Browse Source

Add README, remove useless mount.sh

master
Jim Paris 9 months ago
parent
commit
de53a0c11d
2 changed files with 60 additions and 44 deletions
  1. +1
    -1
      Makefile
  2. +59
    -43
      borg-setup.sh

+ 1
- 1
Makefile View File

@@ -1,5 +1,5 @@
.PHONY: all
all:
all: check
@echo "Use 'make dist' to copy to https://psy.jim.sh/borg-setup.sh"

.PHONY: check


+ 59
- 43
borg-setup.sh View File

@@ -76,6 +76,7 @@ create_borg_wrapper()
{
BORG=${BORG_DIR}/borg.sh
BORG_REPO="ssh://${BACKUP_USER}@${BACKUP_HOST}/./${BACKUP_REPO}"
SSH=$BORG_DIR/ssh

cat >"$BORG" <<EOF
#!/bin/sh
@@ -86,7 +87,7 @@ export BORG_HOST_ID=${HOSTID}
export BORG_BASE_DIR=${BORG_DIR}
export BORG_CACHE_DIR=${BORG_DIR}/cache
export BORG_CONFIG_DIR=${BORG_DIR}/config
export BORG_RSH="ssh -F ${BORG_DIR}/ssh/config"
export BORG_RSH="ssh -F $SSH/config -i $SSH/id_ecdsa_appendonly"
exec borg "\$@"
EOF
chmod +x "$BORG"
@@ -118,7 +119,6 @@ run_ssh_command()
# Configure SSH key-based login
configure_ssh()
{
SSH=$BORG_DIR/ssh
mkdir "$SSH"

# Create keys
@@ -139,15 +139,7 @@ UserKnownHostsFile $SSH/known_hosts
ForwardX11 no
ForwardAgent no
BatchMode yes
IdentityFile $SSH/id_ecdsa_appendonly

Host backup-appendonly
HostName $BACKUP_HOST
IdentityFile $SSH/id_ecdsa_appendonly

Host backup
HostName $BACKUP_HOST
IdentityFile $SSH/id_ecdsa
IdentitiesOnly yes
EOF

# Connect to backup host, using persistent control socket
@@ -156,7 +148,7 @@ EOF
ssh -F "$SSH/config" -o BatchMode=no -o PubkeyAuthentication=no \
-o ControlMaster=yes -o ControlPath="$TMP/ssh-control" \
-o StrictHostKeyChecking=accept-new \
-f backup sleep 600
-f "${BACKUP_USER}@${BACKUP_HOST}" sleep 600
if ! run_ssh_command true >/dev/null 2>&1 </dev/null ; then
error "SSH failed"
fi
@@ -184,7 +176,8 @@ EOF

# Test that everything worked
log "Testing SSH login with new key"
if ! ssh -F "$SSH/config" -T backup-appendonly borg --version </dev/null ; then
if ! ssh -F "$SSH/config" -i "$SSH/id_ecdsa_appendonly" -T \
"${BACKUP_USER}@${BACKUP_HOST}" borg --version </dev/null ; then
error "Logging in with a key failed -- is server set up correctly?"
fi
log "Remote connection OK!"
@@ -232,7 +225,7 @@ done
# Allow dirs to be overridden
BORG_BACKUP_DIRS=\${BORG_BACKUP_DIRS:-\$DIRS}

echo "Backing up: $DIRS"
echo "Backing up: \$BORG_BACKUP_DIRS"

\$BORG create \\
--verbose \\
@@ -241,7 +234,7 @@ echo "Backing up: $DIRS"
--stats \\
--exclude-caches \\
--one-file-system \\
--checkpoint-interval 300 \\
--checkpoint-interval 900 \\
--compression zstd,3 \\
::'{hostname}-{now:%Y%m%d-%H%M%S}' \\
\$BORG_BACKUP_DIRS
@@ -258,39 +251,19 @@ BORG=$BORG_DIR/borg.sh
set -e

echo "=== Need SSH key passphrase. Check Bitwarden for:"
echo "=== borg $(hostname)"
echo "=== read-write SSH key"
echo "=== borg $(hostname) / read-write SSH key"
\$BORG prune \\
--rsh="ssh -F ${BORG_DIR}/ssh/config -i ${SSH}/id_ecdsa"
--rsh="ssh -F $SSH/config -o BatchMode=no -i $SSH/id_ecdsa" \\
--verbose \\
--stats \\
--keep-within=7d \\
--keep-daily=14 \\
--keep-weekly=8 \\
--keep-monthly=-1
EOF

cat > "${BORG_DIR}/mount.sh" <<EOF
#!/bin/bash

BORG=$BORG_DIR/borg.sh
set -e

if [ -z "\$1" ] ; then
echo "Usage: \$0 <mountpoint>"
exit 1
fi

\$BORG mount \\
:: \$1

echo "Unmount with: fusermount -u \$1"

EOF

chmod 755 "${BORG_DIR}/backup.sh"
chmod 755 "${BORG_DIR}/prune.sh"
chmod 755 "${BORG_DIR}/mount.sh"
}

configure_systemd()
@@ -351,6 +324,54 @@ EOF
fi
}

make_readme()
{
cat > "${BORG_DIR}/README" <<EOF
Backup Configuration
--------------------

Hostname: $(hostname)
Destination: ${BACKUP_USER}@${BACKUP_HOST}
Repository: ${BACKUP_REPO}

Cheat sheet
-----------

See when next backup is scheduled:

systemctl list-timers borg-backup.timer

See progress of most recent backup:

systemctl status -l -n 99999 borg-backup

Start backup now:

sudo systemctl start borg-backup

Interrupt backup in progress:

sudo systemctl stop borg-backup

Show backups and related info:

sudo ${BORG_DIR}/borg.sh info
sudo ${BORG_DIR}/borg.sh list

Mount and look at files:

mkdir mnt
sudo ${BORG_DIR}/borg.sh mount :: mnt
sudo -s # to explore as root
sudo umount mnt

Prune old backups. Only run if sure local system was never compromised,
as object deletion could have been queued during append-only operations.
Requires SSH key password from bitwarden.
sudo ${BORG_DIR}/prune.sh
EOF
}

log "Configuration:"
log " Backup server host: ${BACKUP_HOST}"
log " Backup server user: ${BACKUP_USER}"
@@ -364,6 +385,7 @@ create_repo
export_keys
create_scripts
configure_systemd
make_readme

echo
notice "Add these two passwords to Bitwarden:"
@@ -377,12 +399,6 @@ notice " Username: read-write ssh key"
notice " Password: $PASS_SSH"
notice ""
notice "You should also print out the full repo key: ${BORG_DIR}/key.txt"
notice ""
notice "To run a manual backup:"
notice " sudo systemctl start borg-backup"
notice ""
notice "and to see logs:"
notice " journalctl -u borg-backup"
echo

echo "All done"

Loading…
Cancel
Save