#!/bin/ash

echo "backupinator :D"

if [ ! -d /in ] || [ ! -d /out ] || [ ! -d /keys ]; then
    echo "Please start this container with /in, /out and /keys mounted"
    exit 1
fi

tar czf /tmp/backup.tar.gz -C /in .

# encryption

openssl rand -out /tmp/secret.key 32
openssl enc -aes-256-cbc -pbkdf2 -iter 100000 -salt -pass file:/tmp/secret.key \
    -in /tmp/backup.tar.gz \
    -out /out/backup.tar.gz.enc

for keyfile in $(ls /keys); do
    tmpkey=$(mktemp)
    ssh-keygen -e -f "/keys/$keyfile" -m PKCS8 > "$tmpkey"
    openssl rsautl -encrypt -oaep -pubin -inkey "$tmpkey" \
        -in /tmp/secret.key \
        -out "/out/key-${keyfile%.*}.enc"
    rm $tmpkey
done