Skip to content
This repository has been archived by the owner on Jul 23, 2024. It is now read-only.

Commit

Permalink
Feature/separte conf (#22)
Browse files Browse the repository at this point in the history
* Changed doc
* Changed to use env file to store credentials in a separate file
* Added conf.env sample file
* Update README.md

Co-authored-by: Gabriel Trabanco Llano <gtrabanco@users.noreply.github.com>
Co-authored-by: Andre Essing <21235652+aessing@users.noreply.github.com>
  • Loading branch information
3 people authored Sep 2, 2021
1 parent 5990ae6 commit b30f4b1
Show file tree
Hide file tree
Showing 3 changed files with 31 additions and 17 deletions.
23 changes: 16 additions & 7 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
![Ubiquiti Unifi Dream Machine Backup to FTP Banner](docs/images/banner.png)

One problem of Ubiquitis Unifi Dream Machine (UDM / UDP Pro) is the automatic backup feature. Don't get me wrong... it is great to have an automatic backup feature, but storing backups just on the UDM itself is not a good practice. If you have to hard reset the UDM or the UDM dies, the backups get unaccessable and you have to start from scratch.
One problem of Ubiquitis Unifi Dream Machine (UDM / UDP Pro) is the automatic backup feature. Don't get me wrong... it is great to have an automatic backup feature, but storing backups just on the UDM itself is not a good practice. If you have to hard reset the UDM or the UDM dies, the backups get unaccessable and you have to start from scratch. Also, the newly introduced cloud backup feature is beta and doesn't take care about your Unifi Protection setup.

For security reasons, enabling SSH on the UDM and pull the backups from the UDM was not an option for me, as SSH on the UDM is reachable from every VLAN by using password authentication. You could configure that, but your configuration gets resettet on each boot.

Expand All @@ -17,20 +17,29 @@ So, pushing backups was the only option. For this I built this docker container,
- [GitHub Repo - udm-utilities](https://github.com/boostchicken/udm-utilities)
- [GitHub Profile - John D.](https://github.com/boostchicken)

1. Customize the [on_boot.d/80-udm-backup-ftp.sh](on_boot.d/80-udm-backup-ftp.sh) script and copy it over to the UDM into the On-Boot-Script folder (`/mnt/data/on_boot.d`).

This script creates a cronjob, which creates and starts the container to copy the automated backups to your FTP server. By default the container runs once per hour, which of course can be customized in the script.

In the scirpt are also 4 variables, which are used by the container to logon to the FTP server and copy over the backups.
1. Customize conf.env with your own values and store in a folder called `/mnt/data/udm-backup-ftp` on your UDM (you can store the file wherever you want, but than you have to change the path in the `ENV_FILE` variable in the `80-udm-backup-ftp.sh` script file). In this example, which is also the default of the script file, the configuration is stored in `/mnt/data/udm-backup-ftp/conf.env`.
This file needs 4 variables to work, which are used by the container to logon to the FTP server and copy over the backups.

```shell
FTP_SERVER={SERVERNAME}
FTP_PATH={BACKUPPATH}
FTP_USER={FTPUSER}
FTP_PASSWORD={FTPPASSWORD}
```
Please make your the configuration file is only readable by root.
```shell
chmod 0400 /mnt/data/udm-backup-ftp/conf.env
```

1. Customize the [on_boot.d/80-udm-backup-ftp.sh](on_boot.d/80-udm-backup-ftp.sh) script and copy it over to the UDM into the On-Boot-Script folder (`/mnt/data/on_boot.d`).

This script creates a cronjob, which pulls and starts the container to copy the automated backups to your FTP server. By default the container runs once per hour, which of course can be customized in the script.

In the script you can configure two variables:
- `ENV_FILE` if you are storing your FTP credentials in a different path than proposed (`/mnt/data/udm-backup-ftp/conf.env`).
- Comment `PROTECT_MOUNT` variable if you do not want to do backups for Unifi Protect.

Please edit the variables and copy the script to `/mnt/data/on_boot.d`. You also have to make the script executeable.
Please make your changes and copy the script to `/mnt/data/on_boot.d`. You also have to make the script executeable.
```shell
chmod a+x /mnt/data/on_boot.d/80-udm-backup-ftp.sh
```
Expand Down
4 changes: 4 additions & 0 deletions conf.env.dist
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
FTP_SERVER={SERVERNAME}
FTP_PATH={BACKUPPATH}
FTP_USER={FTPUSER}
FTP_PASSWORD={FTPPASSWORD}
21 changes: 11 additions & 10 deletions on_boot.d/80-udm-backup-ftp.sh
Original file line number Diff line number Diff line change
Expand Up @@ -22,11 +22,7 @@ echo " Configure scheduled copy of backups to external FTP server"
echo "------------------------------------------------------------"


FTP_SERVER={SERVERNAME}
FTP_PATH={BACKUPPATH}
FTP_USER={FTPUSER}
FTP_PASSWORD={FTPPASSWORD}

ENV_FILE='/mnt/data/udm-backup-ftp/conf.env'
CRON_FILE='/etc/cron.d/udm-backup-ftp'
CRON_SCHEDULE='30 * * * *'

Expand All @@ -35,26 +31,31 @@ SDN_MOUNT="/mnt/data/unifi-os/unifi/data/backup/autobackup:/backups/unifi:ro"
# you can comment next line to disable protect backup (or if protect is disabled on your UDM)
PROTECT_MOUNT="/mnt/data_ext/unifi-os/unifi-protect/backups:/backups/protect:ro"

CRON_CMD="${CRON_SCHEDULE} podman run -it --rm --name UDM-FTP-Backup --network=host -e \"FTP_SERVER=$FTP_SERVER\" -e \"FTP_PATH=$FTP_PATH\" -e \"FTP_USER=$FTP_USER\" -e \"FTP_PASSWORD=$FTP_PASSWORD\""
CRON_CMD="${CRON_SCHEDULE} podman run -it --rm --name UDM-FTP-Backup --network=host --env-file='$ENV_FILE'"
BACKUP_IMG='docker.io/aessing/udm-backup-ftp'

if [ ! -r "$ENV_FILE" ]; then
echo "ERROR: File '$ENV_FILE' not found or is not readable!" 1>&2
echo "Please create it based on 'conf.env.dist' with your own values" 1>&2
exit 1
fi


if [ ! -z "${SDN_MOUNT}" ]; then
if [ -n "${SDN_MOUNT:-}" ]; then
CRON_CMD="${CRON_CMD} -v \"$SDN_MOUNT\""
fi

if [ ! -z "${PROTECT_MOUNT}" ]; then
if [ -n "${PROTECT_MOUNT:-}" ]; then
CRON_CMD="${CRON_CMD} -v \"$PROTECT_MOUNT\""
fi

CRON_CMD="${CRON_CMD} ${BACKUP_IMG}"

if [ ! -f "${CRON_FILE}" ]; then
if [ ! -f "${CRON_FILE:-}" ]; then
echo "${CRON_CMD}" > ${CRON_FILE}
chmod 644 ${CRON_FILE}
/etc/init.d/crond reload ${CRON_FILE}
fi

echo " - done"
echo ""
echo

0 comments on commit b30f4b1

Please sign in to comment.