fix backup path; change sftp port; fetch know hosts for domain and IP
This commit is contained in:
Philip Henning
parent
812ce26a0c
commit
7212a69d1d
4 changed files with 11 additions and 7 deletions
|
|
@ -68,7 +68,13 @@ cd /root/apps \
|
|||
4. Use the generated SSH key and copy it to the Hetzner Storage box for backups:
|
||||
|
||||
```shell
|
||||
ssh-copy-id -i ./data/restic/ssh/id_ed25519 -p 23 -s u291924-sub4@u291924.your-storagebox.de
|
||||
cat ./data/restic/ssh/id_ed25519.pub | ssh -p23 u291924-sub4@u291924.your-storagebox.de install-ssh-key \
|
||||
&& ssh-keyscan -p 23 -t ecdsa-sha2-nistp521,ed25519,ed25519-sk,rsa,dsa,ecdsa,ecdsa-sk u291924.your-storagebox.de > ./data/restic/ssh/known_hosts \
|
||||
&& ssh-keyscan -p 23 -t ecdsa-sha2-nistp521,ed25519,ed25519-sk,rsa,dsa,ecdsa,ecdsa-sk $(dig +short "u291924.your-storagebox.de" A | grep -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$') >> ./data/restic/ssh/known_hosts \
|
||||
&& ssh-keyscan -p 23 -t ecdsa-sha2-nistp521,ed25519,ed25519-sk,rsa,dsa,ecdsa,ecdsa-sk $(dig +short "u291924.your-storagebox.de" AAAA | grep -E '^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$') >> ./data/restic/ssh/known_hosts \
|
||||
&& ssh-keyscan -p 22 -t ecdsa-sha2-nistp521,ed25519,ed25519-sk,rsa,dsa,ecdsa,ecdsa-sk u291924.your-storagebox.de >> ./data/restic/ssh/known_hosts \
|
||||
&& ssh-keyscan -p 22 -t ecdsa-sha2-nistp521,ed25519,ed25519-sk,rsa,dsa,ecdsa,ecdsa-sk $(dig +short "u291924.your-storagebox.de" A | grep -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$') >> ./data/restic/ssh/known_hosts \
|
||||
&& ssh-keyscan -p 22 -t ecdsa-sha2-nistp521,ed25519,ed25519-sk,rsa,dsa,ecdsa,ecdsa-sk $(dig +short "u291924.your-storagebox.de" AAAA | grep -E '^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$') >> ./data/restic/ssh/known_hosts
|
||||
```
|
||||
|
||||
### Fist run
|
||||
|
|
|
|||
|
|
@ -152,7 +152,7 @@ services:
|
|||
docker compose exec postgresql pg_dump -U ${PG_USER:-authentik} -d ${PG_DB:-authentik} -f /var/lib/postgresql/backups/${PG_DB:-authentik}.sql
|
||||
#RUN_ON_STARTUP: "true"
|
||||
BACKUP_CRON: "32 2 * * *"
|
||||
RESTIC_REPOSITORY: sftp://${RESTIC_REPO_USER:?Restic repository user is required}@${RESTIC_REPO_ADDRESS:?Restic repository address is requried}:${RESTIC_REPO_PORT:?Restic repository port is required}//
|
||||
RESTIC_REPOSITORY: sftp://${RESTIC_REPO_USER:?Restic repository user is required}@${RESTIC_REPO_ADDRESS:?Restic repository address is requried}:${RESTIC_REPO_PORT:?Restic repository port is required}//backup
|
||||
RESTIC_PASSWORD: ${RESTIC_REPO_PASSWORD:?Restic repository password is required}
|
||||
RESTIC_BACKUP_SOURCES: /var/lib/backups
|
||||
RESTIC_BACKUP_ARGS: >-
|
||||
|
|
|
|||
|
|
@ -59,6 +59,6 @@ NGINX_SSL_STAPLING_VERIFY=on
|
|||
# Restic configuration
|
||||
RESTIC_REPO_USER=u291924-sub4
|
||||
RESTIC_REPO_ADDRESS=u291924.your-storagebox.de
|
||||
RESTIC_REPO_PORT=23
|
||||
RESTIC_REPO_PORT=22
|
||||
RESTIC_TAG=sso.base23.de
|
||||
|
||||
|
|
|
|||
|
|
@ -43,10 +43,8 @@ if [[ ! -f ./.env ]]; then
|
|||
fi
|
||||
|
||||
# Check if ssh key already exists, otherwise generate one
|
||||
if [[ ! -f ./data/restic/ssh/id_ed25519 ]]; then
|
||||
[[ ! -d ./data/restic/ssh/ ]] && mkdir -p ./data/restic/ssh/
|
||||
ssh-keygen -t ed25519 -C "sso.base23.de" -f ./data/restic/ssh/id_ed25519
|
||||
fi
|
||||
[[ ! -d ./data/restic/ssh/ ]] && mkdir -p ./data/restic/ssh/
|
||||
[[ ! -f ./data/restic/ssh/id_ed25519 ]] && ssh-keygen -t ed25519 -C "sso.base23.de" -f ./data/restic/ssh/id_ed25519
|
||||
|
||||
# Generate dhparam, if not existing
|
||||
[[ ! -d ./data/nginx/certs ]] && mkdir -p ./data/nginx/certs && chmod 700 ./data/nginx/certs && chown 101:101 ./data/nginx/certs || true
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue