Install pgp and duplicity Link to heading
apt-get install duplicity gnupg2 -y
Generate pgp key Link to heading
- Passphrase that I used is "duptest"
root@node2:~# gpg --full-generate-key
gpg (GnuPG) 2.4.4; Copyright (C) 2024 g10 Code GmbH
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(9) ECC (sign and encrypt) *default*
(10) ECC (sign only)
(14) Existing key from card
Your selection? 9
Please select which elliptic curve you want:
(1) Curve 25519 *default*
(4) NIST P-384
(6) Brainpool P-256
Your selection? 1
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: AlexFler
Email address: admin@fler.biz
Comment:
You selected this USER-ID:
"AlexFler <admin@fler.biz>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: revocation certificate stored as '/root/.gnupg/openpgp-revocs.d/D119FC0E168D2B7B3B2CED26074BEE04B946EBDC.rev'
public and secret key created and signed.
pub ed25519 2024-07-19 [SC]
D119FC0E168D2B7B3B2CED26074BEE04B946EBDC
uid AlexFler <admin@fler.biz>
sub cv25519 2024-07-19 [E]
Export gpg keys in asc format Link to heading
cd .gnupg
root@node2:~/.gnupg# gpg --armor --export > pgp-public-keys.asc
root@node2:~/.gnupg# gpg --armor --export-secret-keys > pgp-private-keys.asc
root@node2:~/.gnupg# gpg --export-ownertrust > pgp-ownertrust.asc
root@node2:~/.gnupg# ls -lhtr
total 36K
srwx------ 1 root root 0 Jul 19 01:20 S.gpg-agent.ssh
srwx------ 1 root root 0 Jul 19 01:20 S.gpg-agent.extra
srwx------ 1 root root 0 Jul 19 01:20 S.gpg-agent.browser
-rw-r----- 1 root root 676 Jul 19 01:32 sshcontrol
-rw-r--r-- 1 root root 1.3K Jul 19 01:32 pubring.kbx~
drwx------ 2 root root 4.0K Jul 19 01:34 private-keys-v1.d
-rw------- 1 root root 1.4K Jul 19 01:34 trustdb.gpg
-rw-r--r-- 1 root root 1.8K Jul 19 01:34 pubring.kbx
drwx------ 2 root root 4.0K Jul 19 01:34 openpgp-revocs.d
-rw-r--r-- 1 root root 636 Jul 19 01:37 pgp-public-keys.asc
srwx------ 1 root root 0 Jul 19 01:38 S.gpg-agent
-rw-r--r-- 1 root root 861 Jul 19 01:38 pgp-private-keys.asc
-rw-r--r-- 1 root root 163 Jul 19 01:38 pgp-ownertrust.asc
Create backup script Link to heading
Use gpg key, and passphrase
vi /root/backup.sh
export GPG_KEY=D119FC0E168D2B7B3B2CED26074BEE04B946EBDC
export PASSPHRASE=duptest
/bin/duplicity \
--verbosity error \
--encrypt-sign-key="$GPG_KEY" \
--full-if-older-than 7D \
--log-file "/var/log/duplicity.log" \
--exclude /var/tmp \
--exclude /tmp \
--exclude /var/run \
--exclude /var/lock \
--exclude /mnt \
--exclude /run \
--exclude /proc \
--exclude /sys \
/ \
file:///mnt/nfs/server_backup
chmot 755 /root/backup.sh
Setup Cron job Link to heading
0 3 * * * /root/backup.sh > /dev/null 2>&1
Run backup manually, check log file Link to heading
/root/backup.sh
--------------[ Backup Statistics ]--------------
StartTime 1721354197.40 (Fri Jul 19 01:56:37 2024)
EndTime 1721354274.81 (Fri Jul 19 01:57:54 2024)
ElapsedTime 77.41 (1 minute 17.41 seconds)
SourceFiles 83479
SourceFileSize 1967842319 (1.83 GB)
NewFiles 83479
NewFileSize 1811549595 (1.69 GB)
DeletedFiles 0
ChangedFiles 0
ChangedFileSize 0 (0 bytes)
ChangedDeltaSize 0 (0 bytes)
DeltaEntries 83479
RawDeltaSize 1931922437 (1.80 GB)
TotalDestinationSizeChange 834016562 (795 MB)
Errors 0
tail -50 /var/log/duplicity.log
- Create test file
touch /etc/test_file
- Rerun backup
# /root/backup.sh
--------------[ Backup Statistics ]--------------
StartTime 1721354607.80 (Fri Jul 19 02:03:27 2024)
EndTime 1721354617.03 (Fri Jul 19 02:03:37 2024)
ElapsedTime 9.23 (9.23 seconds)
SourceFiles 83506
SourceFileSize 2008844550 (1.87 GB)
NewFiles 43
NewFileSize 71345914 (68.0 MB)
DeletedFiles 8
ChangedFiles 11
ChangedFileSize 17238424 (16.4 MB)
ChangedDeltaSize 0 (0 bytes)
DeltaEntries 62
RawDeltaSize 253650214 (242 MB)
TotalDestinationSizeChange 242506392 (231 MB)
Errors 0
-------------------------------------------------
Test restore Link to heading
# cd /mnt/nfs/server_backup/
/mnt/nfs/server_backup# ls -lhtr
total 1.1G
-rw-r--r-- 1 root root 201M Jul 19 01:56 duplicity-full.20240719T015637Z.vol1.difftar.gpg
-rw-r--r-- 1 root root 201M Jul 19 01:56 duplicity-full.20240719T015637Z.vol2.difftar.gpg
-rw-r--r-- 1 root root 201M Jul 19 01:57 duplicity-full.20240719T015637Z.vol3.difftar.gpg
-rw-r--r-- 1 root root 196M Jul 19 01:57 duplicity-full.20240719T015637Z.vol4.difftar.gpg
-rw-r--r-- 1 root root 27M Jul 19 01:57 duplicity-full-signatures.20240719T015637Z.sigtar.gpg
-rw-r--r-- 1 root root 384K Jul 19 01:57 duplicity-full.20240719T015637Z.manifest.gpg
-rw-r--r-- 1 root root 201M Jul 19 02:03 duplicity-inc.20240719T015637Z.to.20240719T020327Z.vol1.difftar.gpg
-rw-r--r-- 1 root root 32M Jul 19 02:03 duplicity-inc.20240719T015637Z.to.20240719T020327Z.vol2.difftar.gpg
-rw-r--r-- 1 root root 1.5M Jul 19 02:03 duplicity-new-signatures.20240719T015637Z.to.20240719T020327Z.sigtar.gpg
-rw-r--r-- 1 root root 1.2K Jul 19 02:03 duplicity-inc.20240719T015637Z.to.20240719T020327Z.manifest.gpg
- Remove test file
rm /etc/test_file
- Restore test file from backup
export GPG_KEY=D119FC0E168D2B7B3B2CED26074BEE04B946EBDC
export PASSPHRASE=duptest
duplicity restore --path-to-restore etc/test_file --time 0D file:///mnt/nfs/server_backup/ /etc/test_file
cat /etc/test_file
sdf;sdf;ksf;ksf;skdf;sdkfsd;fsd;kf