#!/bin/ksh

#assuming openssl 1.1.1 (-pbkdf2)

backupdir=/data/backup
backuplist=/root/bin/backup.lst
secret=GENERATE-NEW-SYMMETRIC-KEY-HERE
maxold=10
dateformat=`date +%Y-%m-%d-%H-%M-%S`
z=gzip
#z=bzip2
#z=xz

[[ ! -d $backupdir/ ]] && print $backupdir/ does not exist && exit 1
[[ ! -f $backuplist ]] && print $backuplist not available && exit 1
[[ ! -x `whence openssl` ]] && print openssl executable missing && exit 1

folders=`grep -v ^# $backuplist`

#
# Clean-up old backups and proceed with new ones.
# Note. -mtime before the -name -o -name otherwise -name takes precedence.
# Note. could use -Btime instead of -mtime on freebsd.
fcleanup() {
	print cleaning up ${maxold} days old backups from $backupdir/
	print "find $backupdir/ -type f -mtime +${maxold} -exec rm -f {} \;"
	find $backupdir/ -type f -mtime +${maxold} -exec rm -f {} \; && print done
	#-name "*.$ext" -o -name "*.$ext.aes" | xargs rm -f && print done
	print ''
}

fmain() {
	fcleanup

        #fmysql
        ffiles

	#print $backupdir/ content:
	#ls -alhF $backupdir/

	#print uploading backups to dedibackup \\c
	#date +%Y-%m-%d-%H-%M-%S
	#/usr/local/bin/ftpmirror upload.backup
	#[[ -x $HOME/bin/backup_lftp.ksh ]] && $HOME/bin/backup_lftp.ksh
}

#
# web hosts and email
#
# I don't want to use -P and I don't want to see that warning either,
#	tar: Removing leading '/' from member names
# so I am proceeded with a relative path from the root of the system tree.
#TODO: adjust compression type depending on .lst...
ffiles() {
	cd /
	for folder in $folders; do
		relative=`echo $folder | sed 's|^/||'`
		underscore=`echo $folder | sed 's|^/||; s|/|_|g'`
		[[ $z = xz ]] && args="-cJp" && dest=$backupdir/$dateformat.$underscore.tar.xz
		[[ $z = bzip2 ]] && args="-cjp" && dest=$backupdir/$dateformat.$underscore.tar.bz2
		[[ $z = gzip ]] && args="-czp" && dest=$backupdir/$dateformat.$underscore.tar.gz

		print $folder/ --\> $dest.aes... \\c
                tar $args \
			--exclude *.avi \
			--exclude *.pdf \
                	-f - $relative \
			| openssl enc -aes-256-cbc -e -k "$secret" -pbkdf2 -out $dest.aes && print done

			#decrypt with same command and -d instead of -e

			#| gpg --symmetric --cipher-algo TWOFISH --passphrase "$secret" \
			#	--output $dest.gpg && print done
			#--no-use-agent

		unset relative underscore args dest
	done; unset folder
	print ''
}

date
fmain $@
date