Sauvegarde hors site avec rsync

  • https://wiki.archlinux.org/index.php/Udev
  • https://stackoverflow.com/questions/20084740/udev-run-program-on-usb-flash-drive-insert
  • https://superuser.com/questions/246953/trigger-off-rsync-by-just-plugging-in-a-usb-drive
  • https://bbs.archlinux.org/viewtopic.php?id=181856
  • https://www.qwant.com/?client=brz-moz&q=linux+udev+rule+launch+backup

Disque protégé par chiffrement car susceptible d’être dérobé

sudo dd bs=512 count=4 if=/dev/random of=/root/backupcopy.keyfile iflag=fullblock

sudo chmod 600 /root/backupcopy.keyfile

sudo lsblk -f /dev/sda1

sudo apt install cryptsetup

sudo cryptsetup luksAddKey /dev/sda1 /root/backupcopy.keyfile

sudo nano /etc/crypttab

sudo nano /etc/fstab

sudo mkdir /mnt/BackupCopy

sudo mount /mnt/BackupCopy

sudo cryptsetup luksOpen —key-file /root/backupcopy.keyfile /dev/sda1 BACKUPCOPY

root@raspberrypi:~# lsblk 
NAME           MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINT
sda              8:0    0  1,8T  0 disk  
└─sda1           8:1    0  1,8T  0 part  
  └─BACKUPCOPY 254:0    0  1,8T  0 crypt /mnt/BackupCopy
sdb              8:16   0  1,8T  0 disk  
└─sdb1           8:17   0  1,8T  0 part  /mnt/BackupWD2T
mmcblk0        179:0    0  7,5G  0 disk  
├─mmcblk0p1    179:1    0  256M  0 part  /boot
└─mmcblk0p2    179:2    0  7,2G  0 part  /

https://medium.com/@amritanshu16/how-to-mount-luks-encrypted-disk-in-raspbian-821b0a56c18e

Fichier /etc/systemd/system/backup-copy.service

[Unit]
Description=Copie des sauvegardes sur disque externe

[Service]
Type=oneshot
ExecStart=/opt/decrypt-backup.sh

Fichier /etc/udev/rules.d/81-decrypt-backup.rules

SUBSYSTEMS=="usb", ACTION=="add", ATTRS{idVendor}=="1058", ATTRS{idProduct}=="25a2", ATTR{partition}=="1", ENV{SYSTEMD_WANTS}="backup-copy.service", TAG+="systemd"

Fichier /opt/decrypt-backup.sh

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
#!/bin/bash

SMS_ID='YYYYYYYY'
SMS_KEY='XXXXXXXXXXXXx'

sendsms() {
    # Envoie un message par sms (téléphone chez Free Mobile)
    # Usage : sendsms "message à envoyer"
    curl -L -G --data-urlencode msg="$*" -d user="$SMS_ID" -d pass="$SMS_KEY" https://smsapi.free-mobile.fr/sendmsg
}

cleanexit() {

    if mountpoint /mnt/BackupCopy; then
        umount /mnt/BackupCopy || sendsms "BackuCopy: impossible de démonter /mnt/BackupCopy"
    fi

    if dmsetup ls | grep -q backupcopy; then
        cryptsetup luksClose backupcopy || sendsms "BackupCopy: impossible de refermer le volume chiffré."
    fi

    sendsms "BackupCopy terminé"
}

trap cleanexit EXIT

sendsms "Lancement de BackupCopy"

if [ ! -d /mnt/BackupWD2T/Backups ]; then
    sendsms "BackupCopy erreur: source non disponible"
    exit 1
fi

cryptsetup luksOpen -d /root/backupcopy.keyfile /dev/disk/by-uuid/f928895d-9535-4ab5-bc9b-6ac9ff70acb0 backupcopy

if ! dmsetup ls | grep -q backupcopy; then
    sendsms "BackupCopy: Erreur au déchiffrement du disque"
    exit 1
fi

mkdir -p /mnt/BackupCopy

mount /dev/mapper/backupcopy /mnt/BackupCopy/

if [ ! -d /mnt/BackupCopy/BackupCopies ]; then
    sendsms "BackupCopy erreur: cible non disponible"
    exit 1
fi

rsync -a --del /mnt/BackupWD2T/Backups/ /mnt/BackupCopy/BackupCopies/ || sendsms "BackupCopy avertissement: rsync a terminé avec une erreur"