#!/bin/sh set -e # ssh options for fortigate scp ssh_identity="/root/.ssh/id_ed25519" ssh_user="admin" ssh_host="192.168.2.1" ssh_port=11422 enc_key="/root/.secrets/backup-enc.key" git_repo="git@git.dafu.dev:3022/dafu/fg_backup" # temp dir temp_dir=$(mktemp -d) cd "$temp_dir" || exit cleanup() { rm -r "$temp_dir" } trap cleanup EXIT # git echo "cloning from $git_repo" git clone --quiet --depth=1 \ "ssh://${git_repo}" . # -O disables sftp which is not enabled on FG echo "grabbing config from ${ssh_user}@${ssh_host}:sys_config" scp -q -i ${ssh_identity} -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -O -P ${ssh_port} \ ${ssh_user}@${ssh_host}:sys_config . # get file version and firmware config_version=$(grep -o -P '(?<=^#conf_file_ver=).*$' sys_config) firmware_version=$(grep -o -P '(?<=#config-version=).*(?=-FW.*)' sys_config) echo "found version: ${firmware_version} - ${config_version}" # copy full config to temp file cp sys_config temp_"${config_version}" # apply regexes to config file perl -0777 -pi -e 's/ENC .*/_ENC_REMOVED_/g' sys_config perl -0777 -pi -e 's/(?ms)(set.*?)"-----.*?"/$1 _REMOVED_/g' sys_config perl -0777 -pi -e 's/(?ms)(set.*?key) ".*?"/$1 _PUB_KEY_REMOVED_/g' sys_config perl -0777 -pi -e 's/.*(#private-encryption-key=).*/$1 _PRIV_KEY_REMOVED_/g' sys_config perl -0777 -pi -e 's/conf_file_ver=(.*)/conf_file_ver=_REMOVED_/g' sys_config echo "checking for changes" git diff --stat # check for changes with git diff or if sys_config exists in root dir with git ls if ! (git ls | grep "^sys_config$" && git diff-index --exit-code --quiet HEAD); then echo "found changes: committing" echo "temp folder: $(pwd)" mv temp_"$config_version" sys_config_full rm -f sys_config_full.gpg gpg -e --recipient-file "$enc_key" sys_config_full git add sys_config sys_config_full.gpg git commit -m "Backup Version: ${firmware_version} - ${config_version}" git push else echo "no changes found. aborting" fi