2023-03-11 20:07:32 +00:00
|
|
|
#!/bin/sh
|
|
|
|
set -e
|
|
|
|
|
|
|
|
# ssh options for fortigate scp
|
|
|
|
ssh_identity="/root/.ssh/id_ed25519"
|
|
|
|
ssh_user="admin"
|
|
|
|
ssh_host="192.168.2.1"
|
|
|
|
ssh_port=11422
|
|
|
|
enc_key="/root/.secrets/backup-enc.key"
|
|
|
|
|
|
|
|
git_repo="git@git.dafu.dev:3022/dafu/fg_backup"
|
|
|
|
|
|
|
|
# temp dir
|
|
|
|
temp_dir=$(mktemp -d)
|
2023-03-21 20:41:13 +00:00
|
|
|
cd "$temp_dir" || exit
|
|
|
|
|
|
|
|
cleanup() {
|
|
|
|
rm -r "$temp_dir"
|
|
|
|
}
|
|
|
|
|
|
|
|
trap cleanup EXIT
|
2023-03-11 20:07:32 +00:00
|
|
|
|
|
|
|
# git
|
|
|
|
echo "cloning from $git_repo"
|
|
|
|
git clone --quiet --depth=1 \
|
|
|
|
"ssh://${git_repo}" .
|
|
|
|
|
|
|
|
# -O disables sftp which is not enabled on FG
|
|
|
|
echo "grabbing config from ${ssh_user}@${ssh_host}:sys_config"
|
|
|
|
scp -q -i ${ssh_identity} -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -O -P ${ssh_port} \
|
|
|
|
${ssh_user}@${ssh_host}:sys_config .
|
|
|
|
|
|
|
|
# get file version and firmware
|
|
|
|
config_version=$(grep -o -P '(?<=^#conf_file_ver=).*$' sys_config)
|
|
|
|
firmware_version=$(grep -o -P '(?<=#config-version=).*(?=-FW.*)' sys_config)
|
|
|
|
|
|
|
|
echo "found version: ${firmware_version} - ${config_version}"
|
|
|
|
|
|
|
|
# copy full config to temp file
|
|
|
|
cp sys_config temp_"${config_version}"
|
|
|
|
|
|
|
|
# apply regexes to config file
|
|
|
|
perl -0777 -pi -e 's/ENC .*/_ENC_REMOVED_/g' sys_config
|
|
|
|
perl -0777 -pi -e 's/(?ms)(set.*?)"-----.*?"/$1 _REMOVED_/g' sys_config
|
|
|
|
perl -0777 -pi -e 's/(?ms)(set.*?key) ".*?"/$1 _PUB_KEY_REMOVED_/g' sys_config
|
|
|
|
perl -0777 -pi -e 's/.*(#private-encryption-key=).*/$1 _PRIV_KEY_REMOVED_/g' sys_config
|
|
|
|
perl -0777 -pi -e 's/conf_file_ver=(.*)/conf_file_ver=_REMOVED_/g' sys_config
|
|
|
|
|
|
|
|
echo "checking for changes"
|
|
|
|
git diff --stat
|
|
|
|
|
|
|
|
# check for changes with git diff or if sys_config exists in root dir with git ls
|
|
|
|
if ! (git ls | grep "^sys_config$" && git diff-index --exit-code --quiet HEAD); then
|
|
|
|
echo "found changes: committing"
|
|
|
|
echo "temp folder: $(pwd)"
|
|
|
|
mv temp_"$config_version" sys_config_full
|
|
|
|
rm -f sys_config_full.gpg
|
|
|
|
gpg -e --recipient-file "$enc_key" sys_config_full
|
|
|
|
git add sys_config sys_config_full.gpg
|
|
|
|
git commit -m "Backup Version: ${firmware_version} - ${config_version}"
|
|
|
|
git push
|
|
|
|
else
|
|
|
|
echo "no changes found. aborting"
|
|
|
|
fi
|
|
|
|
|