87 lines
3.3 KiB
Bash
87 lines
3.3 KiB
Bash
#!/usr/bin/env bash
|
||
set -Eeuo pipefail
|
||
|
||
SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd)"
|
||
CFG="$SCRIPT_DIR/config.sh"
|
||
[[ -f "$CFG" ]] || { echo "ERROR: config.sh fehlt: $CFG (erst 01_setup.sh ausführen)"; exit 1; }
|
||
# shellcheck disable=SC1090
|
||
source "$CFG"
|
||
|
||
# Der User, der das Script gestartet hat (auch wenn via sudo)
|
||
RUN_USER="${SUDO_USER:-$USER}"
|
||
|
||
# --- helpers ---
|
||
APP="raspi-backup"
|
||
STATE_DIR="${XDG_STATE_HOME:-$HOME/.local/state}/${APP}"
|
||
LOG_FILE="${STATE_DIR}/${APP}.log"
|
||
mkdir -p "$STATE_DIR"
|
||
|
||
log(){ echo "[$(date '+%Y-%m-%d %H:%M:%S')] $*" | tee -a "$LOG_FILE" >/dev/null; }
|
||
die(){ log "ERROR: $*"; echo "ERROR: $*" >&2; exit 1; }
|
||
need_cmd(){ command -v "$1" >/dev/null 2>&1 || die "Fehlt: $1"; }
|
||
need_root(){ [[ "${EUID:-$(id -u)}" -eq 0 ]] || die "Bitte mit sudo starten: sudo $SCRIPT_DIR/03_verify.sh"; }
|
||
host_short(){ hostname -s 2>/dev/null || hostname 2>/dev/null || echo "raspi"; }
|
||
nas_alias(){ echo "${ALIAS_PREFIX}-$(host_short)"; }
|
||
|
||
need_root
|
||
need_cmd ssh
|
||
|
||
# validate config vars (OHNE SSH_USER)
|
||
: "${NAS_HOST:?}" "${NAS_USER:?}" "${NAS_PORT:?}" "${ALIAS_PREFIX:?}" "${NAS_BACKUP_BASE:?}" "${KEY_TYPE:?}"
|
||
|
||
hn="$(host_short)"
|
||
alias="$(nas_alias)"
|
||
ssh_user="$RUN_USER"
|
||
remote_root="${NAS_BACKUP_BASE%/}/${hn}"
|
||
|
||
# Keypfad (gehört RUN_USER)
|
||
key_path="$(eval echo "~${ssh_user}/.ssh/id_${KEY_TYPE}_${hn}")"
|
||
[[ -f "$key_path" ]] || die "Key fehlt: $key_path (erst 02_setup_ssh.sh ausführen)"
|
||
|
||
log "VERIFY START: run_user=${ssh_user} alias=${alias} remote_root=${remote_root}"
|
||
|
||
# optional Port check
|
||
if command -v nc >/dev/null 2>&1; then
|
||
log "Check NAS Port: ${NAS_HOST}:${NAS_PORT}"
|
||
nc -vz "$NAS_HOST" "$NAS_PORT" >/dev/null 2>&1 || die "NAS Port nicht erreichbar: ${NAS_HOST}:${NAS_PORT}"
|
||
else
|
||
log "nc nicht vorhanden – überspringe Port-Check"
|
||
fi
|
||
|
||
# Direkte SSH Optionen (robust, nicht abhängig von ssh-config/alias)
|
||
SSH_BASE=(ssh -p "$NAS_PORT" -i "$key_path"
|
||
-o IdentitiesOnly=yes
|
||
-o BatchMode=yes
|
||
-o StrictHostKeyChecking=yes
|
||
-o ConnectTimeout=10
|
||
)
|
||
|
||
# 1) SSH login test als RUN_USER (wie bisher)
|
||
log "Check SSH Login (RUN_USER): ${NAS_USER}@${NAS_HOST}:${NAS_PORT}"
|
||
if ! sudo -u "$ssh_user" "${SSH_BASE[@]}" "${NAS_USER}@${NAS_HOST}" "echo ok" >/dev/null 2>&1; then
|
||
die "SSH Login fehlgeschlagen als User '${ssh_user}' (Hostkey/Key/Netz prüfen)"
|
||
fi
|
||
|
||
# 2) Extra: SSH login test als root (wichtig, weil Backup Run via sudo/root)
|
||
log "Check SSH Login (root): ${NAS_USER}@${NAS_HOST}:${NAS_PORT}"
|
||
if ! "${SSH_BASE[@]}" "${NAS_USER}@${NAS_HOST}" "echo ok" >/dev/null 2>&1; then
|
||
echo "Hinweis: root kann nicht verbinden (oft fehlt root der Hostkey in /root/.ssh/known_hosts)." >&2
|
||
echo "Fix: 02_setup_ssh.sh erneut laufen lassen (lernt Hostkey für root), oder root-known_hosts ergänzen." >&2
|
||
die "SSH Login fehlgeschlagen als root"
|
||
fi
|
||
|
||
# 3) Remote backup dir
|
||
log "Check/Create Remote Backup Dir: ${remote_root}"
|
||
sudo -u "$ssh_user" "${SSH_BASE[@]}" "${NAS_USER}@${NAS_HOST}" \
|
||
"mkdir -p '$remote_root' && test -d '$remote_root'" >/dev/null \
|
||
|| die "Remote Backup Pfad nicht nutzbar: $remote_root"
|
||
|
||
log "VERIFY OK"
|
||
echo "Verify OK:"
|
||
echo "- NAS erreichbar (${NAS_HOST}:${NAS_PORT})"
|
||
echo "- SSH Login OK (User: ${NAS_USER}@${NAS_HOST}:${NAS_PORT})"
|
||
echo "- SSH Login OK (root: ${NAS_USER}@${NAS_HOST}:${NAS_PORT})"
|
||
echo "- Key OK (${key_path})"
|
||
echo "- Remote Backup Pfad OK (${remote_root})"
|
||
echo "Info: SSH-Alias (optional) wäre: ${alias}"
|