53 lines
1.5 KiB
Plaintext
53 lines
1.5 KiB
Plaintext
LOcked key method on backup linode
|
|
|
|
from="PROD_IP_HERE",command="/usr/local/bin/run-backup.sh",no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-pty ssh-rsa AAAAB3... (rest of your key)
|
|
|
|
Create a simple script at /usr/local/bin/run-backup.sh on the backup machine:
|
|
|
|
#!/bin/bash
|
|
# 1. Sync the Gitea Database (assuming it was dumped to a file)
|
|
# 2. Re-run the Git Clone/Pull for your radar & website projects
|
|
cd /path/to/backup/folder
|
|
git pull origin main || git clone http://your-gitea-url/repo.git .
|
|
|
|
# Optional: Log the backup time
|
|
echo "Backup successful: $(date)" >> /var/log/backup_history.log
|
|
|
|
|
|
from="PROD_IP",command="/usr/share/doc/rsync/scripts/rrsync -ro /mnt/backups/ilovearthur/",restrict ssh-rsa AAAAB3...
|
|
|
|
#!/bin/bash
|
|
# Sync critical system and user data
|
|
rsync -az --delete /etc /var /home root@backup.ilovearthur.org:/
|
|
|
|
|
|
|
|
|
|
|
|
Wrapper script on backup server
|
|
|
|
#!/bin/bash
|
|
case "$SSH_ORIGINAL_COMMAND" in
|
|
rsync*)
|
|
# Allows rsync to only touch the designated backup folder
|
|
$SSH_ORIGINAL_COMMAND
|
|
;;
|
|
"git-sync")
|
|
# Custom command to refresh your Gitea mirrors
|
|
cd /home/backups/radar-repo
|
|
git pull || git clone http://your-gitea-url/repo.git .
|
|
;;
|
|
*)
|
|
echo "Access Denied: Command not permitted."
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
Authorized keys file:
|
|
|
|
from="PROD_IP",command="/usr/local/bin/backup-handler.sh",no-agent-forwarding,no-port-forwarding,no-pty ssh-rsa AAAAB3...
|
|
|
|
|
|
from="192.0.2.1,2001:db8::1",command="/usr/local/bin/backup-handler.sh",no-pty ... [your-ssh-key]
|
|
|