Initial commit: BC backup project

2026-02-09 18:57:39 +01:00
commit d35806b8e1
10 changed files with 2258 additions and 0 deletions
--- a/QUICKSTART.md
+++ b/QUICKSTART.md
@@ -0,0 +1,167 @@
+# Quick Start Guide - BC Backup System
+
+## 5-Minute Setup
+
+### 1. Install Dependencies
+
+```bash
+./setup.sh
+```
+
+### 2. Create Azure AD App
+
+1. Go to [Azure Portal](https://portal.azure.com) → Azure AD → App registrations → New
+2. Name: `BC-Backup-Service`
+3. Note: **Application ID** and **Tenant ID**
+4. Create **Client Secret** (save immediately!)
+5. Add API Permission: **Dynamics 365 Business Central** → **Automation.ReadWrite.All**
+6. Click **Grant admin consent**
+
+### 3. Create S3 Bucket with Object Lock
+
+**AWS:**
+```bash
+aws s3api create-bucket \
+  --bucket my-bc-backups \
+  --region us-east-1 \
+  --object-lock-enabled-for-bucket
+
+aws s3api put-object-lock-configuration \
+  --bucket my-bc-backups \
+  --object-lock-configuration '{
+    "ObjectLockEnabled": "Enabled",
+    "Rule": {"DefaultRetention": {"Mode": "COMPLIANCE", "Days": 30}}
+  }'
+```
+
+**MinIO:**
+```bash
+mc mb myminio/my-bc-backups --with-lock
+mc retention set --default COMPLIANCE "30d" myminio/my-bc-backups
+```
+
+### 4. Configure
+
+```bash
+nano bc-backup.conf
+```
+
+Minimum required:
+```bash
+AZURE_TENANT_ID="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+AZURE_CLIENT_ID="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+AZURE_CLIENT_SECRET="your-secret-here"
+BC_ENVIRONMENT_NAME="Production"
+ENCRYPTION_PASSPHRASE="$(openssl rand -base64 32)"  # Generate strong key
+S3_BUCKET="my-bc-backups"
+S3_ENDPOINT="https://s3.amazonaws.com"
+AWS_ACCESS_KEY_ID="AKIAXXXXXXXXXXXXXXXX"
+AWS_SECRET_ACCESS_KEY="your-secret-key"
+AWS_DEFAULT_REGION="us-east-1"
+```
+
+**IMPORTANT**: Save your `ENCRYPTION_PASSPHRASE` in a password manager!
+
+### 5. Test Configuration
+
+```bash
+./test-config.sh
+```
+
+### 6. Test Backup
+
+```bash
+./bc-backup.sh
+```
+
+Watch logs:
+```bash
+tail -f logs/backup.log
+```
+
+### 7. Schedule Hourly Backups
+
+```bash
+crontab -e
+```
+
+Add:
+```
+0 * * * * /home/malin/c0ding/bcbak/bc-backup.sh >> /home/malin/c0ding/bcbak/logs/cron.log 2>&1
+```
+
+## Done!
+
+Your backups will now run every hour automatically.
+
+---
+
+## Common Commands
+
+```bash
+# View latest backup log
+tail -100 logs/backup.log
+
+# List backups in S3
+aws s3 ls s3://my-bc-backups/backups/ --endpoint-url https://s3.amazonaws.com
+
+# Test configuration
+./test-config.sh
+
+# Decrypt a backup
+./decrypt-backup.sh backup.bacpac.gpg
+
+# Check cron jobs
+crontab -l
+
+# View cron logs
+tail -f logs/cron.log
+```
+
+## Restore Process
+
+1. Download encrypted backup from S3
+2. Decrypt: `./decrypt-backup.sh backup.bacpac.gpg`
+3. Import to Azure SQL with SqlPackage
+4. Contact Microsoft to connect BC
+
+See [README.md](README.md) for detailed instructions.
+
+## Troubleshooting
+
+| Issue | Solution |
+|-------|----------|
+| Authentication failed | Check Azure AD credentials, verify API permissions granted |
+| Export not authorized | Only Production environments with paid subscriptions can export |
+| Object Lock error | Bucket must be created with Object Lock enabled |
+| Upload failed | Verify S3 credentials and bucket name |
+
+Full troubleshooting guide in [README.md](README.md).
+
+## Important Notes
+
+- **Encryption passphrase**: Store securely! Can't decrypt without it
+- **API limit**: BC allows max 10 exports per month (script reuses recent exports)
+- **Export time**: Database exports take 15-60 minutes
+- **Immutability**: Files can't be deleted for 30 days (by design)
+- **Cost**: Monitor S3 storage costs (hourly backups = ~720 files/month)
+
+## File Structure
+
+```
+bcbak/
+├── bc-backup.sh              # Main script (run this)
+├── bc-export.ps1             # BC export logic
+├── bc-backup.conf            # Your config (secret!)
+├── decrypt-backup.sh         # Decrypt backups
+├── test-config.sh            # Validate setup
+├── setup.sh                  # Install dependencies
+├── README.md                 # Full documentation
+└── logs/                     # Backup logs
+```
+
+## Need Help?
+
+1. Check `logs/backup.log` for errors
+2. Run `./test-config.sh` to validate setup
+3. Review [README.md](README.md) troubleshooting section