:PROPERTIES: :ID: 56d784ed-a87c-441f-b819-73369760ca32 :END: #+title: borg-backup #+filetags: :backup: Borg (previously called Attic) is deduplicating backup software for various Unix-like operating systems. * Install borg on all machines that store data ([[id:70899526-8b7d-4976-94fc-cc07c41e550a][client]]1, client2 etc.) and on which data is to be stored (backup-[[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]]) ** command #+begin_src bash yay borg #+end_src * Borg installed ** clients *** [[id:d54bf885-a702-48bb-b108-e9e982bc5952][W0]] *** [[id:80a4104e-af18-4d90-a45e-2c92b51e8c0c][W10]] ** backup-server *** [[id:fbf9a139-a414-4349-b217-663f15e9a8bd][W11]] * Create [[id:422e07f8-c888-460f-849e-76d451946045][ssh]]-key and .ssh directory ** command #+begin_src bash mkdir -p ~/.ssh ssh-keygen #+end_src Note: Press 1x enter for save the file in ~/home//.ssh/id_rsa~, following enter two times the passphrase, which is created before in [[id:308a3798-0f57-4024-a561-c6d8153348e9][keepassxc]]. #+begin_src bash cat .ssh/id_rsa.pub cat .ssh/id_rsa.pub | ssh @ "cat >> .ssh/authorized_keys" #+end_src Note: Do this for all clients which want to save data. Note: Check on backup-server with ~cat ~/home//.ssh/authorized_keys~ whether the keys have been piped over. * Change the file on backup-server, which before created in ~/home//.ssh/authorized_keys~ and write following command before the corresponding ssh-key #+begin_src bash command="borg serve --restrict-to-path /home//backups/ --append-only" #+end_src * Create on client a backup directory and a backup.sh file #+begin_src bash mkdir -p backups touch backup.sh sudo nano backup.sh #+end_src For the last command you need [[id:673d1cb1-536b-42f1-a046-40a8937c4283][root]] priviliges or [[id:dc54334e-afa9-4a53-be91-1e90bc6bf8d0][sudo]]. Insert following script into the backup.sh file #+begin_src bash #!/bin/bash DATE=`date +"%Y-%m-%d"` REPOSITORY="ssh://@:22/~/backups/" export BORG_PASSPHRASE=" " borg create $REPOSITORY::$DATE /home// --exclude-caches #+end_src Make script executable #+begin_src bash chmod +x ./backup.sh #+end_src * Create on backup-server a backup directonary and for each client a folder inside the backup folder #+begin_src bash mkdir -p backups/ #+end_src Note: The name ~~ folder must be the same like the command in the ~/home//.ssh/authorized_keys~ file on the backup-server, which is written before the corresponding ssh-key * Create a borg repo for created client folder #+begin_src bash borg init --encryption=repokey backups/ #+end_src After enter two times the passphrase for each client. Choose yes/no if the passphrase should be displayed. * Create a backup The following command is listed in path ~/home//backups~ on each client #+begin_src bash ./backup.sh #+end_src Answer "yes" to fingerprint. Note: If the backup failed, change the owner/user for the folder, which want to be saved. #+begin_src bash chmod -r #+end_src ** List & [[id:c69a77dc-f87f-418c-9870-eedddc43be37][mount]] a backup for each client #+begin_src bash borg list /home//backups/ mkdir mnt borg mount /home//backups/ mnt/ #+end_src Enter the passphrase. * Restore backup To restore the backup the borg key and the corresponding passphrase is neccessary. Get the borg key on the backup-server from each client #+begin_src bash borg key export /home//backups/ key-export_ cat key-export_ rm key-export_ (after copy and saved on a extern hdd) #+end_src * Create a [[id:94b5e3fb-bbf9-40ec-902f-9e15c74c5f99][crontab]] as user #+begin_src bash crontab -e 0 2 * * * /home//backups/backup.sh #+end_src * Create a prune-backup.sh file for to automatically manage the created backups. #+begin_src bash #!/bin/bash # : export BORG_PASSPHRASE="" borg prune -v ~/backups/ \ --keep-daily=30 --keep-weekly=5 --keep-monthly=12 #+end_src Make script executable #+begin_src bash chmod +x prune-backup.sh ./prune-backup.sh #+end_src