sh-notion/notion_data_team_no_files/Backing up WG Hub config 2260446ff9c9808b8cd9ecc144ce7106.md

# Backing up WG Hub config

The idea is to automatically copy the Jumphost server WG config to a local device, just in case. Copying gets done through SSH. 

Because we want this happening automatically, we need to do some adjustments to automatically enter the SSH key passphrase.

## Dealing with passphrase

Run these commands and enter the passphrase when prompted.

```bash
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/superhog-data-general-ssh-prd # I'm assuming this is your path to the key. If it isn't adjust.
echo "export SSH_AUTH_SOCK=$SSH_AUTH_SOCK" > ~/.ssh/agent_env
echo "export SSH_AGENT_PID=$SSH_AGENT_PID" >> ~/.ssh/agent_env
```

## The actual script

Run this in your terminal to create the backup script: 

```bash
cat << EOF > backup_wg.sh
#!/bin/bash
source /home/$USER/.ssh/agent_env
ssh azureuser@jumphost-prd.prd.data.superhog.com -i /home/$USER/.ssh/superhog-data-general-ssh-prd 'sudo cat /etc/wireguard/wg0.conf' > /home/$USER/wg_server_backup.conf
EOF
```

Now test that it works by running in your terminal:

```bash
chmod 700 backup_wg.sh
./backup_wg.sh

# Is the file there?
ls -l | grep wg_server_backup

# Let's print the first line, which usually should simply read "[Interface]"
head -n 1 wg_server_backup.conf
```

Make sure this works before scheduling.

## Scheduling

Run this to schedule it to run a few times per day. Hopefully your laptop will be active during some of those times:

```bash
BACKUP_COMMAND="0 9,12,15,18 * * * /home/$USER/backup_wg.sh"
(crontab -u $USER -l; echo "$BACKUP_COMMAND" ) | crontab -u $USER -
```

Your schedule is now ready. Feel free to wait until one of those times is hit to check if the backup file gets created.

# Restoring the backup

Simply edit the Jumphost server file `/etc/wireguard/wg0.conf` to add the contents of the backup.

You would then restart WG in the jumphost with `sudo systemctl restart wg-quick@wg0.service`
pages 2025-07-11 16:15:17 +02:00			`# Backing up WG Hub config`

			`The idea is to automatically copy the Jumphost server WG config to a local device, just in case. Copying gets done through SSH.`

			`Because we want this happening automatically, we need to do some adjustments to automatically enter the SSH key passphrase.`

			`## Dealing with passphrase`

			`Run these commands and enter the passphrase when prompted.`

			```bash
			`eval "$(ssh-agent -s)"`
			`ssh-add ~/.ssh/superhog-data-general-ssh-prd # I'm assuming this is your path to the key. If it isn't adjust.`
			`echo "export SSH_AUTH_SOCK=$SSH_AUTH_SOCK" > ~/.ssh/agent_env`
			`echo "export SSH_AGENT_PID=$SSH_AGENT_PID" >> ~/.ssh/agent_env`
			```

			`## The actual script`

			`Run this in your terminal to create the backup script:`

			```bash
			`cat << EOF > backup_wg.sh`
			`#!/bin/bash`
			`source /home/$USER/.ssh/agent_env`
			`ssh azureuser@jumphost-prd.prd.data.superhog.com -i /home/$USER/.ssh/superhog-data-general-ssh-prd 'sudo cat /etc/wireguard/wg0.conf' > /home/$USER/wg_server_backup.conf`
			`EOF`
			```

			`Now test that it works by running in your terminal:`

			```bash
			`chmod 700 backup_wg.sh`
			`./backup_wg.sh`

			`# Is the file there?`
			`ls -l \| grep wg_server_backup`

			`# Let's print the first line, which usually should simply read "[Interface]"`
			`head -n 1 wg_server_backup.conf`
			```

			`Make sure this works before scheduling.`

			`## Scheduling`

			`Run this to schedule it to run a few times per day. Hopefully your laptop will be active during some of those times:`

			```bash
			`BACKUP_COMMAND="0 9,12,15,18 * * * /home/$USER/backup_wg.sh"`
			`(crontab -u $USER -l; echo "$BACKUP_COMMAND" ) \| crontab -u $USER -`
			```

			`Your schedule is now ready. Feel free to wait until one of those times is hit to check if the backup file gets created.`

			`# Restoring the backup`

			Simply edit the Jumphost server file `/etc/wireguard/wg0.conf` to add the contents of the backup.

			You would then restart WG in the jumphost with `sudo systemctl restart wg-quick@wg0.service`