1.9 KiB
Backing up WG Hub config
The idea is to automatically copy the Jumphost server WG config to a local device, just in case. Copying gets done through SSH.
Because we want this happening automatically, we need to do some adjustments to automatically enter the SSH key passphrase.
Dealing with passphrase
Run these commands and enter the passphrase when prompted.
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/superhog-data-general-ssh-prd # I'm assuming this is your path to the key. If it isn't adjust.
echo "export SSH_AUTH_SOCK=$SSH_AUTH_SOCK" > ~/.ssh/agent_env
echo "export SSH_AGENT_PID=$SSH_AGENT_PID" >> ~/.ssh/agent_env
The actual script
Run this in your terminal to create the backup script:
cat << EOF > backup_wg.sh
#!/bin/bash
source /home/$USER/.ssh/agent_env
ssh azureuser@jumphost-prd.prd.data.superhog.com -i /home/$USER/.ssh/superhog-data-general-ssh-prd 'sudo cat /etc/wireguard/wg0.conf' > /home/$USER/wg_server_backup.conf
EOF
Now test that it works by running in your terminal:
chmod 700 backup_wg.sh
./backup_wg.sh
# Is the file there?
ls -l | grep wg_server_backup
# Let's print the first line, which usually should simply read "[Interface]"
head -n 1 wg_server_backup.conf
Make sure this works before scheduling.
Scheduling
Run this to schedule it to run a few times per day. Hopefully your laptop will be active during some of those times:
BACKUP_COMMAND="0 9,12,15,18 * * * /home/$USER/backup_wg.sh"
(crontab -u $USER -l; echo "$BACKUP_COMMAND" ) | crontab -u $USER -
Your schedule is now ready. Feel free to wait until one of those times is hit to check if the backup file gets created.
Restoring the backup
Simply edit the Jumphost server file /etc/wireguard/wg0.conf to add the contents of the backup.
You would then restart WG in the jumphost with sudo systemctl restart wg-quick@wg0.service