first commit

sec-stuff

@@ -0,0 +1,52 @@
+LOcked key method on backup linode
+
+from="PROD_IP_HERE",command="/usr/local/bin/run-backup.sh",no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-pty ssh-rsa AAAAB3... (rest of your key)
+
+Create a simple script at /usr/local/bin/run-backup.sh on the backup machine:
+
+#!/bin/bash
+# 1. Sync the Gitea Database (assuming it was dumped to a file)
+# 2. Re-run the Git Clone/Pull for your radar & website projects
+cd /path/to/backup/folder
+git pull origin main || git clone http://your-gitea-url/repo.git .
+
+# Optional: Log the backup time
+echo "Backup successful: $(date)" >> /var/log/backup_history.log
+
+
+from="PROD_IP",command="/usr/share/doc/rsync/scripts/rrsync -ro /mnt/backups/ilovearthur/",restrict ssh-rsa AAAAB3...
+
+#!/bin/bash
+# Sync critical system and user data
+rsync -az --delete /etc /var /home root@backup.ilovearthur.org:/
+
+
+
+
+
+Wrapper script on backup server
+
+#!/bin/bash
+case "$SSH_ORIGINAL_COMMAND" in
+    rsync*)
+        # Allows rsync to only touch the designated backup folder
+        $SSH_ORIGINAL_COMMAND
+        ;;
+    "git-sync")
+        # Custom command to refresh your Gitea mirrors
+        cd /home/backups/radar-repo
+        git pull || git clone http://your-gitea-url/repo.git .
+        ;;
+    *)
+        echo "Access Denied: Command not permitted."
+        exit 1
+        ;;
+esac
+
+Authorized keys file:
+
+from="PROD_IP",command="/usr/local/bin/backup-handler.sh",no-agent-forwarding,no-port-forwarding,no-pty ssh-rsa AAAAB3...
+
+
+from="192.0.2.1,2001:db8::1",command="/usr/local/bin/backup-handler.sh",no-pty ... [your-ssh-key]
+