nicolas/citadel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
citadel/backup/gen-conf.sh
Nicolas Duhamel f82a913bdd Refactor: Centralize configuration and improve security 
- Add centralized configuration system with backup.env
- Move configuration files to proper structure (config/ directory)
- Remove hardcoded paths and make system portable
- Fix security issue: remove password exposure in gen-conf.sh
- Add comprehensive documentation (README.md, CLAUDE.md)
- Create configuration template (backup.env.sample)
- Add .gitignore to protect sensitive files
- Update all scripts to use environment variables
- Implement systemd template variable substitution

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-23 21:13:11 +02:00

57 lines
1.4 KiB
Bash
Raw Blame History

#!/bin/bash
# Script to generate Restic configuration with secure password
set -e
# Configuration should be sourced before running: source backup.env
CONFIG_FILE="$RESTIC_CONFIG_FILE"
REPO_PATH="$BACKUP_REPOSITORY"
echo "=== Generating Restic Configuration ==="
# Check if config already exists
if [ -f "$CONFIG_FILE" ]; then
echo "Configuration file already exists at $CONFIG_FILE"
read -p "Do you want to overwrite it? (y/N): " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
echo "Aborted."
exit 1
fi
fi
# Generate secure password (32 characters)
echo "Generating secure password..."
RESTIC_PASSWORD=$(openssl rand -base64 32)
# Create configuration file
echo "Creating configuration file..."
cat > "$CONFIG_FILE" << EOF
# Restic configuration for quantumrick backups
# Generated on $(date)
# Repository path
export RESTIC_REPOSITORY="$REPO_PATH"
# Repository password
export RESTIC_PASSWORD="$RESTIC_PASSWORD"
# Cache directory (optional)
export RESTIC_CACHE_DIR="$RESTIC_CACHE_DIR"
EOF
# Set secure permissions
chmod 600 "$CONFIG_FILE"
echo "✅ Configuration file created at $CONFIG_FILE"
echo "🔒 Password generated and saved securely"
echo ""
echo "⚠️ IMPORTANT: Save this password somewhere safe!"
echo " If you lose it, you won't be able to restore your backups!"
echo ""
echo "📁 Password saved in: $CONFIG_FILE"
echo " Use 'cat $CONFIG_FILE' to view the password if needed"
echo ""
Reference in New Issue View Git Blame Copy Permalink