services/homelab
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity

clarify difference between server and laptop in borg notes

Browse Source
This commit is contained in:
Reese Wells
2025-10-14 12:37:14 -04:00
parent 8c39f749c7
commit 9ef631b266
1 changed files with 84 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
active/systemd_borg/borg.md
View File

@@ -2,7 +2,8 @@
- [Borg Backup](#borg-backup) - [Borg Backup](#borg-backup)
- [Install Borg](#install-borg) - [Install Borg](#install-borg)
- [Set up a new root client](#set-up-a-new-root-client) - [Set up a laptop or workstation client](#set-up-a-laptop-or-workstation-client)
- [Set up a new server client](#set-up-a-new-server-client)
- [Create a Backup Service](#create-a-backup-service) - [Create a Backup Service](#create-a-backup-service)
- [Check backup service logs](#check-backup-service-logs) - [Check backup service logs](#check-backup-service-logs)
- [Run a Manual Backup](#run-a-manual-backup) - [Run a Manual Backup](#run-a-manual-backup)
@@ -29,7 +30,81 @@ touch /home/backup/.ssh/authorized_keys
chown -R backup:backup /home/backup/.ssh chown -R backup:backup /home/backup/.ssh
``` ```
## Set up a new root client ## Set up a laptop or workstation client
For backing up your laptop or personal account.
1. On your personal account, set up the borg connection
```bash
export BACKUP_HOST="borg.reeselink.com"
ssh-keygen -C ${USER}@${HOSTNAME} -f ~/.ssh/id_${BACKUP_HOST}
cat <<EOF >> ~/.ssh/config
Host ${BACKUP_HOST}
Hostname ${BACKUP_HOST}
IdentityFile ~/.ssh/id_${BACKUP_HOST}
User backup
Port 22
EOF
echo "export CLIENT_FQDN=${USER}.${HOSTNAME}.reeselink.com"
echo "export SSH_PUBKEY=\"$(cat ~/.ssh/id_${BACKUP_HOST}.pub)\""
```
2. On the borg backup server as the backup user:
```bash
# Use echo from above
export CLIENT_FQDN=
export SSH_PUBKEY=
# Create the authkey entry to restrict the user's access to the borg repo folder
export BORG_COMMAND="cd /home/backup/repos/${CLIENT_FQDN}; borg serve --restrict-to-path /home/backup/repos/${CLIENT_FQDN}"
export AUTHKEY_ENTRY="command=\"${BORG_COMMAND}\",restrict ${SSH_PUBKEY}"
echo $AUTHKEY_ENTRY >> /home/backup/.ssh/authorized_keys
# Create the directory
mkdir repos/${CLIENT_FQDN}
```
3. On your personal account, create the repo and your first backup
```bash
# Do not include the first / in the path
export PATH_TO_BACKUP=home/${USER}
export BACKUP_HOST="borg.reeselink.com"
export BORG_REPO=${BACKUP_HOST}:home
# If not initialized, do that now
borg init --encryption none $BORG_REPO
borg list
# Run backup and timestamp it
borg create \
--verbose \
--filter AME \
--list \
--stats \
--progress \
--show-rc \
--compression lz4 \
--exclude-caches \
${BORG_REPO}::$(date +"%F-%H-%M-%S") \
/${PATH_TO_BACKUP}
# Mount a borg archive
borg mount $BORG_REPO::2025-05-14-00-44-05 /mnt/
# Restore a borg archive to a location (dry run)
# First, cd to the location you want to extract to
cd ~
# Then, extract to that location. --strip-components takes the first n items off a path
borg extract --dry-run --list --strip-components 2 $BORG_REPO::my-files home/USERNAME
```
## Set up a new server client
Backups will be run as the root user. Generate them an SSH key to Backups will be run as the root user. Generate them an SSH key to
@@ -57,6 +132,8 @@ export SSH_PUBKEY="ssh-rsa abcd1234 backup@fqdn.something.com"
export BORG_COMMAND="cd /home/backup/repos/${CLIENT_FQDN}; borg serve --restrict-to-path /home/backup/repos/${CLIENT_FQDN}" export BORG_COMMAND="cd /home/backup/repos/${CLIENT_FQDN}; borg serve --restrict-to-path /home/backup/repos/${CLIENT_FQDN}"
export AUTHKEY_ENTRY="command=\"${BORG_COMMAND}\",restrict ${SSH_PUBKEY}" export AUTHKEY_ENTRY="command=\"${BORG_COMMAND}\",restrict ${SSH_PUBKEY}"
echo $AUTHKEY_ENTRY >> /home/backup/.ssh/authorized_keys echo $AUTHKEY_ENTRY >> /home/backup/.ssh/authorized_keys
mkdir /home/backup/repos/${CLIENT_FQDN}
chown -R backup:backup /home/backup/repos/${CLIENT_FQDN}
``` ```
## Create a Backup Service ## Create a Backup Service
@@ -69,15 +146,14 @@ borg_user: backup
borg_host: borg.reeselink.com borg_host: borg.reeselink.com
borg_passphrase: "" borg_passphrase: ""
backup_dirs: backup_dirs:
- /home - /home/foobar
exclude_dirs: [] exclude_dirs: []
keep_daily: 7 keep_daily: 7
keep_weekly: 4 keep_weekly: 4
keep_monthly: 1 keep_monthly: 1
stop_services: [] stop_services: []
stop_user_services: stop_user_services:
- gitea - foobar
- postgres
``` ```
```bash ```bash
@@ -85,7 +161,7 @@ stop_user_services:
for var_file in $(ls active/systemd_borg/secrets); do for var_file in $(ls active/systemd_borg/secrets); do
ansible-playbook \ ansible-playbook \
-i ansible/inventory.yaml \ -i ansible/inventory.yaml \
-l podman \ -l 3dserver \
active/systemd_borg/install_backup.yaml \ active/systemd_borg/install_backup.yaml \
-e "@active/systemd_borg/secrets/$var_file" -e "@active/systemd_borg/secrets/$var_file"
done done
@@ -94,7 +170,8 @@ done
## Check backup service logs ## Check backup service logs
```bash ```bash
ssh podman journalctl -u 'backup-*' -f export SERVER_SSH_NAME=
ssh $SERVER_SSH_NAME journalctl -u 'backup-*' -f
``` ```
## Run a Manual Backup ## Run a Manual Backup