From d0954ae5cb3e2de48c884c5f600544beaff486fb Mon Sep 17 00:00:00 2001
From: Lutz Bender <github@lutz-bender.de>
Date: Tue, 21 Oct 2025 12:56:12 +0200
Subject: [PATCH 1/3] change file suffix to "openwb-backup"

---
 runs/backup.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/runs/backup.sh b/runs/backup.sh
index 48a685a33f..04926ed6a5 100755
--- a/runs/backup.sh
+++ b/runs/backup.sh
@@ -21,7 +21,7 @@ DB_FILES=(
 DB_TIMEOUT=5
 
 useExtendedFilename=$1
-FILENAMESUFFIX=".tar.gz"
+FILENAMESUFFIX=".openwb-backup"
 
 generate_filename() {
 	# generate filename
@@ -30,7 +30,7 @@ generate_filename() {
 	if ((useExtendedFilename == 1)); then
 		# only use characters supported in most OS!
 		# for Win see https://learn.microsoft.com/en-us/rest/api/storageservices/naming-and-referencing-shares--directories--files--and-metadata
-		FILENAME="openWB_backup_$(date +"%Y-%m-%d_%H-%M-%S")"
+		FILENAME="$(date +"%Y-%m-%d_%H-%M-%S")"
 	else
 		FILENAME="backup"
 	fi

From 1b16af051f533a6b32df8a9365693aa522ba1fed Mon Sep 17 00:00:00 2001
From: Lutz Bender <github@lutz-bender.de>
Date: Tue, 21 Oct 2025 12:56:26 +0200
Subject: [PATCH 2/3] add version to filename

---
 runs/backup.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/runs/backup.sh b/runs/backup.sh
index 04926ed6a5..ea23c3382d 100755
--- a/runs/backup.sh
+++ b/runs/backup.sh
@@ -30,7 +30,7 @@ generate_filename() {
 	if ((useExtendedFilename == 1)); then
 		# only use characters supported in most OS!
 		# for Win see https://learn.microsoft.com/en-us/rest/api/storageservices/naming-and-referencing-shares--directories--files--and-metadata
-		FILENAME="$(date +"%Y-%m-%d_%H-%M-%S")"
+		FILENAME="$(date +"%Y-%m-%d_%H-%M-%S")_$(<"$OPENWBBASEDIR"/web/version)"
 	else
 		FILENAME="backup"
 	fi

From 08da9ce19da132cf8014165ee919034d58781c02 Mon Sep 17 00:00:00 2001
From: Lutz Bender <github@lutz-bender.de>
Date: Tue, 21 Oct 2025 12:56:49 +0200
Subject: [PATCH 3/3] optionally encrypt backup file

---
 runs/backup.sh | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/runs/backup.sh b/runs/backup.sh
index ea23c3382d..9e28c7319c 100755
--- a/runs/backup.sh
+++ b/runs/backup.sh
@@ -9,6 +9,7 @@ TEMPDIR=$(mktemp -d --tmpdir openwb_backup_XXXXXX)
 LOGDIR="$OPENWBBASEDIR/data/log"
 LOGFILE="$LOGDIR/backup.log"
 HOMEDIR="/home/openwb"
+KEYFILE="backup.key"
 VAR_LIB="/var/lib"
 
 # Mosquitto DB files to monitor
@@ -245,6 +246,20 @@ create_archive() {
 		gzip --verbose --suffix "$FILENAMESUFFIX" "$BACKUPFILE"
 	}
 
+	encrypt_backup() {
+		# encrypt backup file with gpg
+		if [[ -f "$HOMEDIR/$KEYFILE" ]]; then
+			echo "encrypting backup file"
+			gpg --batch --yes --passphrase-file "$HOMEDIR/$KEYFILE" \
+				--symmetric --cipher-algo AES256 "$BACKUPFILE$FILENAMESUFFIX"
+			echo "removing unencrypted backup file"
+			rm -v "$BACKUPFILE$FILENAMESUFFIX"
+			FILENAMESUFFIX="$FILENAMESUFFIX.gpg"
+		else
+			echo "No key found at '$HOMEDIR/$KEYFILE', skipping encryption!"
+		fi
+	}
+
 	fix_permissions() {
 		echo "setting permissions of new backup file"
 		sudo chown openwb:www-data "$BACKUPFILE$FILENAMESUFFIX"
@@ -254,6 +269,7 @@ create_archive() {
 	create_backup
 	calculate_checksums
 	cleanup_and_compress
+	encrypt_backup
 	fix_permissions
 }