Jim Paris 552e929247 | 2 years ago | |
---|---|---|
Makefile | 2 years ago | |
README.md | 2 years ago | |
borg-setup.sh | 2 years ago |
On bucket, we have a separate user account “jim-backups”. Password for this account is in bitwarden.
Repository keys are repokeys, with passphrases saved on clients and in bitwarden.
Each client has two SSH keys: one for append-only operation (no pass) and one for read-write (password in bitwarden)
Pruning requires the password and is a manual operation (run sudo /opt/borg/prune.sh
)
Systemd timers start daily backups
Run on client:
wget https://psy.jim.sh/borg-setup.sh
sudo ./borg-setup.sh