fulldecent · April 1, 2020 12:24
diff --git a/backup-to-insecure-remote-server b/backup-to-insecure-remote-server
 ##
 ## backup-to-insecure-remote-server v1.0
 ## William Entriken / [email protected]
 ##
 ## YOU NEED TO KEEP A BACKUP OF .encfs6.xml AND YOUR PASSKEY!!!
 ##
 ## TODO
 ##  * Create a restore action
 ##  * Make a quick task to confirm that restoring works
 ##
 ## PREREQUESITES
 ## 1. `brew install rofs-filtered`
 ## 2. `brew install rsync` # must be version 3 or greater
 ## 3. `brew install encfs`
 ##
 ## NOTES
 ## http://bubba.org/wiki/Encrypted_Remote_Backups_with_Sparse_Bundles recommends rsync -E

 require 'colorize'

 plaintext_dir = "/Volumes/FDDISK/"
 filtered_dir = "/tmp/fd-disk-filtered"
 ciphertext_dir = "/tmp/fd-disk-encrypted/"
 extpass = "security find-generic-password -gwl encfs" # http://blog.macromates.com/2006/keychain-access-from-shell/
 backup_location = "[email protected]:/media/backupenc/"
 rsync_command = "rsync" # must be version 3 or greater

 #
 # RESTORE
 # sshfs [email protected]:/ ~/Mount/camera.phor.net
 # ENCFS6_CONFIG=~/fddisk_encfs6.xml encfs --extpass='security find-generic-password -gwl encfs' ~/Mount/camera.phor.net/media/backupenc ~/Desktop/TMP-ENC
 #

 # http://stackoverflow.com/a/11320444/300224
 Rake::TaskManager.record_task_metadata = true
 desc "Show all the tasks"
 task :default do
  Rake::application.options.show_tasks = :tasks  # this solves sidewaysmilk problem
  Rake::application.options.show_task_pattern = //
  Rake::application.display_tasks_and_comments
 end

 desc 'Create filtered list of files to sync'
 task :filter => [] do
  excludes_file = "/tmp/rofs-filtered-config"
  print "Filtering from ".yellow, plaintext_dir.magenta, " to ".yellow, filtered_dir.magenta, "\n"

  puts 'Creating filter configuration file'.yellow
  # See https://github.com/gburca/rofs-filtered/blob/master/rofs-filtered-invert.rc
  # See https://github.com/github/gitignore/blob/master/Global/macOS.gitignore
  file = <<-'EOF'
 \.DS_Store
 \.AppleDouble
 \.LSOverride
 # Icon must end with two \r
 Icon..$
 # Thumbnails
 \._
 # Files that might appear in the root of a volume
 /\.DocumentRevisions-V100
 /\.fseventsd
 /\.Spotlight-V100
 /\.TemporaryItems
 /\.Trashes
 /\.VolumeIcon\.icns
 /\.com\.apple\.timemachine\.donotpresent
 # Directories potentially created on remote AFP share
 \.AppleDB
 \.AppleDesktop
 Network Trash Folder
 Temporary Items
 \.apdisk
 # More stuff by Will
 \.ds_store
 NOSYNC
 DONT SYNC
 #^/\. maybe
  EOF
  File.write(excludes_file, file)
  puts ('Saved to '+excludes_file).yellow
  `umount -f #{filtered_dir} | true`
  #sh 'umount', '-f', '/tmp/filtered'
  #sh 'diskutil', 'umount', 'force', '/tmp/filtered' if File.exists?('/tmp/filtered')
  sh 'rofs-filtered', filtered_dir, '-o', "source=#{plaintext_dir}", '-o', "config=#{excludes_file}"
 #  rofs-filtered <Filtered-Path> -o source=<RW-Path> -o invert [-o config=/etc/filter1.rc] [FUSE options]
  puts 'Filtering complete'.green
 end

 desc "Encrypt and mount filesystem"
 task :encrypt => [:filter] do
 #  next if File.exists?(ciphertext_dir)
  require 'shellwords'
  print "Encrypting from ".yellow, filtered_dir.magenta, " to ".yellow, ciphertext_dir.magenta, "\n"
  sh "umount #{ciphertext_dir.shellescape} || :" # ignore retval
  FileUtils::mkdir_p ciphertext_dir
  sh "encfs -i 30 --reverse #{filtered_dir.shellescape} #{ciphertext_dir.shellescape} --extpass=#{extpass.shellescape}"
  puts "Encrypted".green
 end

 desc "Sync encrypted files to backup server (dry run)"
 task :backup_dry => [:encrypt] do
  print "Backing up from ".yellow, ciphertext_dir.magenta, " to ".yellow, backup_location.magenta, "\n"
  sh 'caffeinate', rsync_command, '--dry-run', '-irlt', '--delete', '-v', '--stats', ciphertext_dir, backup_location
  puts "Backup complete".green
 end

 desc "Sync encrypted files to backup server (dry run)"
 task :backup => [:encrypt] do
  from = ciphertext_dir
  to = backup_location
  print "Backing up from ".yellow, ciphertext_dir.magenta, " to ".yellow, backup_location.magenta, "\n"
  # --no-inc-recursive makes the output progress actually say how many files remain to check
  sh 'caffeinate', rsync_command, '-nirlt', '--progress', '--delete', '-v', '--stats', ciphertext_dir, backup_location

  puts 'Push any key to continue [or Ctrl-C to back out]'.magenta
  print "Backing up from ".yellow, ciphertext_dir.magenta, " to ".yellow, backup_location.magenta, "\n"
  # --no-inc-recursive makes the output progress actually say how many files remain to check
  sh 'caffeinate', rsync_command, '-irlt', '--progress', '--delete', '-v', '--stats', ciphertext_dir, backup_location
  puts "Backup complete".green
 end

 desc "Clean up all temporary files"
 task :clean do
  puts 'Deleting all temporary and intermediate files'.yellow
  File.unlink(excludes_file)
  FileUtils.remove_dir(filtered_dir)
  puts 'Done'.green
 end
	##
	## backup-to-insecure-remote-server v1.0
	## William Entriken / [email protected]
	##
	## YOU NEED TO KEEP A BACKUP OF .encfs6.xml AND YOUR PASSKEY!!!
	##
	## TODO
	## * Create a restore action
	## * Make a quick task to confirm that restoring works
	##
	## PREREQUESITES
	## 1. `brew install rofs-filtered`
	## 2. `brew install rsync` # must be version 3 or greater
	## 3. `brew install encfs`
	##
	## NOTES
	## http://bubba.org/wiki/Encrypted_Remote_Backups_with_Sparse_Bundles recommends rsync -E

	require 'colorize'

	plaintext_dir = "/Volumes/FDDISK/"
	filtered_dir = "/tmp/fd-disk-filtered"
	ciphertext_dir = "/tmp/fd-disk-encrypted/"
	extpass = "security find-generic-password -gwl encfs" # http://blog.macromates.com/2006/keychain-access-from-shell/
	backup_location = "[email protected]:/media/backupenc/"
	rsync_command = "rsync" # must be version 3 or greater

	#
	# RESTORE
	# sshfs [email protected]:/ ~/Mount/camera.phor.net
	# ENCFS6_CONFIG=~/fddisk_encfs6.xml encfs --extpass='security find-generic-password -gwl encfs' ~/Mount/camera.phor.net/media/backupenc ~/Desktop/TMP-ENC
	#

	# http://stackoverflow.com/a/11320444/300224
	Rake::TaskManager.record_task_metadata = true
	desc "Show all the tasks"
	task :default do
	Rake::application.options.show_tasks = :tasks # this solves sidewaysmilk problem
	Rake::application.options.show_task_pattern = //
	Rake::application.display_tasks_and_comments
	end

	desc 'Create filtered list of files to sync'
	task :filter => [] do
	excludes_file = "/tmp/rofs-filtered-config"
	print "Filtering from ".yellow, plaintext_dir.magenta, " to ".yellow, filtered_dir.magenta, "\n"

	puts 'Creating filter configuration file'.yellow
	# See https://github.com/gburca/rofs-filtered/blob/master/rofs-filtered-invert.rc
	# See https://github.com/github/gitignore/blob/master/Global/macOS.gitignore
	file = <<-'EOF'
	\.DS_Store
	\.AppleDouble
	\.LSOverride
	# Icon must end with two \r
	Icon..$
	# Thumbnails
	\._
	# Files that might appear in the root of a volume
	/\.DocumentRevisions-V100
	/\.fseventsd
	/\.Spotlight-V100
	/\.TemporaryItems
	/\.Trashes
	/\.VolumeIcon\.icns
	/\.com\.apple\.timemachine\.donotpresent
	# Directories potentially created on remote AFP share
	\.AppleDB
	\.AppleDesktop
	Network Trash Folder
	Temporary Items
	\.apdisk
	# More stuff by Will
	\.ds_store
	NOSYNC
	DONT SYNC
	#^/\. maybe
	EOF
	File.write(excludes_file, file)
	puts ('Saved to '+excludes_file).yellow
	`umount -f #{filtered_dir} \| true`
	#sh 'umount', '-f', '/tmp/filtered'
	#sh 'diskutil', 'umount', 'force', '/tmp/filtered' if File.exists?('/tmp/filtered')
	sh 'rofs-filtered', filtered_dir, '-o', "source=#{plaintext_dir}", '-o', "config=#{excludes_file}"
	# rofs-filtered <Filtered-Path> -o source=<RW-Path> -o invert [-o config=/etc/filter1.rc] [FUSE options]
	puts 'Filtering complete'.green
	end

	desc "Encrypt and mount filesystem"
	task :encrypt => [:filter] do
	# next if File.exists?(ciphertext_dir)
	require 'shellwords'
	print "Encrypting from ".yellow, filtered_dir.magenta, " to ".yellow, ciphertext_dir.magenta, "\n"
	sh "umount #{ciphertext_dir.shellescape} \|\| :" # ignore retval
	FileUtils::mkdir_p ciphertext_dir
	sh "encfs -i 30 --reverse #{filtered_dir.shellescape} #{ciphertext_dir.shellescape} --extpass=#{extpass.shellescape}"
	puts "Encrypted".green
	end

	desc "Sync encrypted files to backup server (dry run)"
	task :backup_dry => [:encrypt] do
	print "Backing up from ".yellow, ciphertext_dir.magenta, " to ".yellow, backup_location.magenta, "\n"
	sh 'caffeinate', rsync_command, '--dry-run', '-irlt', '--delete', '-v', '--stats', ciphertext_dir, backup_location
	puts "Backup complete".green
	end

	desc "Sync encrypted files to backup server (dry run)"
	task :backup => [:encrypt] do
	from = ciphertext_dir
	to = backup_location
	print "Backing up from ".yellow, ciphertext_dir.magenta, " to ".yellow, backup_location.magenta, "\n"
	# --no-inc-recursive makes the output progress actually say how many files remain to check
	sh 'caffeinate', rsync_command, '-nirlt', '--progress', '--delete', '-v', '--stats', ciphertext_dir, backup_location

	puts 'Push any key to continue [or Ctrl-C to back out]'.magenta
	print "Backing up from ".yellow, ciphertext_dir.magenta, " to ".yellow, backup_location.magenta, "\n"
	# --no-inc-recursive makes the output progress actually say how many files remain to check
	sh 'caffeinate', rsync_command, '-irlt', '--progress', '--delete', '-v', '--stats', ciphertext_dir, backup_location
	puts "Backup complete".green
	end

	desc "Clean up all temporary files"
	task :clean do
	puts 'Deleting all temporary and intermediate files'.yellow
	File.unlink(excludes_file)
	FileUtils.remove_dir(filtered_dir)
	puts 'Done'.green
	end