#!/bin/bash -v
# The goal of this is to build a little tree with some files, dirs and subdirs.
# In plain, then encrypt them to create a remote backup, but using ``cp -al''
# on remote for keeping old version of tree. So moving ``/'' to ``/backups/root''
# on remote host.

# This script use 6 minutes for doing his demo. This make things more readable
# because `ls` show minutes by defaults (not seconds). For impatients you could
# replace ``sleep 60'' by ``sleep 1'' at top of loop.
# Once done, you could browse created and mounted folders in an interactive bash
# session. Everything will be unmounted and removed when exit.

shopt -s extglob

delay=${1:-61} steps=${2:-5} # 1min between syncs because ls default granularity

TEMPDIR=$(mktemp -d) || exit 1
cd "$TEMPDIR" || exit 1
password='What a strong pass phrase!'

mkdir -p source/dirs{1..5}/subdir{1..5} cryptedSrce    remote UnencryptedRemote

# Creating some arbitrary files (distributing words from bash man page
# into 155 (differents) files ($(( 5 **3+ 5 **2+ 5 )))
# This doesn't really matter in crypto-backup process. Just having stuff for.
read -t .$((1000000-10#${EPOCHREALTIME#*.})) _;echo ${EPOCHREALTIME}
for target in source/{,dirs{1..5}/{,subdir{1..5}/}}file{{a..d},EbutWithABiggerFileName}; do
    dd count=4 2>/dev/null |
	xargs echo 2>/dev/null |
	fold -sw 68 >$target 
done < <(man -Len -Pcol\ -b bash ) 
# Then list of some words for doing some changes, later...
mapfile  -t words < <( find source/ -type f -exec cat {} + |  tr \  \\n |
	sort | uniq -c | sed 's/^ *[7-9][0-9] \([a-z]\{6,99\}\)$/\1/p;d')
printf 'Differents words to edits: %d:\n  %s\n' ${#words[@]} "${words[*]}"
# End of build 155 files

##########
#  Crypto-backup initialisation start here:
##########
# Master key creation
gocryptfs -q --init --reverse source <<<"$password"
# Mount cryptfs for data encryption to mountpoint
gocryptfs -q --reverse source cryptedSrce <<<"$password"


## To be done on LVM snapshots if used!
mkdir -p source/backups/root
## Hopefully inode number are same on both side of gocryptfs
inum=$(stat -c %i source/backups/root)
## Storing encrypted version of /backup/root
target=$(find cryptedSrce/ -mindepth 2 -maxdepth 2 -type d  -inum $inum )

# 1st synchronization: ( Everything, INCLUDING /backup/root )
tar -cplC cryptedSrce .| tar -xpC remote/

# Then... move everything into /backup/root, in encrypted filesystem
# re-using same .diriv file, required a 1st bakup level
target=${target#*/}
bash <<EOInitRemote
    shopt -s extglob
    rm -f "remote/$target/gocryptfs.diriv"       # Align 1st .diriv to path/root
    cp -a remote/gocryptfs.diriv "remote/$target/"
    mv -t "remote/$target" remote/!("${target%/*}"|gocryptfs*) 
EOInitRemote

# And finally... ( or simply remove LVM snapshot )
rmdir source/backups{/root,}

##########
# End of initialisation.
##########


# Mount remote (via sshfs, nfs or else...) to unencrypt backups
gocryptfs -q remote UnencryptedRemote <<<"$password"

# Little check for presence of one file into one subdir.
ls -l UnencryptedRemote/backups/root/dirs1/filea  || {
    echo "ERROR!!! root/dirs1/filea not found."
    # should exit here!?
    exit 1
}

##########
# Periodically... (each minute, for next 5 minutes...)
##########
declare -i alledit=0 filesInSource filesInBackup
for ((i=0;i<steps && i<${#words[@]};i++)) ; do
    echo "Doing edit before rsync, left $((steps-i)) step..."
    read -sn 1 -t $delay.$((1000000-10#${EPOCHREALTIME#*.})) -p \
	 "Hit any key to not wait for $delay seconds..."
    printf '\r\e[K'
    # Doing some arbitrary edits
    word=$((RANDOM%${#words[@]}))
    # List of files who contain '$word' (avoid sed changing mtime of all files)
    IFS='' mapfile -d '' -t edited < <(
	find source/ -type f -exec grep -Zl "\\b${words[word]}\\b" {} +
    )
    # Make word uppercase and add a space
    sed -e "s/${words[word]}\\b/${words[word]^^} /g" -i "${edited[@]}"
    printf 'Edited: "s/%s/%s /g" in %d files:\n%s\n' "${words[word]}" \
	   "${words[word]^^}" "${#edited[@]}" "${edited[*]/#source\/}"
    cwords+=(${words[word]})  # Keep list of edited words for highlight by sed
    unset words[word]         # Avoid random showing two time same word.
    words=("${words[@]}")
    alledit+=${#edited[@]}

    # Periodic sync start here:
    # On local side, compute encrypted version of timestamped root folder
    # ( To be done on LVM snapshots if used ... )
    printf -v rootver 'root-%(%F-%Hh%Mm%Ss)T'
    mkdir -p source/backups/$rootver
    inum=$(stat -c %i source/backups/$rootver)
    cptrgt=$(find cryptedSrce/${target%/*} -mindepth 1 -maxdepth 1 -inum $inum)
    ## We have our crypted version of "$rootver", we don't need this anymore!
    rmdir source/backups{/$rootver,}
    # On remote side, CREATE (empty) encrypted folder, then cp -al (with .diriv)
    bash <<EORemoteScript
	mkdir "remote/${cptrgt#*/}"
	cp -alt "remote/${cptrgt#*/}"  "remote/$target"/*
EORemoteScript
    rsync -ax --delete cryptedSrce/. "remote/${target}"/.
done

######
# That's all folks!!
#####

echo "Showing changes in two differents files:"
# Sort files by count of different inodes in backups
# the store 5 firsts entries into $mostEdited array
mapfile -t mostEdited  < <(
    find UnencryptedRemote/backups -type f -printf '%i %p\n' |
	sed 's# Unenc.*kups/root[^/]*/# #' |
	sort -u -k 2 -k 1 |
	sed 's/^ *[0-9]\+ //' |
	uniq -c |
	sort -rn |
	head -n 5
)
# Highlight word in lowercase and uppercase
cwords="${cwords[*]} ${cwords[*]^^}" seen=()
for i in 0 1; do # For 2 most edited files,
    read -r num file <<<${mostEdited[i]}
    printf '\nShow diffs in %d differents backups files from "%s":\n' \
	   $num "${file^^}"
    
    printf 'ls -ltr {source,UnencryptedRemote/backups/*}/%s\n' "$file"
    ls -ltr {source,UnencryptedRemote/backups/*}/$file

    files=() # List files by dates, but only 1 by inode
    while read -r inum file; do
	[[ -v seen[inum] ]] || files+=("$file")
	seen[inum]=1
    done < <(ls -itr UnencryptedRemote/backups/*/$file)
    # Show diffs by pairs in date order.
    for ((i=0;i<${#files[@]}-1;i++)); do
	echo diff -u "${files[i]}" "${files[i+1]}"
	diff --color=always --palette='ad=1;4:de=2' -u2 \
	     "${files[i]}" "${files[i+1]}" |
	    sed "/m[+-]/s/\b\(${cwords// /\\\|}\)\b/\o33[7m&\o33[27m/g"
    done
done

# Some stats:
filesInSource=$(  find source/ -type f | wc -l  )
# Counting filesInBackup and inodesInBackup
while IFS== read -r fld val;do
      printf -v ${fld}sInBackup %d $val;done < <(
	  find UnencryptedRemote/ -type f -printf %i\\n |
	      tee >(
		  sort -u | echo inode=$(wc -l)
	      ) >(
		  echo file=$(wc -l)
	      ) |
	      sed -ne /=/p
      )
backupDirs=$(
    find UnencryptedRemote/backups -maxdepth 1 -mindepth 1 -name root* -type d |
	wc -l
	  )

printf '\nAfter %d edits in %s steps, there are:\n' $alledit $steps ;\
printf '  - %8s %s\n' $filesInSource 'files in source,' \
       $inodesInBackup 'different files in backup and' \
       $filesInBackup 'visibles entries in backup, in' \
       $backupDirs 'diffents "/root" backups.'

echo "Running interactive bash for any purpose..."
echo "U could try some:"
printf 'ls -ltr {source,UnencryptedRemote/backups/*}/"%s"\n' \
       "${mostEdited[@]##* }"

export target words cwords
declare -p target
echo "Current folder will be destroyed when exit."
bash -i

fusermount -u UnencryptedRemote
fusermount -u cryptedSrce


cd || exit 1
rm -fR "$TEMPDIR"