115 lines
3.5 KiB
Markdown
115 lines
3.5 KiB
Markdown
# vaultwarden-backup
|
|
|
|
This script saves the Vaultwarden SQLite database, and sends a message to a Telegram bot.
|
|
|
|
## Introduction
|
|
|
|
The SQLite database file (`db.sqlite3`) stores almost all important Vaultwarden data/state (database entries, users,
|
|
organizations, device metadata...), with the main exception being attachments, which are stored as separate files on the
|
|
filesystem.
|
|
|
|
You should generally use the `.backup` command in the SQLite CLI to back up the database file. This command uses
|
|
the [Online Backup API][online_backup_api], which SQLite documents as the [best way][best_way] to back up a database
|
|
file that may be in active use. If you can ensure the database will not be in use when a backup runs, you can also use
|
|
other methods such as the `.dump` command, or simply copying all the SQLite database files (including the `-wal` file,
|
|
if present).
|
|
|
|
You can learn more here: https://github.com/dani-garcia/vaultwarden/wiki/Backing-up-your-vault
|
|
|
|
## Requirements
|
|
|
|
### Software
|
|
|
|
It is clearly necessary to have deployed a Vaultwarden instance on your server. I wrote an article about this topic
|
|
here: https://illuad.fr/2020/06/11/install-vaultwarden.html
|
|
|
|
Since a message is sent to a Telegram bot, it is necessary to have one configured. I wrote an article about this topic
|
|
here: https://illuad.fr/2020/10/27/get-a-telegram-alert-on-a-ssh-login-with-pam.html
|
|
|
|
### System
|
|
|
|
This script can run on any GNU/Linux machine.
|
|
|
|
This script uses `sqlite3` command, so make sure it is installed on your system.
|
|
|
|
## Installation
|
|
|
|
Since this script must be executed with root rights, it is a good practice to place it in `/usr/local/sbin/`.
|
|
|
|
```
|
|
curl -LOsSf https://gitea.illuad.fr/adrien/vaultwarden-backup/raw/branch/master/vaultwarden-backup.sh
|
|
sudo mv vaultwarden-backup.sh /usr/local/sbin
|
|
sudo chmod 750 /usr/local/sbin/vaultwarden-backup.sh
|
|
```
|
|
|
|
Create the logs' directory.
|
|
|
|
```
|
|
sudo mkdir -p /var/log/backup/vaultwarden-backup
|
|
```
|
|
|
|
## Configuration
|
|
|
|
This script requires the configuration of 2 variables to work: `key` and `chat_id`.
|
|
|
|
Variables `key` and `chat_id` correspond to the API key and the chat id obtained during the bot creation process.
|
|
|
|
#### Fast variables setting
|
|
|
|
For the `key` variable.
|
|
|
|
```
|
|
sudo sed -i "s/key=/key=<your_key>/" /usr/local/sbin/vaultwarden-backup.sh
|
|
```
|
|
|
|
For the `chat_id` variable.
|
|
|
|
```
|
|
sudo sed -i "s/chat_id=/chat_id=<your_chat_id>/" /usr/local/sbin/vaultwarden-backup.sh
|
|
```
|
|
|
|
## Automation
|
|
|
|
Running this script automatically is a good idea, here is what you should have in the cron jobs of the root user.
|
|
|
|
```
|
|
sudo crontab -l
|
|
*/15 * * * * /usr/local/sbin/vaultwarden-backup.sh
|
|
```
|
|
|
|
Every 15 minutes, the script will save the Vaultwarden SQLite database into `/var/local/vaultwarden/backups/`.
|
|
|
|
If you keep all the backups, the storage space will quickly become full, so it is necessary to delete them as time goes
|
|
on.
|
|
|
|
```
|
|
sudo crontab -l
|
|
*/16 * * * * /usr/bin/find /var/local/vaultwarden/backups/ -type d -mmin +60 -exec rm -rf {} \;
|
|
```
|
|
|
|
Every 16 minutes, the script will delete the backups that are 60 minutes old.
|
|
|
|
## Restore a backup
|
|
|
|
Make sure Vaultwarden service is stopped.
|
|
|
|
```
|
|
sudo systemctl stop vaultwarden.service
|
|
```
|
|
|
|
Replace `<date>` with the folder name (the date you want to restore the data).
|
|
|
|
```
|
|
sudo cp /var/local/vaultwarden/backups/<date>/backup.sqlite3 /var/lib/vaultwarden/data/db.sqlite3
|
|
```
|
|
|
|
Start Vaultwarden service.
|
|
|
|
```
|
|
sudo systemctl start vaultwarden.service
|
|
```
|
|
|
|
[online_backup_api]: https://www.sqlite.org/backup.html
|
|
|
|
[best_way]: https://www.sqlite.org/howtocorrupt.html#_backup_or_restore_while_a_transaction_is_active
|