[Plugin] age


Recommended Posts

age (pronounced: [aɡe̞])

 

Is a simple, modern and secure file encryption tool, format. It features small explicit keys, no config options, and UNIX-style composability.

Based on the excellent work form FiloSottile: https://github.com/FiloSottile/age

This tool is command line only and meant for backup scripts.
 

https://raw.githubusercontent.com/ich777/unraid-age/master/age.plg

 

 

Basics:

After installing the plugin it will create a key file on your USB boot device that is named 'key.age' and located in /boot/config/

 

ATTENTION: I STRONGLY RECOMMEND TO BACKUP THIS FILE TO SOME OTHER LOCATION (PREFERABLY ON A SPARE USB KEY) OR PRINT IT OUT AND STORE IT SOMEWHERE SAFE!

IF YOU LOOSE THIS KEY YOU CAN'T DECRYPT ANY OF THE DATA THAT WAS ENCRYPTED WITH THIS KEY FILE!!!

 

Note: even if you uninstall the plugin the key.age file will not be deleted from the USB Boot device for security reasons (accidental deinstallation of the plugin)

 

Usage:

age-keygen

Is called automatically on plugin installation and will create the 'key.age' key file mentioned above that will look something like this:

# created: 2021-06-10T12:00:00+02:00
# public key: age1me4cr6ll89gy0r3r5hftu0sxjr8nlyd37nylufjq6adlljzdjpuqul5et0
AGE-SECRET-KEY-1AFWSPAZ7ZLM6UR9ZGXNT4U276EVHHEPNX0YRWW8EH05P487N89VQUA0HJA

(I strongly recommend as stated above to backup this key file to a spare USB Key or print it out and store it somewhere safe, I would also recommend to remove the last line from the file on your USB Boot device after you made a backup of the file since this is the actual key that you need to decrypt the files - again, IF YOU LOOSE THIS KEY YOU WON'T BE ABLE TO DECRYPT THE FILES THAT WHERE ENCRYPTED WITH THIS KEY FILE)

 

age

To encrypt a single file you need your public key from the 'key.age' file, as a first example we take a picture with the filename 'test.jpg' that is located in /mnt/user/Pictures/

age -r age1me4cr6ll89gy0r3r5hftu0sxjr8nlyd37nylufjq6adlljzdjpuqul5et0 /mnt/user/Pictures/test.jpg > /mnt/user/Pictures/test.jpg.age

This will keep the original file intact and create a file with the extension .age that is fully encrypted (of course you can also point to another output path for example if you have a disk through UnassignedDevices mounted just replace '> /mnt/user/Pictures/test.jpg.age' with  '> /disks/YOURDISKNAME/Backup/test.jpg.age' for example)

 

You can also store the public key in a variable with something like this:

AGE_KEY="$(cat /boot/config/key.age | grep "public key:" | awk '{print $4}')"

 

and then modify the above command to use the variable:

age -r ${AGE_KEY} /mnt/user/Pictures/test.jpg > /mnt/user/Pictures/test.jpg.age

 

 

If you want to create a encrypted tar archive from a directory (in this case from the USB boot device) do it as follows:

cd /boot
tar -cvzf - --exclude='./bz*' --exclude='*.tgz' --exclude='*.txz' --exclude='./previous' --exclude='./config/key.age' . | age -r ${AGE_KEY} > /mnt/disks/YOURDISKNAME/Backup/$(date '+%Y-%m-%d_%H-%M')_USB_BACKUP.tgz.age

 

Explanation:

cd /boot (will change the directory to the boot device)

tar -cvzf - (will create a tar archive to the pipe)

--exclude='./bz*' (will exclude all bz files, the main OS, since we only need the config files)

--exclude='*.tgz' --exclude='*.txz' (will exclude all plugin archives, since we only need the plg files)

--exclude='./previous' (will exclude the backup from the any previous installed Unraid version)

--exclude='./config/key.age' (will exclude the 'key.age' file)

--exclude='*.zip' (THIS IS OPTIONAL and not in the command above but recommended if you have saved diagnostics or logs on your USB Boot device)

. (tells tar that this is the directory that it should pack up as a tar archive)

| (hand over the output from the pipe to age to encrypt the data that is created by tar)

age -r ${AGE_KEY} (use age and the public key in the AGE_KEY variable to encrypt the date from tar)

> /mnt/disks/YOURDISKNAME/Backup/$(date '+%Y-%m-%d_%H-%M')_USB_BACKUP.tgz.age (output the file to a UnassignedDevices mount that is located in /mnt/disks/YOURDISKNAME/Backup/ and named something like this: '2021-06-10_12-00_USB_BACKUP.tgz.age')

 

DECRYPT FILES:

age --decrypt -i /boot/config/key.age /mnt/disks/YOURDISKNAME/2021-06-10_12-00_USB_BACKUP.tgz.age > /mnt/disks/YOURDISKNAME/2021-06-10_12-00_USB_BACKUP.tgz

 

Explanation:

age --decrypt (use age to decrypt a file)

-i /boot/config/key.age (use the 'key.age' file that is located on your USB Boot device to decrypt the files ATTENTION: If you deleted the last line in the 'key.age' file like mentioned above you have to first restore your backup file with the last line included to your USB Boot device otherwise the decryption will fail)

/mnt/disks/YOURDISKNAME/2021-06-10_12-00_USB_BACKUP.tgz.age (the filename to decrypt)

> /mnt/disks/YOURDISKNAME/2021-06-10_12-00_USB_BACKUP.tgz (the filename of the decrypted file that will be created)

 

 

There are many ways you can utilize this tool and these are only a few examples how to use age.

  • Thanks 4
Link to comment

Example:

with the MEGASync Docker, a disk in Unassigned devices and with a Cron job in the User Scripts plugin

 

This is a complete step by step tutorial.

 

First of all create a account on mega.nz (they offer up to 15GB and as much as available bandwidth is available to free users)

 

  1. Download the MEGASync container from the CA App:
    1.thumb.png.2d4b0e707f6cbc52bd1448856c263006.png
     
  2. In the container itself delete the Host Path and create a new one like described in the next step:
    3.thumb.png.7cba1165f7638ff989b698aa906b7925.png
     
  3. Click on the bottom on 'Add another Path, Port, Variable, Label or Device' and create a path like this (please make sure that you change the path to something that exists on your system), click on Add and then on Apply to start the container:
    grafik.png.0ab0f43a88f39a01f7235a8682d89979.png

     
  4. After the container has started make sure that you enable Autostart:
    grafik.png.086dc36f639ba9753a307c41b2138924.png
     
  5. Click on the MEGASync icon on your Docker page and click on WebUI:
    4.png.65a0150713cfc302ed4720fa25506700.png
     
  6. After the WebUI opened click on Login and login with your credentials (please not that the Create Account button won't work in the WebUI):
    5.thumb.png.c3bcacd190eba8dc4788119d975f77ca.png
     
  7. At install type select Selective sync and click on Next:
    6.thumb.png.e5403a559a89bc710778595442975ea2.png
     
  8. Click on Change at local folder:
    9.thumb.png.1431b8b173eff1002142a4631d03c00c.png
     
  9. Navigate to /mnt/sync and click Choose:
    7.thumb.png.bf8783a28062c3cd2fec26cbf62ea8f0.png
     
  10. Click on Change at MEGA folder:
    9.thumb.png.1431b8b173eff1002142a4631d03c00c.png
     
  11. And create a new folder below Cloud Drive that is named Backup (if you backup more than one Server I would strongly recommend that you create individual sub folders in Backup for the individual machines that you back up):
    8.thumb.png.73ed6acb1c67134286a5664ef9348935.png
     
  12. Click on next:
    9.thumb.png.1431b8b173eff1002142a4631d03c00c.png
     
  13. When you see this message click on Finish and close the WebUI:
    10.thumb.png.11c46bde35c19c4b88b4bf6893606250.png
     
  14. Next download this script to your local computer (it contains a basic backup from your USB Boot device and your appdata directory, please see the steps from above post how to exclude files and folders): MEGASync.script
     
  15. Go to your Settings page in Unraid and click on User Scripts:
    13.png.b6e7a086ff6143d36ccaf79dc3c8fd45.png
     
  16. Click on Add new Script:
    14.png.202fe83d48b2e9a3ea18db6d692adba4.png
     
  17. Type in your preferred script name and click on OK:
    15.thumb.png.53c1476fb10d07ccea335fb2467690d7.png

     
  18. Hover over the little gear icon and click on Edit Script:
    16.thumb.png.c16d1b54ebc8c26e88b0cdc147f9b757.png
     
  19. Copy the contents from the downloaded script from Step 14 in the textbox
    (Please first read trough the script and see if it fit your needs!
    NEVER BLINDLY COPY A SCRIPT FROM THE INTERNET OR SOMEWHERE ELSE AND EXECUTE IT ON YOUR SERVER READ FIRST THROUGH IT AND MAKE SURE IT FIT YOUR NEEDS AND IS CONFIGURED PROPERLY) :
    grafik.thumb.png.b919569e32c8a230ed1440d58c878877.png
     
  20. Make sure to modify the BACKUP_PATH to the Host path that you configured in Step 3 for the MEGASync container (this should be a empty directory with nothing in it since the script deletes everything in it except the current backup):
    grafik.png.340e98ed7f1d05408902e84a53041246.png
     
  21. Click on Save Changes:
    grafik.png.3d7fa0cbc4fe8cd8fc035d6001a4147d.png
     
  22. Select a schedule from the drop-down menu or create a custom one (if you create a custom one I recommend looking into crontab.guru) :
    18.thumb.png.cbb2754e75285313bcddc648621204c6.png
     
  23. After you've selected a schedule don't forget to click on Apply on the bottom:
    grafik.png.b029ab6e8cbccb1ca2558c3e73ab1e07.png
     
  24. Now you can click on Run Script to see the actual output from the script (keep in mind if you close this window the script will be aborted!) or you can click on Run in Background to run it in the Background now.

 

 

Note: This script is only a example and it will only keep the last backup and delete the older ones before it finishes.

This script will basically create backups of the USB Boot device and appdata, remove old backups found and notify you when the backup is finished.

  • Thanks 1
Link to comment

Example:

with the rclone, Nextcloud and with a Cron job in the User Scripts plugin:

 

This is a complete step by step tutorial.

 

  1. Download the rclone plugin from the CA App:
    1.thumb.png.537200cb86dcbf0f8c8bee21a6a3a5f6.png
     
  2. Open up a Unraid Terminal and type in 'rclone config'
     
  3. It will ask what to do next, press 'n' to configure a new remote
     
  4. Enter your preferred name in this example name it 'Nextcloud' and press Return
     
  5. It now asks which protocol that you want to use, enter '37' for Webdav since Nextcloud uses Webdav
     
  6. Now enter the address of your Nextcloud with the inclusion of '/remote.php/webdav' instance in this case 'https://nextcloud.example.org/remote.php/webdav/'
     
  7. Now enter '1' to choose Nextcloud
     
  8. Enter you username for the Nextcloud instance and press Return
     
  9. Press 'y' to choose to enter your password
     
  10. Enter your password twice and press Return
     
  11. Leave the barer_tooken empty by simply press Return
     
  12. At Edit advanced config press 'n'
     
  13. Press on 'y' to accept the configuration
     
  14. And finally press 'q' to exit the rclone configuration
     
  15. Next download this script to your local computer (it contains a basic backup from your USB Boot device and your appdata directory, please see the steps from the first post how to exclude files and folders):
     
  16. Go to your Settings page in Unraid and click on User Scripts:  rclone.script
    grafik.png.34dff116b83137d253cc6d1ca0b38b81.png

  17. Click on Add new Script:
    grafik.png.1276994bd864e8581be0e983acc006dc.png
     

  18. Type in your preferred script name and click on OK:
    grafik.png.728c48b25cd1c2f4c63f93b573045b31.png
     

  19. Hover over the little gear icon and click on Edit Script:
    grafik.png.605ebfd6f44b3b87bf65c9152cc0ccd6.png
     

  20. Copy the contents from the downloaded script from Step 15 in the textbox:
    (Please first read trough the script and see if it fit your needs!
    NEVER BLINDLY COPY A SCRIPT FROM THE INTERNET OR SOMEWHERE ELSE AND EXECUTE IT ON YOUR SERVER READ FIRST THROUGH IT AND MAKE SURE IT FIT YOUR NEEDS AND IS CONFIGURED PROPERLY) :
    grafik.thumb.png.965f343f0d64ddbd585590df098261df.png
    (You don't need to change the BACKUP_PATH since this path is used to mount your cloud storage to your server, this path should
    be empty and is created if it doesn't exists!)
     

  21. Make sure to modify the REMOTE_NAME to the name that you specified in Step 4 in this case 'Nextcloud' and also make sure to modify the REMOTE_PATH to a directory that exists in the root of your Nextcloud or create a folder in the root of your Nextcloud named 'Backup' like in this example (if you want to sync to a subfolder you have to modify the REMOTE_PATH to something like this: 'Backup/MyUnraidServer') :
    grafik.png.13c5cde074808ad5713b75a5141e85aa.png
     

  22. Click on Save Changes:
    grafik.png.188d95e5d674c0f92207d8ca6f5dffd5.png
     

  23. Select a schedule from the drop-down menu or create a custom one (if you create a custom one I recommend looking into crontab.guru) :
    grafik.png.0ff8da2863fc0e29b247001549a5c55e.png
     

  24. After you've selected a schedule don't forget to click on Apply on the bottom:
    grafik.png.b696acaf3a7248ba9a0980bf3f097697.png
     

  25. Now you can click on Run Script to see the actual output from the script (keep in mind if you close this window the script will be aborted!) or you can click on Run in Background to run it in the Background now.

 

 

Note: This script is only a example and it will keep the backups from the last x days defined in the DELETE_BACKUP_DAYS variable within the script.

This script will basically create a directory in /mnt/remotes/age_backup and uses this directory to mount your Cloud storage to the folder to create backups for your USB Boot device and appdata, upload the files to your Nextcloud share and remove old backups that are x days old (by default keep the files that are not older than 14 days), unmount the above created directory and notify you when the backup is finished.

  • Like 2
  • Thanks 2
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.