
||||
|
||||
## Automation
|
||||
Running this script automatically is a good idea, here is what you should have in the cron jobs of the root user.
|
||||
|
||||
```
|
||||
sudo crontab -l
|
||||
*/15 * * * * /usr/local/sbin/vaultwarden-backup
|
||||
```
|
||||
|
||||
Every 15 minutes, the script will saves the Vaultwarden SQLite database into `/var/local/vaultwarden/backups/`.
|
||||
|
||||
If you keep all the backups, the storage space will quickly become full, so it is necessary to delete them as time goes on.
|
||||
|
||||
```
|
||||
sudo crontab -l
|
||||
*/16 * * * * /usr/bin/find /var/local/vaultwarden/backups/ -type d -mmin +60 -exec rm -rf {} \;
|
||||
```
|
||||
|
||||
Every 16 minutes, the script will delete the backups that are 60 minutes old.
|
||||
|
||||
## Restore a backup
|
||||
Make sure Vaultwarden service is stopped.
|
||||
|
||||
```
|
||||
sudo systemctl stop vaultwarden.service
|
||||
```
|
||||
|
||||
Replace `<date>` with the folder name (the date you want to restore the data).
|
||||
|
||||
```
|
||||
sudo cp /var/local/vaultwarden/backups/<date>/backup.sqlite3 /var/lib/vaultwarden/data/db.sqlite3
|
||||
```
|
||||
|
||||
Start Vaultwarden service.
|
||||
|
||||
```
|
||||
sudo systemctl start vaultwarden.service
|
||||
```
|
||||
|
||||
[online_backup_api]: https://www.sqlite.org/backup.html
|
||||
[best_way]: https://www.sqlite.org/howtocorrupt.html#_backup_or_restore_while_a_transaction_is_active
|
||||
52
vaultwarden-backup
Normal file
52
vaultwarden-backup
Normal file
@ -0,0 +1,52 @@
|
||||
#! /usr/bin/env bash
|
||||
|
||||
# all executed commands are printed to stdout
|
||||
set -x
|
||||
|
||||
# redirect stdout (and stderr to stdout) to a file
|
||||
exec 1> /var/log/backup/vaultwarden-backup/vaultwarden-backup-$(date +%F).log 2>&1
|
||||
|
||||
# abort on nonzero exitstatus
|
||||
set -o errexit
|
||||
|
||||
# abort on unbound variable
|
||||
set -o nounset
|
||||
|
||||
# don't hide errors within pipes
|
||||
set -o pipefail
|
||||
|
||||
# set your API key here
|
||||
key=
|
||||
|
||||
# set your chat id here
|
||||
chat_id=
|
||||
|
||||
function send_message() {
|
||||
if [ $# -eq 0 ]
|
||||
then
|
||||
echo "No argument supplied. Please specify the message to send."
|
||||
else
|
||||
curl --silent --show-error --fail --request POST https://api.telegram.org/${key}/sendMessage --data chat_id=${chat_id} --data text="${1}" --output /dev/null
|
||||
fi
|
||||
}
|
||||
|
||||
function backup_vaultwarden {
|
||||
# retrieve the date in YYYY-MM-DD format and the timestamp in H-M-S format
|
||||
backup_time=$(date +%Y-%m-%d_%I-%M-%S)
|
||||
|
||||
# set the destination directory for backups
|
||||
destination_directory=/var/local/vaultwarden/backups/${backup_time}
|
||||
|
||||
# create the destination directory
|
||||
mkdir --parents ${destination_directory}
|
||||
|
||||
# save the SQLite 3 database
|
||||
if /usr/bin/sqlite3 /var/lib/vaultwarden/data/db.sqlite3 ".backup ${destination_directory}/backup.sqlite3"
|
||||
then
|
||||
send_message "[Backup] - Vaultwarden has just been backuped."
|
||||
else
|
||||
send_message "[Backup] - Error during Vaultwarden bacup. Please log in as soon as possible and see what went wrong."
|
||||
fi
|
||||
}
|
||||
|
||||
backup_vaultwarden
|
||||
Loading…
Reference in New Issue
Block a user