Get Rewarded! We will reward you with up to €50 credit on your account for every tutorial that you write and we publish!
ProductsContributeDocsCareer

Backup Script for Duplicity

profile picture
Author
Hetzner Online
Published
2019-03-08
Time to read
4 minutes reading time
Table of Contents

Introduction

This guide contains a script for making backups using duplicity. The script makes backups available for a period of two months. Older backups are deleted. A new full backup is made on the first day of each month.

Separate backups for individual directories can be created using the BDIRS variable in the script. These should be excluded from parent directory backups accordingly.

The script can be filed, for example, under /usr/local/sbin/backup.sh and made executable with chmod 755 /usr/local/sbin/backup.sh. Access details such as user name, password and host name need to be adjusted accordingly before use. Likewise, the GPG passphrase which is used for backup encryption needs to be adjusted.

Notes

The first time this script is used, the full option should be used to create a first full backup.

From GPG version 2.1, the option --pinentry-mode loopback must be added, otherwise the password transfer is no longer possible. See also the duplicity mailing list.

Script

#!/bin/bash
#
# Simple script for creating backups with Duplicity.
# Full backups are made on the 1st day of each month or with the 'full' option.
# Incremental backups are made on any other days.
#
# USAGE: backup.sh [full]
#

# get day of the month
DATE=`date +%d`

# Set protocol (use scp for sftp and ftp for FTP, see manpage for more)
BPROTO=scp

# set user and hostname of backup account
BUSER='u10000'
BHOST='u10000.your-backup.de'

# Setting the password for the Backup account that the
# backup files will be transferred to.
# for sftp a public key can be used, see:
# https://docs.hetzner.com/robot/storage-box/backup-space-ssh-keys/
#BPASSWORD='yourpass'

# directories to backup (but . for /)
BDIRS="etc home srv ."
TDIR=`hostname -s`
LOGDIR='/var/log/duplicity'

# Setting the pass phrase to encrypt the backup files. Will use symmetrical keys in this case.
PASSPHRASE='yoursecretgpgpassphrase'
export PASSPHRASE

# encryption algorithm for gpg, disable for default (CAST5)
# see available ones via 'gpg --version'
ALGO=AES

##############################

if [ $ALGO ]; then
 GPGOPT="--gpg-options '--cipher-algo $ALGO'"
fi

if [ $BPASSWORD ]; then
 BAC="$BPROTO://$BUSER:$BPASSWORD@$BHOST"
else
 BAC="$BPROTO://$BUSER@$BHOST"
fi

# Check to see if we're at the first of the month.
# If we are on the 1st day of the month, then run
# a full backup. If not, then run an incremental
# backup.

if [ $DATE = 01 ] || [ "$1" = 'full' ]; then
 TYPE='full'
else
 TYPE='incremental'
fi

for DIR in $BDIRS
do
  if [ $DIR = '.' ]; then
    EXCLUDELIST='/usr/local/etc/duplicity-exclude.conf'
  else
    EXCLUDELIST="/usr/local/etc/duplicity-exclude-$DIR.conf"
  fi

  if [ -f $EXCLUDELIST ]; then
    EXCLUDE="--exclude-filelist $EXCLUDELIST"
  else
    EXCLUDE=''
  fi

  # first remove everything older than 2 months
  if [ $DIR = '.' ]; then
   CMD="duplicity remove-older-than 2M -v5 --force $BAC/$TDIR-system >> $LOGDIR/system.log"
  else
   CMD="duplicity remove-older-than 2M -v5 --force $BAC/$TDIR-$DIR >> $LOGDIR/$DIR.log"
  fi
  eval $CMD

  # do a backup
  if [ $DIR = '.' ]; then
    CMD="duplicity $TYPE -v5 $GPGOPT $EXCLUDE / $BAC/$TDIR-system >> $LOGDIR/system.log"
  else
    CMD="duplicity $TYPE -v5 $GPGOPT $EXCLUDE /$DIR $BAC/$TDIR-$DIR >> $LOGDIR/$DIR.log"
  fi
  eval  $CMD

done

# Check the manpage for all available options for Duplicity.
# Unsetting the confidential variables
unset PASSPHRASE
unset BPASSWORD

exit 0

Exclusions

Files or directories that should not be backed up are passed to duplicity in the script using exclude-filelist. An exclusion list can be created here for each directory to be backed up. For the root directory, these are recorded under /usr/local/etc/duplicity-exclude.conf, for other directories these are under /usr/local/etc/duplicity-exclude-$DIR.conf (e.g. /usr/local/etc/duplicity-exclude-home.conf). This could include the following content:

  • /dev
  • /proc
  • /sys
  • /tmp
  • /etc
  • /home
  • /srv
  • /var/cache

Automate

A cronjob is necessary for this to automatically run on a regular basis. The script can be stored either under /etc/cron.daily (daily), /etc/cron.weekly (weekly) or /etc/cron.monthly (monthly). A crontab can also be used to schedule an exact time by setting up a file under /etc/cron.d/:

# /etc/cron.d/duplicity
0 0 * * * root /usr/local/sbin/backup.sh >/dev/null 2>&1
Want to contribute?

Get Rewarded: Get up to €50 in credit! Be a part of the community and contribute. Do it for the money. Do it for the bragging rights. And do it to teach others!

Submit an articleFind out more
Report Issue

Discover our

Storage Box

Access your storage from everywhere and at any time via PC, smartphone, and tablet.

Get started
Want to contribute?

Get Rewarded: Get up to €50 credit on your account for every tutorial you write and we publish!

Find out more
Report Issue