feat: Add backup and security hardening

2025-11-08 00:28:17 +01:00
parent 8de3f16ee6
commit 96f521a474
23 changed files with 5696 additions and 939 deletions
--- a/scripts/backup-setup/backup.conf.example
+++ b/scripts/backup-setup/backup.conf.example
@@ -0,0 +1,43 @@
+# Backup Configuration
+# Copy this to /etc/backup.conf and customize
+
+# NAS Connection Settings
+NAS_HOST="nas.example.com"
+NAS_PORT="22"
+NAS_USER="backup"
+NAS_PATH="/volume1/backups/gentoo-workstation"
+
+# Backup Settings
+BACKUP_ROOT="/mnt/backup"
+RETENTION_DAYS="30"
+RETENTION_COUNT="10"
+
+# Exclude patterns (one per line, relative to /)
+EXCLUDE_PATTERNS=(
+  "/dev/*"
+  "/proc/*"
+  "/sys/*"
+  "/tmp/*"
+  "/run/*"
+  "/mnt/*"
+  "/media/*"
+  "/lost+found"
+  "/var/tmp/portage/*"
+  "/var/cache/*"
+  "/.cache/*"
+  "/home/*/.cache/*"
+  "/home/*/Downloads/*.iso"
+  "/home/*/Downloads/*.mp4"
+  "/home/*/Downloads/*.mkv"
+)
+
+# Notification Settings
+NOTIFY_ON_SUCCESS="false"
+NOTIFY_ON_FAILURE="true"
+NOTIFY_EMAIL=""
+
+# Cooldown period (seconds) - prevents backup spam
+BACKUP_COOLDOWN="3600"  # 1 hour
+
+# Last backup timestamp file (auto-set by scripts)
+# LAST_BACKUP_FILE="${HOME}/.local/var/backup/last-backup"