dup

# -*- mode: sh; sh-basic-offset: 3; indent-tabs-mode: nil; -*-
#
# duplicity script for backupninja
# requires duplicity
#

getconf options
getconf testconnect yes
getconf nicelevel 0

setsection gpg
getconf password
getconf sign no
getconf encryptkey
getconf signkey

setsection source
getconf include
getconf vsnames all
getconf vsinclude
getconf exclude

setsection dest
getconf incremental yes
getconf keep 60
getconf sshoptions
getconf bandwidthlimit 0
getconf desthost
getconf destdir
getconf destuser
destdir=${destdir%/}

[ "$destdir" != "" ] || fatal "Destination directory not set"
[ "$include" != "" ] || fatal "No source includes specified"

### vservers stuff ###

# If vservers are configured, check that the ones listed in $vsnames do exist.
local usevserver=no
if [ $vservers_are_available = yes ]; then
   if [ "$vsnames" = all ]; then
      vsnames="$found_vservers"
   else
      if ! vservers_exist "$vsnames" ; then
            fatal "At least one of the vservers listed in vsnames ($vsnames) does not exist."
      fi
   fi
   if [ -n "$vsinclude" ]; then
      info "Using vservers '$vsnames'"
      usevserver=yes
   fi
else
   [ -z "$vsinclude" ] || warning 'vservers support disabled in backupninja.conf, vsincludes configuration lines will be ignored'
fi


### see if we can login ###

if [ "$testconnect" == "yes" ]; then
    debug "ssh $sshoptions -o PasswordAuthentication=no $desthost -l $destuser 'echo -n 1'"
    if [ ! $test ]; then
	result=`ssh $sshoptions -o PasswordAuthentication=no $desthost -l $destuser 'echo -n 1'`
	if [ "$result" != "1" ]; then
	    fatal "Can't connect to $desthost as $destuser."
	else
	    debug "Connected to $desthost as $destuser successfully"
	fi
    fi
fi

### COMMAND-LINE MANGLING ###

# duplicity >= 0.4.2 needs --sftp-command (NB: sftp does not support the -l option)
duplicity_version="`duplicity --version | awk '{print $2}'`"
duplicity_major="`echo $duplicity_version | awk -F '.' '{print $1}'`"
duplicity_minor="`echo $duplicity_version | awk -F '.' '{print $2}'`"
duplicity_sub="`echo $duplicity_version | awk -F '.' '{print $3}'`"
if [ "$duplicity_major" -ge 0 -a "$duplicity_minor" -ge 4 -a "$duplicity_sub" -ge 2 ]; then
   sftpoptions="$sshoptions"
fi

scpoptions="$sshoptions"
[ "$bandwidthlimit" == 0 ] || scpoptions="$scpoptions -l $bandwidthlimit"

if [ -z "$sftpoptions" ]; then
   execstr="$options --no-print-statistics --scp-command 'scp $scpoptions' --ssh-command 'ssh $sshoptions' "
else
   execstr="$options --no-print-statistics --scp-command 'scp $scpoptions' --sftp-command 'sftp $sftpoptions' --ssh-command 'ssh $sshoptions' "
fi

# deal with symmetric or asymmetric (public/private key pair) encryption
if [ -n "$encryptkey" ]; then
    execstr="${execstr}--encrypt-key $encryptkey "
    debug "Data will be encrypted with the GnuPG key $encryptkey."
else
    debug "Data will be encrypted using symmetric encryption."
fi

# deal with data signing
if [ "$sign" == yes ]; then
    # duplicity is not able to sign data when using symmetric encryption
    [ -n "$encryptkey" ] || fatal "The encryptkey option must be set when signing."
    # if needed, initialize signkey to a value that is not empty (checked above)
    [ -n "$signkey" ] || signkey="$encryptkey"
    execstr="${execstr}--sign-key $signkey "
    debug "Data will be signed will the GnuPG key $signkey."
else
    debug "Data won't be signed."
fi

# deal with GnuPG passphrase
[ -n "$password" ] || fatal "The password option must be set."

if [ "$keep" != "yes" ]; then
    if [ "`echo $keep | tr -d 0-9`" == "" ]; then
	keep="${keep}D"
    fi
    execstr="${execstr}--remove-older-than $keep "
fi

if [ "$incremental" == "no" ]; then
    execstr="${execstr}--full "
fi

execstr_serverpart="scp://$destuser@$desthost/$destdir"
execstr_clientpart="/"

### SOURCE ###

set -o noglob

symlinks_warning="Maybe you have mixed symlinks and '*' in this statement, which is not supported."

# excludes
for i in $exclude; do
   str="${i//__star__/*}"
   str=`readlink -f $str`
   if [ -n "$str" ]; then
      execstr="${execstr}--exclude '$str' "
   else
      warning "exclude statement '${i//__star__/*}' will be ignored. $symlinks_warning"
   fi
done
	
# includes 
for i in $include; do
   [ "$i" != "/" ] || fatal "Sorry, you cannot use 'include = /'"
   str="${i//__star__/*}"
   str=`readlink -f $str`
   if [ -n "$str" ]; then
      execstr="${execstr}--include '$str' "
   else
      warning "include statement '${i//__star__/*}' will be ignored. $symlinks_warning"
   fi
done

# vsincludes
if [ $usevserver = yes ]; then
   for vserver in $vsnames; do
      for vi in $vsinclude; do
	 str="${vi//__star__/*}"
	 str=`readlink -f $VROOTDIR/$vserver$str`
         if [ -n "$str" ]; then
	    execstr="${execstr}--include '$str' "
         else
            warning "vsinclude statement '${vi//__star__/*}' will be ignored for VServer $vserver. $symlinks_warning"
         fi
      done
   done
fi

set +o noglob

### EXECUTE ###

execstr=${execstr//\\*/\\\\\\*}

debug "duplicity $execstr --exclude '**' / $execstr_serverpart"
if [ ! $test ]; then
        export PASSPHRASE=$password
	output=`nice -n $nicelevel \
                  su -c \
                    "duplicity $execstr --exclude '**' / $execstr_serverpart 2>&1"`
	code=$?
	if [ $code -eq 0 ]; then
		debug $output
		info "Duplicity finished successfully."
	else
		debug $output
		fatal "Duplicity failed."
	fi
fi	

return 0