1. UA2WEB
  2. Untitled project
  3. duplicity-fabfile

Overview

HTTPS SSH
Architecture

    Each source uses its own GPG key. This way one compromised
server would not lead to any other compromises.


Configuration

 1. Generate GPG key for install (ex: http://www.cyberciti.biz/tips/linux-how-to-create-our-own-gnupg-privatepublic-key.html)
 2. cp example-settings.py to settings.py and edit env.RECEPIENTS_KEYS, env.GPG_PASSPHRASE (for 1st key)
 3. Import recepient keys (public part) via gpg --import <file>
 4. Configure env.BACKUP_DIRS, env.BACKUP_EXCLUDE_DIRS
 5. Try to run:
    fab backup

 
Sudo config

 If there are need to exec via Sudo + AWS, this is recommended setup:

Add this to /etc/sudoers:
  Defaults        env_keep += "AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY PASSPHRASE"


GPG trust

 For every recepient key:
 1. gpg --import <keyfile>
 2. gpg --edit <key_id>
     trust
     5 = I trust ultimately