#!/usr/bin/env bash usage() { # shellcheck disable=SC2016 echo 'encrypted-dir-archive <dir> This script streams an gpg-encrypted byte-stream of a zstd-compressed \ tarball this can be redirected to a file for an encrypted backup. Very roughly, this is a small wrapper around `tar cf . | zstd | gpg --encrypt` \ so you can go backwards to reverse the process `gpg --decrypt | zstd -d | tar xf`. You can stream over ssh as a remote backup by piping to something like this: \ `ssh "$HOST" "cat - > '\$REMOTE_FILE'"`'. } if [ "$1" = '-h' ] || [ "$1" = "--help" ]; then usage exit 0 fi dir="$1" if [ -z "$dir" ]; then echo "no directory argument provided" >&2 usage exit 1 fi if [ ! -d "$dir" ]; then echo "'$dir' is not a directory" >&2 usage exit 2 fi # go to directory containing target directory parent="$(dirname "$dir")" pushd "$parent" >/dev/null || { echo "failed to cd to '$parent'" >&2; exit 3; } # https://stackoverflow.com/a/30520299 if [ -t 1 ]; then echo "not dumping encrypted data to terminal" exit 4 fi tar cf - "$(basename "$dir")" \ | zstd --ultra -T2 -22 \ | gpg --encrypt --recipient daniel@lyte.dev popd || echo "failed to return to original directory" >&2