CLN static channel (emergency.recover) backup to Backblaze when changes

cln-backup.service

[Unit]
Description=Core Lightning Backup
After=network.target

[Service]
ExecStart=/opt/lightning/backup.sh
User=bitcoin
Group=bitcoin
Restart=on-failure
RestartSec=20

# Hardening measures
####################

# Provide a private /tmp and /var/tmp.
PrivateTmp=true

# Use a new /dev namespace only populated with API pseudo devices
# such as /dev/null, /dev/zero and /dev/random.
PrivateDevices=true

# Deny the creation of writable and executable memory mappings.
MemoryDenyWriteExecute=true

[Install]
WantedBy=multi-user.target

cln-backup.sh

#!/bin/bash

# Safety bash script options
# -e causes a bash script to exit immediately when a command fails
# -u causes the bash shell to treat unset variables as an error and exit immediately.
set -eu

# The script waits for a change in /home/bitcoin/.lightning/bitcoin/emergency.recover.
# When a change happens, it creates a backup of the file locally
#   on a storage device and/or remotely in a GitHub repo and/or to BackBlaze S3 compatible storage

LOCAL_BACKUP_ENABLED=false
REMOTE_BACKUP_ENABLED=false
BACKBLAZE_BACKUP_ENABLED=true
DEADMANS_SNITCH_ENABLED=true

# Locations of source SCB file and the backup target directories (local and remote)
SCB_SOURCE_DIR="/home/bitcoin/.lightning/bitcoin"
SCB_SOURCE_FILENAME="emergency.recover2"
SCB_SOURCE_FILE="$SCB_SOURCE_DIR/$SCB_SOURCE_FILENAME"
LOCAL_BACKUP_DIR="/mnt/static-channel-backup-external"
REMOTE_BACKUP_DIR="/data/cln/remote-lnd-backup-repo"
BACKBLAZE_BUCKET="xxxxxxx"
DEADMANS_SNITCH_URL="https://nosnch.in/xxxxxxx"

# Local backup function
run_local_backup_on_change () {
  echo "Running local backup"
  echo "Copying backup file to local storage device..."
  echo "$1"
  cp "$SCB_SOURCE_FILE" "$1"
  echo "Success! The file is now locally backed up!"
}

# Remote backup function
run_remote_backup_on_change () {
  echo "Running remote backup"
  echo "Entering Git repository..."
  cd $REMOTE_BACKUP_DIR || exit
  echo "Making a timestamped copy of channel.backup..."
  echo "$1"
  cp "$SCB_SOURCE_FILE" "$1"
  echo "Committing changes and adding a message"
  git add .
  git commit -m "Static Channel Backup $(date +"%Y%m%d-%H%M%S")"
  echo "Pushing changes to remote repository..."
  git push --set-upstream origin master
  echo "Success! The file is now remotely backed up!"
}

# Backblaze backup function
run_backblaze_backup_on_change () {
  echo "Running backblaze backup"
  b2 upload-file "$BACKBLAZE_BUCKET" "$SCB_SOURCE_FILE" "$(date +"%Y%m%d-%H%M%S")$SCB_SOURCE_FILENAME"
  echo "Success! The file is now remotely backed up!"
}

call_deadmans_snitch () {
  echo "Calling Deadman's Snitch"
  OUTPUT=$(curl -d "m=Ran backup" "$DEADMANS_SNITCH_URL")
  echo "They said: $OUTPUT"
}

# Monitoring function
run () {
  while true; do

      echo "Wating for $SCB_SOURCE_FILENAME to change"
      inotifywait $SCB_SOURCE_FILE
      echo "$SCB_SOURCE_FILENAME has been changed!"

      LOCAL_BACKUP_FILE="$LOCAL_BACKUP_DIR/$(date +"%Y%m%d-%H%M%S")$SCB_SOURCE_FILENAME"
      REMOTE_BACKUP_FILE="$REMOTE_BACKUP_DIR/$(date +"%Y%m%d-%H%M%S")$SCB_SOURCE_FILENAME"

      if [ "$LOCAL_BACKUP_ENABLED" == true ]; then
        run_local_backup_on_change "$LOCAL_BACKUP_FILE"
      fi

      if [ "$REMOTE_BACKUP_ENABLED" == true ]; then
        run_remote_backup_on_change "$REMOTE_BACKUP_FILE"
      fi

      if [ "$BACKBLAZE_BACKUP_ENABLED" == true ]; then
        run_backblaze_backup_on_change
      fi

      if [ "$DEADMANS_SNITCH_ENABLED" == true ]; then
        call_deadmans_snitch
      fi

  done
}

run