From b45aad5e28ceb5fe86fc5e23974c004d75918cb8 Mon Sep 17 00:00:00 2001
From: Ralph Ronnquist <rrq@rrq.au>
Date: Sat, 22 Jun 2024 16:43:55 +1000
Subject: [PATCH] Added the 'crypted' operaton mode, and some more comments

---
 timeliner-cron | 43 +++++++++++++++++++++++++++++++++++--------
 1 file changed, 35 insertions(+), 8 deletions(-)

diff --git a/timeliner-cron b/timeliner-cron
index 3159db1..8e52ffc 100755
--- a/timeliner-cron
+++ b/timeliner-cron
@@ -6,11 +6,19 @@
 LOCKFILE=/var/lock/timeliner-cron.lock
 LOGFILE="/var/log/timeliner.log"
 
-OPMODE=disabled
-LBASE=/backup
-RBASE=/backup
-REMOTE=backup
-DIRS="/bin /etc /home /opt /root"
+# Which directory trees to back up
+DIRS="/boot /etc /home /opt /root"
+
+# Operations mode: disabled, local, remote, mixed, crypted.
+OPMODE="disabled"
+
+# These are used differently in different modes. See descriptions below
+LBASE="/backfs/vault/myhost"
+REMOTE="backup"
+RBASE="/backfs/vault"
+LHIDE=/backfs/.vault
+LOPEN=/backfs/vault
+LPASS="/root/.ssh/backfs.pass"
 
 exec >>$LOGFILE 2>&1
 
@@ -18,13 +26,32 @@ exec 9>$LOCKFILE
 flock -n 9 || exit 0
 
 case "$OPMODE" in
-    remote) # Remote-only backup scheme
-	timeliner $REMOTE:$RBASE $DIRS
-	;;
     local) # Local-only backup scheme
+	# LBASE is the local root for backup timeline
 	timeliner $LBASE $DIRS
 	;;
+    remote) # Remote-only backup scheme
+	# REMOTE identifies remote host
+	# RBASE is the remote root for the backup timeline
+	timeliner $REMOTE:$RBASE $DIRS
+	;;
     mixed) # Local backup window with remote store
+	# LBASE is the local root for backup timeline
+	# REMOTE identifies remote host
+	# RBASE is the remote root for the backup timeline
 	timeliner $LBASE $DIRS && timeliner-backup $REMOTE:$RBASE $LBASE
 	;;
+    crypted) # Local backup into a gocyptfs mount of an sshfs mount
+	# REMOTE identifies remote host
+	# RBASE is the remote root for the encrypted backup store
+	# LHIDE is the local mountpoint for encrypted backup store
+	# LOPEN is the local mountpoint for the opened backup store
+	# LBASE is the local root for the backup timeline
+	# LPASS is the password file for opening the encrypted backup store
+	sshfs $REMOTE:$RBASE $LHIDE &&
+	    gocryptfs -extpass "cat $LPASS" $LHIDE $LOPEN &&
+	    timeliner $LBASE $DIRS
+	fusermount -u $LOPEN
+	fusermount -u $LHIDE
+	;;
 esac
-- 
2.39.5