113 lines
4.2 KiB
Org Mode
113 lines
4.2 KiB
Org Mode
:PROPERTIES:
|
|
:ID: 56d784ed-a87c-441f-b819-73369760ca32
|
|
:END:
|
|
#+title: borg-backup
|
|
#+filetags: :backup:
|
|
|
|
Borg (previously called Attic) is deduplicating backup software for various Unix-like operating systems.
|
|
|
|
* Install borg on all machines that store data ([[id:70899526-8b7d-4976-94fc-cc07c41e550a][client]]1, client2 etc.) and on which data is to be stored (backup-[[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]])
|
|
** command
|
|
#+begin_src bash
|
|
yay borg
|
|
#+end_src
|
|
* Borg installed
|
|
** clients
|
|
*** [[id:d54bf885-a702-48bb-b108-e9e982bc5952][W0]]
|
|
*** [[id:80a4104e-af18-4d90-a45e-2c92b51e8c0c][W10]]
|
|
** backup-server
|
|
*** [[id:fbf9a139-a414-4349-b217-663f15e9a8bd][W11]]
|
|
* Create [[id:422e07f8-c888-460f-849e-76d451946045][ssh]]-key and .ssh directory
|
|
** command
|
|
#+begin_src bash
|
|
mkdir -p ~/.ssh
|
|
ssh-keygen
|
|
#+end_src
|
|
Note: Press 1x enter for save the file in ~/home/<user>/.ssh/id_rsa~, following enter two times the passphrase, which is created before in [[id:308a3798-0f57-4024-a561-c6d8153348e9][keepassxc]].
|
|
|
|
#+begin_src bash
|
|
cat .ssh/id_rsa.pub
|
|
cat .ssh/id_rsa.pub | ssh <user>@<client> "cat >> .ssh/authorized_keys"
|
|
#+end_src
|
|
Note: Do this for all clients which want to save data.
|
|
Note: Check on backup-server with ~cat ~/home/<user>/.ssh/authorized_keys~ whether the keys have been piped over.
|
|
* Change the file on backup-server, which before created in ~/home/<user>/.ssh/authorized_keys~ and write following command before the corresponding ssh-key
|
|
#+begin_src bash
|
|
command="borg serve --restrict-to-path /home/<user>/backups/<client> --append-only"
|
|
#+end_src
|
|
* Create on client a backup directory and a backup.sh file
|
|
#+begin_src bash
|
|
mkdir -p backups
|
|
touch backup.sh
|
|
sudo nano backup.sh
|
|
#+end_src
|
|
For the last command you need [[id:673d1cb1-536b-42f1-a046-40a8937c4283][root]] priviliges or [[id:dc54334e-afa9-4a53-be91-1e90bc6bf8d0][sudo]].
|
|
Insert following script into the backup.sh file
|
|
#+begin_src bash
|
|
#!/bin/bash
|
|
DATE=`date +"%Y-%m-%d"`
|
|
REPOSITORY="ssh://<user>@<ip-adress>:22/~/backups/<client>"
|
|
export BORG_PASSPHRASE="<which is created before> "
|
|
borg create $REPOSITORY::$DATE /home/<user>/<path_which_want_to_be_saved> --exclude-caches
|
|
#+end_src
|
|
Make script executable
|
|
#+begin_src bash
|
|
chmod +x ./backup.sh
|
|
#+end_src
|
|
* Create on backup-server a backup directonary and for each client a folder inside the backup folder
|
|
#+begin_src bash
|
|
mkdir -p backups/<for_each_client>
|
|
#+end_src
|
|
Note: The name ~<for_each_client>~ folder must be the same like the command in the ~/home/<user>/.ssh/authorized_keys~ file on the backup-server, which is written before the corresponding ssh-key
|
|
* Create a borg repo for created client folder
|
|
#+begin_src bash
|
|
borg init --encryption=repokey backups/<for_each_client>
|
|
#+end_src
|
|
After enter two times the passphrase for each client. Choose yes/no if the passphrase should be displayed.
|
|
* Create a backup
|
|
The following command is listed in path ~/home/<user>/backups~ on each client
|
|
#+begin_src bash
|
|
./backup.sh
|
|
#+end_src
|
|
Answer "yes" to fingerprint.
|
|
Note: If the backup failed, change the owner/user for the folder, which want to be saved.
|
|
#+begin_src bash
|
|
chmod -r <folder_which_need_permission>
|
|
#+end_src
|
|
** List & [[id:c69a77dc-f87f-418c-9870-eedddc43be37][mount]] a backup for each client
|
|
#+begin_src bash
|
|
borg list /home/<user>/backups/<client>
|
|
mkdir mnt
|
|
borg mount /home/<user>/backups/<client> mnt/
|
|
#+end_src
|
|
Enter the passphrase.
|
|
* Restore backup
|
|
To restore the backup the borg key and the corresponding passphrase is neccessary.
|
|
Get the borg key on the backup-server from each client
|
|
#+begin_src bash
|
|
borg key export /home/<user>/backups/<client> key-export_<client>
|
|
cat key-export_<client>
|
|
rm key-export_<client> (after copy and saved on a extern hdd)
|
|
#+end_src
|
|
* Create a [[id:94b5e3fb-bbf9-40ec-902f-9e15c74c5f99][crontab]] as user
|
|
#+begin_src bash
|
|
crontab -e
|
|
0 2 * * * /home/<user>/backups/backup.sh
|
|
#+end_src
|
|
* Create a prune-backup.sh file for to automatically manage the created backups.
|
|
#+begin_src bash
|
|
#!/bin/bash
|
|
|
|
# <client>:
|
|
export BORG_PASSPHRASE="<which_is_created_before>"
|
|
borg prune -v ~/backups/<client> \
|
|
--keep-daily=30
|
|
--keep-weekly=5
|
|
--keep-monthly=12
|
|
#+end_src
|
|
Make script executable
|
|
#+begin_src bash
|
|
chmod +x prune-backup.sh
|
|
./prune-backup.sh
|
|
#+end_src
|