From 05ddfa303f5e9003c94bd6148cf80a7c0988b605 Mon Sep 17 00:00:00 2001 From: Stephan Date: Fri, 17 Nov 2023 23:03:09 +0100 Subject: [PATCH] More elaborate description and usage of the cloud_backup script. --- README.md | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 53 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 57aeca3..b94137f 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,54 @@ -# cloud_backup +# Cloud Backup -Backup your nextcloud to a remote ssh server, including data folders, configuration and database dump. \ No newline at end of file +The script automates the backup of your nextcloud installation. It dumps the mariadb database and uses rsync to backup that and the cloud files. + +This script uses three files: + + * the actual script cloud_backup.sh, + * the configuration file .cloud_backup.conf and + * the file exlusion file for excluding files from rsync, 'cloud_backup.exclude' by default. + +A log file is created in the backup process. It is visible in the clouds folder of a user specified in `CONFIG_NC_LOGPATH`. + +## setup + +### user +Create a user that shall backup the nextclouds database and files. Therefor add him to the group www-data. + +Put all values into the `cloud_backup.conf`, in best case put it into the home of your backup user, possibly the folder `.config/`. Leave it readable only to the user. + +To run the script unattended generate a ssh key and push it to the remote server: +``` +$ ssh-key-gen -t rsa -b 4096 +``` +Leave the passphrase empty, then copy it to the remote server. +``` +$ ssh-copy-id remoteuser@remoteserver +``` + +### Logfile +The script throws out a log file of its activities. It is meant to be visible in the cloud. Choose your daily user, where you check back on regular basis. In the root folder of that user create a folder named `System` and set the path in `cloud_backup.conf` the value of `CONFIG_NC_LOGPATH`. + +### Elevated rights + +To give unrestricted access to everything via sudo is not a good idea. I'd choose to restrict elevated permissions to the specific commands needed. + +In the sudoers file add the following lines. + +``` +# Cmnd alias specification +Cmnd_Alias OCC_NC = /usr/bin/php /var/www/nextcloud/occ files?scan --path=* +Cmnd_Alias RSYNC = /usr/bin/rsync * +Cmnd_Alias MAINTENANCE_ON = /usr/bin/php /var/www/nextcloud/occ maintenance?mode --on +Cmnd_Alias MAINTENANCE_OFF = /usr/bin/php /var/www/nextcloud/occ maintenance?mode --off + +# User privilege specification +cloudbackup ALL=(www-data) NOPASSWD: OCC_NC, RSYNC +cloudbackup ALL=(www-data) NOPASSWD: MAINTENANCE_ON, MAINTENANCE_OFF +``` +### cronjob +in crontab create an entry for the `cloud_backup.sh`. Replace `user` with yours doing the backup. +``` +# Nextcloud backup +12 1 * * 1 user /home/cloudbackup/cloud_backup.sh +```