brain initiation
This commit is contained in:
112
20230607105613-borg_backup.org
Normal file
112
20230607105613-borg_backup.org
Normal file
@@ -0,0 +1,112 @@
|
||||
:PROPERTIES:
|
||||
:ID: 56d784ed-a87c-441f-b819-73369760ca32
|
||||
:END:
|
||||
#+title: borg-backup
|
||||
#+filetags: :backup:
|
||||
|
||||
Borg (previously called Attic) is deduplicating backup software for various Unix-like operating systems.
|
||||
|
||||
* Install borg on all machines that store data ([[id:70899526-8b7d-4976-94fc-cc07c41e550a][client]]1, client2 etc.) and on which data is to be stored (backup-[[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]])
|
||||
** command
|
||||
#+begin_src bash
|
||||
yay borg
|
||||
#+end_src
|
||||
* Borg installed
|
||||
** clients
|
||||
*** [[id:d54bf885-a702-48bb-b108-e9e982bc5952][W0]]
|
||||
*** [[id:80a4104e-af18-4d90-a45e-2c92b51e8c0c][W10]]
|
||||
** backup-server
|
||||
*** [[id:fbf9a139-a414-4349-b217-663f15e9a8bd][W11]]
|
||||
* Create [[id:422e07f8-c888-460f-849e-76d451946045][ssh]]-key and .ssh directory
|
||||
** command
|
||||
#+begin_src bash
|
||||
mkdir -p ~/.ssh
|
||||
ssh-keygen
|
||||
#+end_src
|
||||
Note: Press 1x enter for save the file in ~/home/<user>/.ssh/id_rsa~, following enter two times the passphrase, which is created before in [[id:308a3798-0f57-4024-a561-c6d8153348e9][keepassxc]].
|
||||
|
||||
#+begin_src bash
|
||||
cat .ssh/id_rsa.pub
|
||||
cat .ssh/id_rsa.pub | ssh <user>@<client> "cat >> .ssh/authorized_keys"
|
||||
#+end_src
|
||||
Note: Do this for all clients which want to save data.
|
||||
Note: Check on backup-server with ~cat ~/home/<user>/.ssh/authorized_keys~ whether the keys have been piped over.
|
||||
* Change the file on backup-server, which before created in ~/home/<user>/.ssh/authorized_keys~ and write following command before the corresponding ssh-key
|
||||
#+begin_src bash
|
||||
command="borg serve --restrict-to-path /home/<user>/backups/<client> --append-only"
|
||||
#+end_src
|
||||
* Create on client a backup directory and a backup.sh file
|
||||
#+begin_src bash
|
||||
mkdir -p backups
|
||||
touch backup.sh
|
||||
sudo nano backup.sh
|
||||
#+end_src
|
||||
For the last command you need [[id:673d1cb1-536b-42f1-a046-40a8937c4283][root]] priviliges or [[id:dc54334e-afa9-4a53-be91-1e90bc6bf8d0][sudo]].
|
||||
Insert following script into the backup.sh file
|
||||
#+begin_src bash
|
||||
#!/bin/bash
|
||||
DATE=`date +"%Y-%m-%d"`
|
||||
REPOSITORY="ssh://<user>@<ip-adress>:22/~/backups/<client>"
|
||||
export BORG_PASSPHRASE="<which is created before> "
|
||||
borg create $REPOSITORY::$DATE /home/<user>/<path_which_want_to_be_saved> --exclude-caches
|
||||
#+end_src
|
||||
Make script executable
|
||||
#+begin_src bash
|
||||
chmod +x ./backup.sh
|
||||
#+end_src
|
||||
* Create on backup-server a backup directonary and for each client a folder inside the backup folder
|
||||
#+begin_src bash
|
||||
mkdir -p backups/<for_each_client>
|
||||
#+end_src
|
||||
Note: The name ~<for_each_client>~ folder must be the same like the command in the ~/home/<user>/.ssh/authorized_keys~ file on the backup-server, which is written before the corresponding ssh-key
|
||||
* Create a borg repo for created client folder
|
||||
#+begin_src bash
|
||||
borg init --encryption=repokey backups/<for_each_client>
|
||||
#+end_src
|
||||
After enter two times the passphrase for each client. Choose yes/no if the passphrase should be displayed.
|
||||
* Create a backup
|
||||
The following command is listed in path ~/home/<user>/backups~ on each client
|
||||
#+begin_src bash
|
||||
./backup.sh
|
||||
#+end_src
|
||||
Answer "yes" to fingerprint.
|
||||
Note: If the backup failed, change the owner/user for the folder, which want to be saved.
|
||||
#+begin_src bash
|
||||
chmod -r <folder_which_need_permission>
|
||||
#+end_src
|
||||
** List & [[id:c69a77dc-f87f-418c-9870-eedddc43be37][mount]] a backup for each client
|
||||
#+begin_src bash
|
||||
borg list /home/<user>/backups/<client>
|
||||
mkdir mnt
|
||||
borg mount /home/<user>/backups/<client> mnt/
|
||||
#+end_src
|
||||
Enter the passphrase.
|
||||
* Restore backup
|
||||
To restore the backup the borg key and the corresponding passphrase is neccessary.
|
||||
Get the borg key on the backup-server from each client
|
||||
#+begin_src bash
|
||||
borg key export /home/<user>/backups/<client> key-export_<client>
|
||||
cat key-export_<client>
|
||||
rm key-export_<client> (after copy and saved on a extern hdd)
|
||||
#+end_src
|
||||
* Create a [[id:94b5e3fb-bbf9-40ec-902f-9e15c74c5f99][crontab]] as user
|
||||
#+begin_src bash
|
||||
crontab -e
|
||||
0 2 * * * /home/<user>/backups/backup.sh
|
||||
#+end_src
|
||||
* Create a prune-backup.sh file for to automatically manage the created backups.
|
||||
#+begin_src bash
|
||||
#!/bin/bash
|
||||
|
||||
# <client>:
|
||||
export BORG_PASSPHRASE="<which_is_created_before>"
|
||||
borg prune -v ~/backups/<client> \
|
||||
--keep-daily=30
|
||||
--keep-weekly=5
|
||||
--keep-monthly=12
|
||||
#+end_src
|
||||
Make script executable
|
||||
#+begin_src bash
|
||||
chmod +x prune-backup.sh
|
||||
./prune-backup.sh
|
||||
#+end_src
|
||||
Reference in New Issue
Block a user