40scripts/42git.sh

#!/bin/sh
set -e

# ssh options for fortigate scp
ssh_identity="/root/.ssh/id_ed25519"
ssh_user="admin"
ssh_host="192.168.2.1"
ssh_port=11422
enc_key="/root/.secrets/backup-enc.key"

git_repo="git@git.dafu.dev:3022/dafu/fg_backup"

# temp dir
temp_dir=$(mktemp -d)
cd "$temp_dir"

# git
echo "cloning from $git_repo" 
git clone --quiet --depth=1 \
   "ssh://${git_repo}" .

# -O disables sftp which is not enabled on FG
echo "grabbing config from ${ssh_user}@${ssh_host}:sys_config"
scp -q -i ${ssh_identity} -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -O -P ${ssh_port} \
  ${ssh_user}@${ssh_host}:sys_config .

# get file version and firmware
config_version=$(grep -o -P '(?<=^#conf_file_ver=).*$' sys_config)
firmware_version=$(grep -o -P '(?<=#config-version=).*(?=-FW.*)' sys_config)

echo "found version: ${firmware_version} - ${config_version}"

# copy full config to temp file
cp sys_config temp_"${config_version}"

# apply regexes to config file
perl -0777 -pi -e 's/ENC .*/_ENC_REMOVED_/g' sys_config 
perl -0777 -pi -e 's/(?ms)(set.*?)"-----.*?"/$1 _REMOVED_/g' sys_config 
perl -0777 -pi -e 's/(?ms)(set.*?key) ".*?"/$1 _PUB_KEY_REMOVED_/g' sys_config 
perl -0777 -pi -e 's/.*(#private-encryption-key=).*/$1 _PRIV_KEY_REMOVED_/g' sys_config 
perl -0777 -pi -e 's/conf_file_ver=(.*)/conf_file_ver=_REMOVED_/g' sys_config 

echo "checking for changes"
git diff --stat

# check for changes with git diff or if sys_config exists in root dir with git ls
if ! (git ls | grep "^sys_config$" && git diff-index --exit-code --quiet HEAD); then
  echo "found changes: committing"
  echo "temp folder: $(pwd)"
  mv temp_"$config_version" sys_config_full
  rm -f sys_config_full.gpg
  gpg -e --recipient-file "$enc_key" sys_config_full
  git add sys_config sys_config_full.gpg
  git commit -m "Backup Version: ${firmware_version} - ${config_version}"
  git push
else
  echo "no changes found. aborting"
fi

# cleanup
rm -r "$temp_dir"