# ==========
# Preparation / Prerequisites
# ==========

BORG_HOST="o26.oopen.de"
BORG_REPO="/backup/cl-fm"
BORG_PASSPHRASE='wweK/m.xV-g3oI-7WM/pejTP'

BORG_HOST="o26.oopen.de"
BORG_REPO="/backup/mail-fm"
BORG_PASSPHRASE='joG.Ir2x--VsX6/mxb.kEcmq'

BORG_HOST="o26.oopen.de"
BORG_REPO="/backup/web-02"
BORG_PASSPHRASE='Jt-uj-/PL3X-WH3n-qQ/2i.JC'

BORG_HOST="o26.oopen.de"
BORG_REPO="/backup/web-05"
BORG_PASSPHRASE='FZyFW-bxXV-rHiQ7n/dAxI.L'

BORG_HOST="o26.oopen.de"
BORG_REPO="/backup/cl-irights"
BORG_PASSPHRASE='Mc/ad-vY5U2YoqhN-nX4wfUq'

BORG_HOST="o26.oopen.de"
BORG_REPO="/backup/cl-01"
BORG_PASSPHRASE='sk-6F-ZbS2ngEsN9eyC.F.7d'

BORG_HOST="o26.oopen.de"
BORG_REPO="/backup/cl-vbrg"
BORG_PASSPHRASE='5/IoQ7-jsAN/I4d-rz.fEjkU'

BORG_HOST="o26.oopen.de"
BORG_REPO="/backup/cl-02"
BORG_PASSPHRASE='uJ.SSt/JVziq-Xg2QaheS-JU'

BORG_HOST="o26.oopen.de"
BORG_REPO="/backup/cl-opp"
BORG_PASSPHRASE='Ve.voKCq-9-dFaipE-Muc4EF'

BORG_HOST="o26.oopen.de"
BORG_REPO="/backup/cloud.akweb.de"
BORG_PASSPHRASE='bqF/E.m7W4GM3YtyrVhLfque'

BORG_HOST="o26.oopen.de"
BORG_REPO="/backup/cl-flr"
BORG_PASSPHRASE='P-TY.yg7PqU.sSPe/xod2fgL'

BORG_HOST="o26.oopen.de"
BORG_REPO="/backup/o25-board"
BORG_PASSPHRASE='w.N-2/MSyH5ZM-G.42/9ex5H'

BORG_HOST="o26.oopen.de"
BORG_REPO="/backup/a.mx"
BORG_PASSPHRASE='ij-A4_Y/uGpYZw.dTdHJ_cA6'

BORG_HOST="o26.oopen.de"
BORG_REPO="/backup/mail-cadus"
BORG_PASSPHRASE='n.nVIYmW9PGSn+vz.s_%5K7a'

BORG_HOST="o26.oopen.de"
BORG_REPO="/backup/c.mx"
BORG_PASSPHRASE='n.nVIYmW9PGSn+vz.s_%5K7a'

SSH_USER="borg"
SSH_PORT=22
SSH_IDENTITY_FILE="/root/.ssh/id_ed25519-borg-backup"

export BORG_RSH='ssh -i /root/.ssh/id_ed25519-borg-backup'
export SSH_USER
export BORG_PASSPHRASE

# --- 
# see:
#
#     https://www.c-rieger.de/nextcloud-borg-backup-zur-hetzner-storage-box
#     https://borgbackup.readthedocs.io/en/stable/quickstart.html
# ---


# ==========
# Preparations Server
# ==========

# preparation on the backup server (o26.oopen.de)
# ===============================================
#
# 1. On Backup Server create a user which is used to push the backups to the server
#  
#     backup-user:   borg
#     backup-group:  borg
#
#
# 2 Create a backup repository:
#
#  client-identifier: cl-fm
#
#     mkdir -p /backup/<client-identifier>
#
#
# 3. Backup user must have full write permissions to the backup repostitories
#
#     chown <backup-user>:<backup-group> /data/backup/<client-identifier>
#
# 4. Prevent repository directory from being deleted
#
#     chattr +i /data/backup/<client-identifier>
#
chattr -i "$(dirname "${BORG_REPO}")"
mkdir -p "${BORG_REPO}"
chown ${SSH_USER}:${SSH_USER} "${BORG_REPO}"
chattr +i "$(dirname "${BORG_REPO}")"



# ==========
# Preparations Client
# ==========


# preparation on the backup client (cl-fm.oopen.de
# ================================================
#
# 1. Install Borg Backup (on the client) using 'apt install'
#
#     apt install -y -t stable-backports borgbackup python3-llfuse
#
#
# 2. Generate a SSH Key (as root without passphrase) to connect to the backup server:
#
#     ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519-borg-backup
#
#     Note: 
#        Dont't forget pusching the key to the servers authorized_key file of
#        the remote backup user
#
#  
# 3. create file /root/.ssh/config ti store ssh connection parameters
#  
#     BORG_HOST="o26.oopen.de"
#     SSH_USER="borg"
#     SSH_IDENTITY_FILE="/root/.ssh/id_ed25519-borg-backup"
#  
#     cat << EOF > /root/.ssh/config
#     host ${BORG_HOST}
#        User ${SSH_USER}
#        IdentityFile ${SSH_IDENTITY_FILE}
#        StrictHostKeyChecking no
#        LogLevel FATAL
#     EOF
#
apt install -y -t stable-backports borgbackup python3-llfuse
ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519-borg-backup
cat << EOF > /root/.ssh/config
host ${BORG_HOST}
   User ${SSH_USER}
   IdentityFile ${SSH_IDENTITY_FILE}
   StrictHostKeyChecking no
   LogLevel FATAL
EOF

git clone https://git.oopen.de/backup/borg-backup /root/bin/borg-backup


# Initialize backup
# =================
#
#     export SSH_USER="borg"
#     export BORG_HOST="o26.oopen.de"
#     export SSH_PORT="22"
#     export BORG_PASSPHRASE="wweK/m.xV-g3oI-7WM/pejTP"
#     
#     export BORG_REPO="/data/backup/cl-fm"
#
#     borg init --encryption=repokey ssh://${SSH_USER}@${BORG_HOST}:${SSH_PORT}${BACKUP_REPOSITORY}
#
#  Outpu of of borg initializing was:
#
#     By default repositories initialized with this version will produce security
#     errors if written to with an older version (up to and including Borg 1.0.8).
#
#     If you want to use these older versions, you can disable the check by running:
#      borg upgrade --disable-tam ssh://borg@o26.oopen.de:22//data/backup/cl-fm
#
#     See https://borgbackup.readthedocs.io/en/stable/changes.html#pre-1-0-9-manifest-spoofing-vulnerability 
#     for details about the security implications.
#
#     IMPORTANT: you will need both KEY AND PASSPHRASE to access this repo!
#     If you used a repokey mode, the key is stored in the repo, but you should back it up separately.
#     Use "borg key export" to export the key, optionally in printable format.
#     Write down the passphrase. Store both at safe place(s).
#     
borg init --encryption=repokey ssh://${SSH_USER}@${BORG_HOST}:${SSH_PORT}${BORG_REPO}