2021-10-11 12:34:57 -04:00
|
|
|
Initial setup
|
|
|
|
=============
|
|
|
|
|
|
|
|
Run on client:
|
|
|
|
|
|
|
|
sudo git clone https://git.jim.sh/jim/borg-setup.git /opt/borg
|
|
|
|
sudo /opt/borg/initial-setup.sh
|
|
|
|
|
2021-10-11 16:50:08 -04:00
|
|
|
Customize `/opt/borg/config.yaml` as desired.
|
2021-10-11 12:34:57 -04:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Cheat sheet
|
|
|
|
===========
|
|
|
|
|
2021-10-13 14:38:47 -04:00
|
|
|
*After setup, the copy of this file on the client will have the
|
|
|
|
variables in this section filled in automatically*
|
2021-10-11 12:34:57 -04:00
|
|
|
|
2021-10-19 14:45:08 -04:00
|
|
|
## Configuration
|
2021-10-11 12:34:57 -04:00
|
|
|
|
|
|
|
Hostname: ${HOSTNAME}
|
|
|
|
Base directory: ${BORG_DIR}
|
|
|
|
Destination: ${BACKUP_USER}@${BACKUP_HOST}
|
|
|
|
Repository: ${BACKUP_REPO}
|
|
|
|
|
2021-10-19 14:45:08 -04:00
|
|
|
## Commands
|
2021-10-11 12:34:57 -04:00
|
|
|
|
|
|
|
See when next backup is scheduled:
|
|
|
|
|
|
|
|
systemctl list-timers borg-backup.timer
|
|
|
|
|
2021-10-14 10:51:20 -04:00
|
|
|
See status of most recent backup:
|
2021-10-11 12:34:57 -04:00
|
|
|
|
2021-10-14 10:51:20 -04:00
|
|
|
systemctl status --full --lines 999999 --no-pager --all borg-backup
|
|
|
|
|
|
|
|
Watch log:
|
|
|
|
|
|
|
|
journalctl --all --follow --unit borg-backup
|
2021-10-11 12:34:57 -04:00
|
|
|
|
|
|
|
Start backup now:
|
|
|
|
|
|
|
|
sudo systemctl start borg-backup
|
|
|
|
|
|
|
|
Interrupt backup in progress:
|
|
|
|
|
|
|
|
sudo systemctl stop borg-backup
|
|
|
|
|
|
|
|
Show backups and related info:
|
|
|
|
|
|
|
|
sudo ${BORG_DIR}/borg.sh info
|
|
|
|
sudo ${BORG_DIR}/borg.sh list
|
|
|
|
|
|
|
|
Run Borg using the read-write SSH key:
|
|
|
|
|
|
|
|
sudo ${BORG_DIR}/borg.sh --rw list
|
|
|
|
|
|
|
|
Mount and look at files:
|
|
|
|
|
|
|
|
mkdir mnt
|
|
|
|
sudo ${BORG_DIR}/borg.sh mount :: mnt
|
|
|
|
sudo -s # to explore as root
|
|
|
|
sudo umount mnt
|
|
|
|
|
|
|
|
|
2021-10-19 14:45:08 -04:00
|
|
|
## Compaction and remote access
|
2021-10-11 12:34:57 -04:00
|
|
|
|
2021-10-19 14:45:08 -04:00
|
|
|
Old backups are "pruned" automatically, but because the SSH key is
|
|
|
|
append-only, no space is actually recovered on the server, it's just
|
|
|
|
marked for deletion. If you are sure that the client system was not
|
|
|
|
compromised, then you can run compaction manually directly on the
|
|
|
|
backup host by logging in via SSH (bitwarden `ssh ${BACKUP_HOST} /
|
|
|
|
${BACKUP_USER}`) and compacting there:
|
|
|
|
|
|
|
|
ssh ${BACKUP_USER}@${BACKUP_HOST} borg/borg compact --verbose --progress ${BACKUP_REPO}
|
|
|
|
|
2021-10-26 16:03:52 -04:00
|
|
|
This doesn't require the repo key. That key shouldn't be entered on
|
|
|
|
the untrusted backup host, so for operations that need it, use a
|
|
|
|
trusted host and run borg remotely instead, e.g.:
|
2021-10-19 14:45:08 -04:00
|
|
|
|
2021-10-26 16:03:52 -04:00
|
|
|
${BORG_BIN} --remote-path borg/borg info ${BACKUP_USER}@${BACKUP_HOST}:borg/${HOSTNAME}
|
2021-10-19 14:45:08 -04:00
|
|
|
|
2021-10-19 14:48:28 -04:00
|
|
|
The repo passphrase is in bitwarden `borg ${HOSTNAME} / repo key`.
|
2021-10-11 12:34:57 -04:00
|
|
|
|
|
|
|
|
|
|
|
Design
|
|
|
|
======
|
2021-08-13 10:47:41 -04:00
|
|
|
|
2021-10-08 16:08:03 -04:00
|
|
|
- On server, we have a separate user account "jim-backups". Password
|
|
|
|
for this account is in bitwarden in the "Backups" folder, under `ssh
|
|
|
|
backup.jim.sh`.
|
2021-08-13 10:47:41 -04:00
|
|
|
|
2021-10-08 16:08:03 -04:00
|
|
|
- Repository keys are repokeys, which get stored on the server, inside
|
|
|
|
the repo. Passphrases are stored:
|
|
|
|
- on clients (in `/opt/borg/passphrase`, for making backups)
|
|
|
|
- in bitwarden (under `borg <hostname>`, user `repo key`)
|
2021-08-13 10:47:41 -04:00
|
|
|
|
2021-10-19 14:45:08 -04:00
|
|
|
- Each client has two passwordless SSH keys for connecting to the server:
|
2021-10-08 16:08:03 -04:00
|
|
|
- `/opt/borg/ssh/id_ecdsa_appendonly`
|
|
|
|
- configured on server for append-only operation
|
|
|
|
- used for making backups
|
2021-10-19 14:45:08 -04:00
|
|
|
- `/opt/borg/ssh/id_ecdsa_notify`
|
|
|
|
- configured on server for running `borg/notify.sh` only
|
|
|
|
- used for sending email notifications on errors
|
2021-08-13 15:32:36 -04:00
|
|
|
|
2021-10-08 16:08:03 -04:00
|
|
|
- Systemd timers start daily backups:
|
2021-08-19 11:55:19 -04:00
|
|
|
|
2021-10-08 16:08:03 -04:00
|
|
|
/etc/systemd/system/borg-backup.service -> /opt/borg/borg-backup.service
|
|
|
|
/etc/systemd/system/borg-backup.timer -> /opt/borg/borg-backup.timer
|
|
|
|
|
|
|
|
- Backup script `/opt/borg/backup.py` uses configuration in
|
2021-10-11 16:50:08 -04:00
|
|
|
`/opt/borg/config.yaml` to generate our own list of files, excluding
|
2021-10-19 14:45:08 -04:00
|
|
|
anything that's too large by default. This requires borg 1.2 or newer.
|
2021-10-14 13:26:24 -04:00
|
|
|
|
|
|
|
|
|
|
|
Notes
|
|
|
|
=====
|
|
|
|
|
2021-10-26 15:03:35 -04:00
|
|
|
# Building Borg binary from git
|
2021-10-14 13:26:24 -04:00
|
|
|
|
2021-10-26 15:03:35 -04:00
|
|
|
sudo apt install python3.9 scons libacl1-dev libfuse-dev libpython3.9-dev patchelf
|
2021-10-14 13:26:24 -04:00
|
|
|
git clone https://github.com/borgbackup/borg.git
|
|
|
|
cd borg
|
2021-10-26 15:03:35 -04:00
|
|
|
virtualenv --python=python3.9 borg-env
|
2021-10-14 13:26:24 -04:00
|
|
|
source borg-env/bin/activate
|
|
|
|
pip install -r requirements.d/development.txt
|
|
|
|
pip install pyinstaller
|
|
|
|
pip install llfuse
|
|
|
|
pip install -e .[llfuse]
|
|
|
|
pyinstaller --clean --noconfirm scripts/borg.exe.spec
|
2021-10-17 21:31:16 -04:00
|
|
|
pip install staticx
|
2021-10-14 13:26:24 -04:00
|
|
|
|
2021-10-26 15:03:35 -04:00
|
|
|
# for x86
|
|
|
|
staticx -l /lib/x86_64-linux-gnu/libm.so.6 dist/borg.exe borg.x86_64
|
|
|
|
|
|
|
|
# for ARM; see https://github.com/JonathonReinhart/staticx/issues/209
|
|
|
|
staticx -l /lib/arm-linux-gnueabihf/libm.so.6 dist/borg.exe borg.armv7l
|
|
|
|
|
|
|
|
Then run `borg.x86_64`. Confirm the version with `borg.armv7l --version`.
|
2021-10-16 01:23:14 -04:00
|
|
|
|
2021-10-14 13:26:24 -04:00
|
|
|
*Note:* This uses the deprecated `llfuse` instead of the newer `pyfuse3`.
|
|
|
|
`pyfuse3` doesn't work because, at minimum, it pulls in `trio` which
|
|
|
|
requires `ssl` which is explicitly excluded by
|
|
|
|
`scripts/borg.exe.spec`.
|