[people/pmueller/ipfire-2.x.git] / config / backup / backup.pl

#!/bin/bash
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2007-2022  IPFire Team  <info@ipfire.org>                     #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

shopt -s nullglob

NOW="$(date "+%Y-%m-%d-%H:%M")"

list_addons() {
	local file
	for file in /var/ipfire/backup/addons/includes/*; do
		if [ -f "${file}" ]; then
			basename "${file}"
		fi
	done

	return 0
}

process_includes() {
	local include
	for include in $@; do
		local file
		while read -r file; do
			# Skip any empty line (which will include /)
			[ -n "${file}" ] || continue

			for file in /${file}; do
				if [ -e "${file}" ]; then
					echo "${file}"
				fi
			done
		done < "${include}"
	done | sort -u
}

make_backup() {
	local filename="${1}"
	shift

	# Backup all addons first
	local addon
	for addon in $(list_addons); do
		make_addon_backup "${addon}"
	done

	# Backup using global exclude/include definitions
	tar cvfz "${filename}" -C / \
		--exclude-from="/var/ipfire/backup/exclude" \
		--exclude-from="/var/ipfire/backup/exclude.user" \
		$(process_includes "/var/ipfire/backup/include") \
		$(process_includes "/var/ipfire/backup/include.user") \
		"$@"

	return 0
}

restore_backup() {
	local filename="${1}"

	# Extract backup
	if ! tar xvzpf "${filename}" -C / \
			--exclude-from="/var/ipfire/backup/exclude" \
			--exclude-from="/var/ipfire/backup/exclude.user"; then
		echo "Could not extract backup" >&2
		return 1
	fi

	# Restart syslogd, httpd and suricata in case we've just loaded old logs
	apachectl -k graceful
	/bin/kill -HUP `cat /var/run/suricata.pid 2> /dev/null` 2> /dev/null
	/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null

	# remove wrong vnstat tag file
	rm -f /var/log/vnstat/tag

	# create dhcpcd user
	groupadd -g 52 dhcpcd
	useradd -c 'dhcpcd privsep user'	\
		-d /run/dhcpcd/chroot		\
		-g dhcpcd			\
		-s /bin/false			\
		-u 52 dhcpcd

	# Run converters

	# Outgoing Firewall
	if [ -d "/var/ipfire/outgoing" ]; then
		# Reset files
		local file
		for file in /var/ipfire/firewall/{config,outgoing} \
				/var/ipfire/fwhosts/custom{hosts,groups,networks}; do
			: > "${file}"
			chown nobody:nobody "${file}"
		done

		# Run converter
		convert-outgoingfw

		# Remove old configuration
		rm -rf "/var/ipfire/outgoing"
	fi

	# External Access
	if [ -d "/var/ipfire/xtaccess" ]; then
		: > /var/ipfire/firewall/config
		chown nobody:nobody "/var/ipfire/firewall/config"

		# Run converter
		convert-xtaccess

		# Remove old configuration
		rm -rf "/var/ipfire/xtaccess"
	fi

	# DMZ Holes
	if [ -d "/var/ipfire/dmzholes" ] || [ -d "/var/ipfire/portfw" ]; then
		: > /var/ipfire/firewall/config
		chown nobody:nobody "/var/ipfire/firewall/config"

		# Run converter
		convert-dmz

		# Remove old configuration
		rm -rf "/var/ipfire/dmzholes"
	fi

	# Port Forwardings
	if [ -d "/var/ipfire/portfw" ]; then
		# Run converter
		convert-portfw

		# Remove old configuration
		rm -rf "/var/ipfire/portfw"
	fi

	# Convert location
	convert-to-location

	# Reload firewall
	firewallctrl

	# Snort to suricata converter.
	if [ -d "/var/ipfire/snort" ]; then
		# Run converter
		convert-snort

		# Remove old configuration directory.
		rm -rf "/var/ipfire/snort"
	fi

	# IDS multiple providers converter.
	if [ -e "/var/ipfire/suricata/rules-settings" ]; then
		# Run the converter
		convert-ids-multiple-providers
	fi

	# IDS backend converter.
	if [ -e "/var/ipfire/suricata/oinkmaster.conf" ]; then
		# Run the converter
		convert-ids-backend-files
	fi

	# Convert DNS settings
	convert-dns-settings

	# move nobeeps if exist
	[ -e "/var/ipfire/ppp/nobeeps" ] && mv /var/ipfire/ppp/nobeeps /var/ipfire/red/nobeeps

	# Replace previously used OpenVPN Diffie-Hellman parameter by ffdhe4096
	sed -i 's|/var/ipfire/ovpn/ca/dh1024.pem|/etc/ssl/ffdhe4096.pem|' /var/ipfire/ovpn/server.conf /var/ipfire/ovpn/n2nconf/*/*.conf

	# Update OpenVPN CRL
	/etc/fcron.daily/openvpn-crl-updater
	
	# Update OpenVPN N2N Client Configs
	## Add providers legacy default line to n2n client config files
	# Check if ovpnconfig exists and is not empty
	if [ -s /var/ipfire/ovpn/ovpnconfig ]; then
	       # Identify all n2n connections
	       for y in $(awk -F',' '/net/ { print $3 }' /var/ipfire/ovpn/ovpnconfig); do
	           # Add the legacy option to all N2N client conf files if it does not already exist
			if [ $(grep -c "Open VPN Client Config" /var/ipfire/ovpn/n2nconf/${y}/${y}.conf) -eq 1 ] ; then
				if [ $(grep -c "providers legacy default" /var/ipfire/ovpn/n2nconf/${y}/${y}.conf) -eq 0 ] ; then
					echo "providers legacy default" >> /var/ipfire/ovpn/n2nconf/${y}/${y}.conf
				fi
			fi
	       done
	fi

	#Update ovpnconfig to include pass or no-pass for old backup versions missing the entry
	# Check if ovpnconfig exists and is not empty
	if [ -s /var/ipfire/ovpn/ovpnconfig ]; then
       	# Add blank line at top of ovpnconfig otherwise the first roadwarrior entry is treated like a blank line and missed out from update
       	awk 'NR==1{print ""}1' /var/ipfire/ovpn/ovpnconfig > /var/ipfire/ovpn/tmp_file && mv /var/ipfire/ovpn/tmp_file /var/ipfire/ovpn/ovpnconfig
       	# Make all N2N connections 'no-pass' since they do not use encryption
       	awk '{FS=OFS=","} {if($5=="net") {$43="no-pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
		# Evaluate roadwarrior connection names for *.p12 files
       	for y in $(awk -F',' '/host/ { print $3 }' /var/ipfire/ovpn/ovpnconfig); do
       	    # Sort all unencrypted roadwarriors out and set 'no-pass' in [43] index
       	        if [[ -n $(openssl pkcs12 -info -in /var/ipfire/ovpn/certs/${y}.p12 -noout -password pass:'' 2>&1 | grep 'Encrypted data') ]]; then
       	                awk -v var="$y" '{FS=OFS=","} {if($3==var) {$43="no-pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
       	        fi
       	    # Sort all encrypted roadwarriors out and set 'pass' in [43] index
       	        if [[ -n $(openssl pkcs12 -info -in /var/ipfire/ovpn/certs/${y}.p12 -noout -password pass:'' 2>&1 | grep 'verify error')  ]]; then
       	                awk -v var="$y" '{FS=OFS=","} {if($3==var) {$43="pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
			 fi
	       done
	fi
	# Replace existing ovpnconfig with updated index
	mv /var/ipfire/ovpn/ovpnconfig.new /var/ipfire/ovpn/ovpnconfig
	# Set correct ownership
	chown nobody:nobody /var/ipfire/ovpn/ovpnconfig

	# Generate new HTTPS RSA key if the existing is too small
	KEYSIZE=$(openssl rsa -in /etc/httpd/server.key -text -noout | sed -n 's/Private-Key:\ (\(.*\)\ bit.*/\1/p')
	if [ $KEYSIZE \< 2048 ]; then
		openssl genrsa -out /etc/httpd/server.key 4096 &>/dev/null
		chmod 600 /etc/httpd/server.key
		sed "s/HOSTNAME/`hostname -f`/" < /etc/certparams | \
				openssl req -new -key /etc/httpd/server.key \
				-out /etc/httpd/server.csr &>/dev/null
		openssl x509 -req -days 999999 -sha256 \
			-in /etc/httpd/server.csr \
			-signkey /etc/httpd/server.key \
			-out /etc/httpd/server.crt &>/dev/null
	fi
	return 0
}

find_logfiles() {
	local filelist=( /var/log/logwatch/* /var/log/messages* /var/log/*.log /var/log/**/*.log )

	echo "${filelist[@]}"
}

make_addon_backup() {
	local name="${1}"
	shift

	if [ ! -f "/var/ipfire/backup/addons/includes/${name}" ]; then
		echo "${name} does not have any backup includes" >&2
		return 1
	fi

	local filename="/var/ipfire/backup/addons/backup/${name}.ipf"

	tar cvzf "${filename}" \
		$(process_includes "/var/ipfire/backup/addons/includes/${name}")
}

restore_addon_backup() {
	local name="${1}"

	if [ -d "/tmp/${name}.ipf" ]; then
		mv "/tmp/${name}.ipf" "/var/ipfire/backup/addons/backup/${name}.ipf"
	fi

	# Extract backup
	if ! tar xvzpf "/var/ipfire/backup/addons/backup/${name}.ipf" -C /; then
		echo "Could not extract backup" >&2
		return 1
	fi
}

main() {
	local command="${1}"
	shift

	case "${command}" in
		include)
			local filename="${1}"

			if [ -z "${filename}" ]; then
				filename="/var/ipfire/backup/${NOW}.ipf"
			fi

			make_backup "${filename}" $(find_logfiles)
			;;

		exclude)
			local filename="${1}"

			if [ -z "${filename}" ]; then
				filename="/var/ipfire/backup/${NOW}.ipf"
			fi

			make_backup "${filename}"
			;;

		restore)
			local filename="${1}"

			if [ -z "${filename}" ]; then
				filename="/tmp/restore.ipf"
			fi

			restore_backup "${filename}"
			;;

		addonbackup)
			make_addon_backup "$@"
			;;

		restoreaddon)
			restore_addon_backup "${1/.ipf/}"
			;;

		iso)
			# Desired backup filename
			local filename="/var/ipfire/backup/${NOW}.ipf"

			if make_backup "${filename}"; then
				/usr/local/bin/backupiso "${NOW}"
			fi
			;;

		makedirs)
			mkdir -p /var/ipfire/backup/addons/{backup,includes}
			;;

		list)
			process_includes "/var/ipfire/backup/include" "/var/ipfire/backup/include.user"
			;;

		/var/ipfire/backup/*.ipf|/var/ipfire/backup/addons/backup/*.ipf|/var/tmp/backupiso/*.iso)
			unlink "${command}"
			;;

		*)
			echo "${0}: [include|exclude|restore|addonbackup <addon>|restoreaddon <addon>|iso]" >&2
			return 2
			;;
	esac

	return $?
}

main "$@" || exit $?
Commit	Line	Data
c7b7a70d	1	#!/bin/bash
70df8302 MT	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
c1a5a49b	5	# Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
70df8302 MT	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
cf29614f	21
13f6473a MT	22	shopt -s nullglob
13f6473a MT	23
c7b7a70d MT	24	NOW="$(date "+%Y-%m-%d-%H:%M")"
	25
	26	list_addons() {
	27	local file
	28	for file in /var/ipfire/backup/addons/includes/*; do
	29	if [ -f "${file}" ]; then
	30	basename "${file}"
	31	fi
	32	done
	33
	34	return 0
8e8bbd9d	35	}
c7b7a70d MT	36
	37	process_includes() {
	38	local include
c7b7a70d MT	39	for include in $@; do
	40	local file
	41	while read -r file; do
d5d3748b MT	42	# Skip any empty line (which will include /)
	43	[ -n "${file}" ] \|\| continue
	44
13f6473a	45	for file in /${file}; do
b275771f MT	46	if [ -e "${file}" ]; then
	47	echo "${file}"
	48	fi
4f10c0b3	49	done
c7b7a70d MT	50	done < "${include}"
c7b7a70d MT	51	done \| sort -u
5ad5a6bc	52	}
c7b7a70d MT	53
	54	make_backup() {
	55	local filename="${1}"
	56	shift
	57
	58	# Backup all addons first
	59	local addon
	60	for addon in $(list_addons); do
	61	make_addon_backup "${addon}"
	62	done
	63
e5f3e039	64	# Backup using global exclude/include definitions
c7e0d73e	65	tar cvfz "${filename}" -C / \
c7b7a70d MT	66	--exclude-from="/var/ipfire/backup/exclude" \
c7b7a70d MT	67	--exclude-from="/var/ipfire/backup/exclude.user" \
51ed815f	68	$(process_includes "/var/ipfire/backup/include") \
e5f3e039	69	$(process_includes "/var/ipfire/backup/include.user") \
c7b7a70d MT	70	"$@"
	71
	72	return 0
cf29614f	73	}
c7b7a70d MT	74
	75	restore_backup() {
	76	local filename="${1}"
	77
fc717041	78	# Extract backup
3f8e70f6 MT	79	if ! tar xvzpf "${filename}" -C / \
	80	--exclude-from="/var/ipfire/backup/exclude" \
	81	--exclude-from="/var/ipfire/backup/exclude.user"; then
fc717041 MT	82	echo "Could not extract backup" >&2
	83	return 1
	84	fi
c7b7a70d	85
28797d48 TF	86	# Restart syslogd, httpd and suricata in case we've just loaded old logs
	87	apachectl -k graceful
	88	/bin/kill -HUP `cat /var/run/suricata.pid 2> /dev/null` 2> /dev/null
	89	/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null
	90
5562f26f AF	91	# remove wrong vnstat tag file
	92	rm -f /var/log/vnstat/tag
	93
34b7b986 AF	94	# create dhcpcd user
	95	groupadd -g 52 dhcpcd
	96	useradd -c 'dhcpcd privsep user' \
	97	-d /run/dhcpcd/chroot \
	98	-g dhcpcd \
	99	-s /bin/false \
	100	-u 52 dhcpcd
	101
c7b7a70d MT	102	# Run converters
	103
	104	# Outgoing Firewall
	105	if [ -d "/var/ipfire/outgoing" ]; then
	106	# Reset files
	107	local file
	108	for file in /var/ipfire/firewall/{config,outgoing} \
	109	/var/ipfire/fwhosts/custom{hosts,groups,networks}; do
	110	: > "${file}"
	111	chown nobody:nobody "${file}"
	112	done
	113
	114	# Run converter
	115	convert-outgoingfw
	116
	117	# Remove old configuration
	118	rm -rf "/var/ipfire/outgoing"
	119	fi
	120
	121	# External Access
	122	if [ -d "/var/ipfire/xtaccess" ]; then
	123	: > /var/ipfire/firewall/config
	124	chown nobody:nobody "/var/ipfire/firewall/config"
	125
	126	# Run converter
	127	convert-xtaccess
	128
	129	# Remove old configuration
	130	rm -rf "/var/ipfire/xtaccess"
	131	fi
	132
	133	# DMZ Holes
	134	if [ -d "/var/ipfire/dmzholes" ] \|\| [ -d "/var/ipfire/portfw" ]; then
	135	: > /var/ipfire/firewall/config
	136	chown nobody:nobody "/var/ipfire/firewall/config"
	137
	138	# Run converter
	139	convert-dmz
	140
	141	# Remove old configuration
	142	rm -rf "/var/ipfire/dmzholes"
	143	fi
	144
	145	# Port Forwardings
	146	if [ -d "/var/ipfire/portfw" ]; then
	147	# Run converter
	148	convert-portfw
	149
	150	# Remove old configuration
	151	rm -rf "/var/ipfire/portfw"
	152	fi
	153
f1d982cc SS	154	# Convert location
	155	convert-to-location
	156
c7b7a70d MT	157	# Reload firewall
	158	firewallctrl
	159
8c273724 SS	160	# Snort to suricata converter.
	161	if [ -d "/var/ipfire/snort" ]; then
	162	# Run converter
	163	convert-snort
	164
	165	# Remove old configuration directory.
	166	rm -rf "/var/ipfire/snort"
	167	fi
	168
4aa1382e SS	169	# IDS multiple providers converter.
	170	if [ -e "/var/ipfire/suricata/rules-settings" ]; then
	171	# Run the converter
	172	convert-ids-multiple-providers
	173	fi
	174
b3dbe9ef SS	175	# IDS backend converter.
	176	if [ -e "/var/ipfire/suricata/oinkmaster.conf" ]; then
	177	# Run the converter
	178	convert-ids-backend-files
	179	fi
	180
ecbf6676 MT	181	# Convert DNS settings
	182	convert-dns-settings
	183
6df8a22b AF	184	# move nobeeps if exist
	185	[ -e "/var/ipfire/ppp/nobeeps" ] && mv /var/ipfire/ppp/nobeeps /var/ipfire/red/nobeeps
	186
bbbb0b9e PM	187	# Replace previously used OpenVPN Diffie-Hellman parameter by ffdhe4096
	188	sed -i 's\|/var/ipfire/ovpn/ca/dh1024.pem\|/etc/ssl/ffdhe4096.pem\|' /var/ipfire/ovpn/server.conf /var/ipfire/ovpn/n2nconf//.conf
	189
233baacd MT	190	# Update OpenVPN CRL
233baacd MT	191	/etc/fcron.daily/openvpn-crl-updater
9eb2086e AB	192
	193	# Update OpenVPN N2N Client Configs
	194	## Add providers legacy default line to n2n client config files
	195	# Check if ovpnconfig exists and is not empty
	196	if [ -s /var/ipfire/ovpn/ovpnconfig ]; then
	197	# Identify all n2n connections
	198	for y in $(awk -F',' '/net/ { print $3 }' /var/ipfire/ovpn/ovpnconfig); do
	199	# Add the legacy option to all N2N client conf files if it does not already exist
	200	if [ $(grep -c "Open VPN Client Config" /var/ipfire/ovpn/n2nconf/${y}/${y}.conf) -eq 1 ] ; then
	201	if [ $(grep -c "providers legacy default" /var/ipfire/ovpn/n2nconf/${y}/${y}.conf) -eq 0 ] ; then
	202	echo "providers legacy default" >> /var/ipfire/ovpn/n2nconf/${y}/${y}.conf
	203	fi
	204	fi
	205	done
	206	fi
233baacd	207
3f18adde AB	208	#Update ovpnconfig to include pass or no-pass for old backup versions missing the entry
	209	# Check if ovpnconfig exists and is not empty
	210	if [ -s /var/ipfire/ovpn/ovpnconfig ]; then
	211	# Add blank line at top of ovpnconfig otherwise the first roadwarrior entry is treated like a blank line and missed out from update
	212	awk 'NR==1{print ""}1' /var/ipfire/ovpn/ovpnconfig > /var/ipfire/ovpn/tmp_file && mv /var/ipfire/ovpn/tmp_file /var/ipfire/ovpn/ovpnconfig
	213	# Make all N2N connections 'no-pass' since they do not use encryption
	214	awk '{FS=OFS=","} {if($5=="net") {$43="no-pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
	215	# Evaluate roadwarrior connection names for *.p12 files
	216	for y in $(awk -F',' '/host/ { print $3 }' /var/ipfire/ovpn/ovpnconfig); do
	217	# Sort all unencrypted roadwarriors out and set 'no-pass' in [43] index
	218	if [[ -n $(openssl pkcs12 -info -in /var/ipfire/ovpn/certs/${y}.p12 -noout -password pass:'' 2>&1 \| grep 'Encrypted data') ]]; then
	219	awk -v var="$y" '{FS=OFS=","} {if($3==var) {$43="no-pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
	220	fi
	221	# Sort all encrypted roadwarriors out and set 'pass' in [43] index
	222	if [[ -n $(openssl pkcs12 -info -in /var/ipfire/ovpn/certs/${y}.p12 -noout -password pass:'' 2>&1 \| grep 'verify error') ]]; then
	223	awk -v var="$y" '{FS=OFS=","} {if($3==var) {$43="pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
	224	fi
	225	done
	226	fi
	227	# Replace existing ovpnconfig with updated index
	228	mv /var/ipfire/ovpn/ovpnconfig.new /var/ipfire/ovpn/ovpnconfig
	229	# Set correct ownership
	230	chown nobody:nobody /var/ipfire/ovpn/ovpnconfig
	231
36c16c71 AF	232	# Generate new HTTPS RSA key if the existing is too small
	233	KEYSIZE=$(openssl rsa -in /etc/httpd/server.key -text -noout \| sed -n 's/Private-Key:\ (\(.\)\ bit./\1/p')
	234	if [ $KEYSIZE \< 2048 ]; then
	235	openssl genrsa -out /etc/httpd/server.key 4096 &>/dev/null
	236	chmod 600 /etc/httpd/server.key
	237	sed "s/HOSTNAME/`hostname -f`/" < /etc/certparams \| \
	238	openssl req -new -key /etc/httpd/server.key \
	239	-out /etc/httpd/server.csr &>/dev/null
	240	openssl x509 -req -days 999999 -sha256 \
	241	-in /etc/httpd/server.csr \
	242	-signkey /etc/httpd/server.key \
	243	-out /etc/httpd/server.crt &>/dev/null
	244	fi
c7b7a70d	245	return 0
901a50cf	246	}
c7b7a70d MT	247
c7b7a70d MT	248	find_logfiles() {
c1a5a49b	249	local filelist=( /var/log/logwatch/* /var/log/messages* /var/log/.log /var/log//.log )
c7b7a70d MT	250
c7b7a70d MT	251	echo "${filelist[@]}"
b90a7e56	252	}
c7b7a70d MT	253
	254	make_addon_backup() {
	255	local name="${1}"
	256	shift
	257
	258	if [ ! -f "/var/ipfire/backup/addons/includes/${name}" ]; then
	259	echo "${name} does not have any backup includes" >&2
	260	return 1
	261	fi
	262
	263	local filename="/var/ipfire/backup/addons/backup/${name}.ipf"
	264
	265	tar cvzf "${filename}" \
	266	$(process_includes "/var/ipfire/backup/addons/includes/${name}")
8e8bbd9d	267	}
c7b7a70d MT	268
	269	restore_addon_backup() {
	270	local name="${1}"
	271
	272	if [ -d "/tmp/${name}.ipf" ]; then
	273	mv "/tmp/${name}.ipf" "/var/ipfire/backup/addons/backup/${name}.ipf"
	274	fi
	275
fc717041 MT	276	# Extract backup
	277	if ! tar xvzpf "/var/ipfire/backup/addons/backup/${name}.ipf" -C /; then
	278	echo "Could not extract backup" >&2
	279	return 1
	280	fi
a609bfb0	281	}
8e8bbd9d	282
c7b7a70d MT	283	main() {
	284	local command="${1}"
	285	shift
	286
c7b7a70d MT	287	case "${command}" in
c7b7a70d MT	288	include)
175f5c06 MT	289	local filename="${1}"
	290
	291	if [ -z "${filename}" ]; then
51ed815f	292	filename="/var/ipfire/backup/${NOW}.ipf"
175f5c06 MT	293	fi
175f5c06 MT	294
c7b7a70d MT	295	make_backup "${filename}" $(find_logfiles)
	296	;;
	297
	298	exclude)
175f5c06 MT	299	local filename="${1}"
	300
	301	if [ -z "${filename}" ]; then
51ed815f	302	filename="/var/ipfire/backup/${NOW}.ipf"
175f5c06 MT	303	fi
175f5c06 MT	304
c7b7a70d MT	305	make_backup "${filename}"
	306	;;
	307
	308	restore)
175f5c06 MT	309	local filename="${1}"
	310
	311	if [ -z "${filename}" ]; then
	312	filename="/tmp/restore.ipf"
	313	fi
	314
d9db9160	315	restore_backup "${filename}"
c7b7a70d MT	316	;;
	317
	318	addonbackup)
	319	make_addon_backup "$@"
	320	;;
cf29614f	321
c7b7a70d MT	322	restoreaddon)
	323	restore_addon_backup "${1/.ipf/}"
	324	;;
84578512	325
c7b7a70d	326	iso)
175f5c06 MT	327	# Desired backup filename
	328	local filename="/var/ipfire/backup/${NOW}.ipf"
	329
c7b7a70d	330	if make_backup "${filename}"; then
45a5df5a	331	/usr/local/bin/backupiso "${NOW}"
c7b7a70d MT	332	fi
	333	;;
	334
	335	makedirs)
	336	mkdir -p /var/ipfire/backup/addons/{backup,includes}
	337	;;
	338
4f10c0b3 MT	339	list)
	340	process_includes "/var/ipfire/backup/include" "/var/ipfire/backup/include.user"
	341	;;
	342
c7b7a70d MT	343	/var/ipfire/backup/.ipf\|/var/ipfire/backup/addons/backup/.ipf\|/var/tmp/backupiso/*.iso)
	344	unlink "${command}"
	345	;;
	346
	347	*)
	348	echo "${0}: [include\|exclude\|restore\|addonbackup <addon>\|restoreaddon <addon>\|iso]" >&2
	349	return 2
	350	;;
	351	esac
	352
	353	return $?
cf29614f	354	}
c7b7a70d MT	355
c7b7a70d MT	356	main "$@" \|\| exit $?