diff --git a/README.md b/README.md index 7142e1f..accf958 100644 --- a/README.md +++ b/README.md @@ -1,32 +1,45 @@ # vaultwarden-backup + This script saves the Vaultwarden SQLite database, and sends a message to a Telegram bot. ## Introduction -The SQLite database file (`db.sqlite3`) stores almost all important Vaultwarden data/state (database entries, users, organizations, device metadata...), with the main exception being attachments, which are stored as separate files on the filesystem. -You should generally use the `.backup` command in the SQLite CLI to back up the database file. This command uses the [Online Backup API][online_backup_api], which SQLite documents as the [best way][best_way] to back up a database file that may be in active use. If you can ensure the database will not be in use when a backup runs, you can also use other methods such as the `.dump` command, or simply copying all the SQLite database files (including the `-wal` file, if present). +The SQLite database file (`db.sqlite3`) stores almost all important Vaultwarden data/state (database entries, users, +organizations, device metadata...), with the main exception being attachments, which are stored as separate files on the +filesystem. + +You should generally use the `.backup` command in the SQLite CLI to back up the database file. This command uses +the [Online Backup API][online_backup_api], which SQLite documents as the [best way][best_way] to back up a database +file that may be in active use. If you can ensure the database will not be in use when a backup runs, you can also use +other methods such as the `.dump` command, or simply copying all the SQLite database files (including the `-wal` file, +if present). You can learn more here: https://github.com/dani-garcia/vaultwarden/wiki/Backing-up-your-vault ## Requirements ### Software -It is clearly necessary to have deployed a Vaultwarden instance on your server. I wrote an article about this topic here: https://illuad.fr/2020/06/11/install-vaultwarden.html -Since a message is sent to a Telegram bot, it is necessary to have one configured. I wrote an article about this topic here: https://illuad.fr/2020/10/27/get-a-telegram-alert-on-a-ssh-login-with-pam.html +It is clearly necessary to have deployed a Vaultwarden instance on your server. I wrote an article about this topic +here: https://illuad.fr/2020/06/11/install-vaultwarden.html + +Since a message is sent to a Telegram bot, it is necessary to have one configured. I wrote an article about this topic +here: https://illuad.fr/2020/10/27/get-a-telegram-alert-on-a-ssh-login-with-pam.html ### System + This script can run on any GNU/Linux machine. This script uses `sqlite3` command, so make sure it is installed on your system. ## Installation + Since this script must be executed with root rights, it is a good practice to place it in `/usr/local/sbin/`. ``` -curl -LOsSf https://gitea.illuad.fr/adrien/vaultwarden-backup/raw/branch/master/vaultwarden-backup -sudo mv vaultwarden-backup /usr/local/sbin -sudo chmod 750 /usr/local/sbin/vaultwarden-backup +curl -LOsSf https://gitea.illuad.fr/adrien/vaultwarden-backup/raw/branch/master/vaultwarden-backup.sh +sudo mv vaultwarden-backup.sh /usr/local/sbin +sudo chmod 750 /usr/local/sbin/vaultwarden-backup.sh ``` Create the logs' directory. @@ -36,34 +49,38 @@ sudo mkdir -p /var/log/backup/vaultwarden-backup ``` ## Configuration + This script requires the configuration of 2 variables to work: `key` and `chat_id`. Variables `key` and `chat_id` correspond to the API key and the chat id obtained during the bot creation process. #### Fast variables setting + For the `key` variable. ``` -sudo sed -i "s/key=/key=/" /usr/local/sbin/vaultwarden-backup +sudo sed -i "s/key=/key=/" /usr/local/sbin/vaultwarden-backup.sh ``` For the `chat_id` variable. ``` -sudo sed -i "s/chat_id=/chat_id=/" /usr/local/sbin/vaultwarden-backup +sudo sed -i "s/chat_id=/chat_id=/" /usr/local/sbin/vaultwarden-backup.sh ``` ## Automation + Running this script automatically is a good idea, here is what you should have in the cron jobs of the root user. ``` sudo crontab -l -*/15 * * * * /usr/local/sbin/vaultwarden-backup +*/15 * * * * /usr/local/sbin/vaultwarden-backup.sh ``` -Every 15 minutes, the script will saves the Vaultwarden SQLite database into `/var/local/vaultwarden/backups/`. +Every 15 minutes, the script will save the Vaultwarden SQLite database into `/var/local/vaultwarden/backups/`. -If you keep all the backups, the storage space will quickly become full, so it is necessary to delete them as time goes on. +If you keep all the backups, the storage space will quickly become full, so it is necessary to delete them as time goes +on. ``` sudo crontab -l @@ -73,6 +90,7 @@ sudo crontab -l Every 16 minutes, the script will delete the backups that are 60 minutes old. ## Restore a backup + Make sure Vaultwarden service is stopped. ``` @@ -92,4 +110,5 @@ sudo systemctl start vaultwarden.service ``` [online_backup_api]: https://www.sqlite.org/backup.html + [best_way]: https://www.sqlite.org/howtocorrupt.html#_backup_or_restore_while_a_transaction_is_active diff --git a/vaultwarden-backup b/vaultwarden-backup.sh similarity index 78% rename from vaultwarden-backup rename to vaultwarden-backup.sh index 1ecad20..a07325f 100644 --- a/vaultwarden-backup +++ b/vaultwarden-backup.sh @@ -1,4 +1,4 @@ -#! /usr/bin/env bash +#!/usr/bin/env bash # All executed commands are printed to stdout set -x @@ -22,11 +22,13 @@ key= chat_id= function send_message() { - if [ $# -eq 0 ]; then - echo "No argument supplied, please specify the message to send" - else + if ! [ $# -eq 0 ]; then curl --silent --show-error --fail --request POST "https://api.telegram.org/$key/sendMessage" --data chat_id="$chat_id" --data text="$1" --output /dev/null + exit fi + + echo "No argument supplied, please specify the message to send" + exit 1 } function backup_vaultwarden { @@ -40,11 +42,12 @@ function backup_vaultwarden { mkdir --parents "$destination_directory" # Save the SQLite 3 database - if /usr/bin/sqlite3 /var/lib/vaultwarden/data/db.sqlite3 ".backup $destination_directory/backup.sqlite3"; then - send_message "[Backup] - Vaultwarden has just been backed up" - else + if ! sqlite3 /var/lib/vaultwarden/data/db.sqlite3 ".backup $destination_directory/backup.sqlite3"; then send_message "[Backup] - Error during Vaultwarden backup, please log in as soon as possible and see what went wrong" + exit 1 fi + + send_message "[Backup] - Vaultwarden has just been backed up" } backup_vaultwarden