commit f5f6affaea8251f928a869c06518680d8bc946a9
Author: Vasili Sviridov <vasili@sviridov.ca>
Date:   Sun Dec 25 12:54:58 2022 -0800

    Initial import

diff --git a/backup-bitwarden.env b/backup-bitwarden.env
new file mode 100644
index 0000000..8d70b53
--- /dev/null
+++ b/backup-bitwarden.env
@@ -0,0 +1,3 @@
+ROOT_DIR=/opt/bitwardenrs
+S3_BUCKET=bitwarden.exceede.com
+DATABASE_URL=bitwarden
diff --git a/backup-bitwarden.service b/backup-bitwarden.service
new file mode 100644
index 0000000..b49496a
--- /dev/null
+++ b/backup-bitwarden.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Backup bitwarden configuration, data, and attachments to S3
+
+[Service]
+EnvironmentFile=/opt/backup/backup-bitwarden.env
+Type=oneshot
+ExecStart=/opt/backup/backup-bitwarden.sh
+WorkingDirectory=/opt/backup/staging/bitwarden
+Slice=backup.slice
+
+[Install]
+WantedBy=multi-user.target
diff --git a/backup-bitwarden.sh b/backup-bitwarden.sh
new file mode 100755
index 0000000..5132cb3
--- /dev/null
+++ b/backup-bitwarden.sh
@@ -0,0 +1,46 @@
+#!/bin/bash
+
+set -euo pipefail
+
+dumpfile="dump.sql.custom"
+
+tmpdir="$(mktemp -d -p "${PWD}")"
+
+function check_for_hash() {
+    local ret=0
+    echo "Checking if hash ${1} is present"
+    aws s3 ls "s3://${S3_BUCKET}/sums/${1}" || ret=$?
+    echo "Returned: ${ret}"
+    return $ret
+}
+
+function create_and_upload() {
+    local sum=$1
+    local backup_file
+    backup_file="$(date +%Y/%m/backup-%d-%H-%M-%S.tar.gz)"
+    tar -zc . | aws s3 cp - "s3://${S3_BUCKET}/${backup_file}"
+    aws s3api put-object --bucket "${S3_BUCKET}" --key "sums/${sum}"
+}
+
+chmod ugo+wX "${tmpdir}"
+
+pushd "${tmpdir}"
+
+rm -rf "${dumpfile}"
+touch "${dumpfile}"
+chmod ugo+w "${dumpfile}"
+sudo -u postgres -- pg_dump --no-owner --no-privileges --clean --if-exists --quote-all-identifiers "${DATABASE_URL}" -F plain -f "${dumpfile}"
+
+cp -r "${ROOT_DIR}/data" "./data"
+cp "${ROOT_DIR}/.env" "./.env"
+cp "${ROOT_DIR}/bitwarden.exceede.com.conf" "./bitwarden.exceede.com.conf"
+
+# remove icon_cache
+rm -rf ./data/icon_cache
+
+sum=$(find . -type f -exec md5sum {} + | LC_ALL=C sort | md5sum | cut -d ' ' -f 1)
+
+check_for_hash "$sum" || create_and_upload "${sum}"
+
+popd
+rm -rf "${tmpdir}"
diff --git a/backup-bitwarden.timer b/backup-bitwarden.timer
new file mode 100644
index 0000000..b9452a4
--- /dev/null
+++ b/backup-bitwarden.timer
@@ -0,0 +1,10 @@
+[Unit]
+Description=Runs bitwarden backup on a schedule
+
+[Timer]
+Unit=backup-bitwarden.service
+OnCalendar=daily
+Persistent=true
+
+[Install]
+WantedBy=timers.target
diff --git a/backup.slice b/backup.slice
new file mode 100644
index 0000000..143f94e
--- /dev/null
+++ b/backup.slice
@@ -0,0 +1,8 @@
+[Unit]
+Description=Slice for backups
+DefaultDependencies=no
+Before=slices.target
+
+[Slice]
+CPUQuota=80%
+MemoryLimit=1G
diff --git a/staging/bitwarden/.gitkeep b/staging/bitwarden/.gitkeep
new file mode 100644
index 0000000..e69de29