clarify difference between server and laptop in borg notes
This commit is contained in:
@@ -2,7 +2,8 @@
|
||||
|
||||
- [Borg Backup](#borg-backup)
|
||||
- [Install Borg](#install-borg)
|
||||
- [Set up a new root client](#set-up-a-new-root-client)
|
||||
- [Set up a laptop or workstation client](#set-up-a-laptop-or-workstation-client)
|
||||
- [Set up a new server client](#set-up-a-new-server-client)
|
||||
- [Create a Backup Service](#create-a-backup-service)
|
||||
- [Check backup service logs](#check-backup-service-logs)
|
||||
- [Run a Manual Backup](#run-a-manual-backup)
|
||||
@@ -29,7 +30,81 @@ touch /home/backup/.ssh/authorized_keys
|
||||
chown -R backup:backup /home/backup/.ssh
|
||||
```
|
||||
|
||||
## Set up a new root client
|
||||
## Set up a laptop or workstation client
|
||||
|
||||
For backing up your laptop or personal account.
|
||||
|
||||
1. On your personal account, set up the borg connection
|
||||
|
||||
```bash
|
||||
export BACKUP_HOST="borg.reeselink.com"
|
||||
|
||||
ssh-keygen -C ${USER}@${HOSTNAME} -f ~/.ssh/id_${BACKUP_HOST}
|
||||
|
||||
cat <<EOF >> ~/.ssh/config
|
||||
Host ${BACKUP_HOST}
|
||||
Hostname ${BACKUP_HOST}
|
||||
IdentityFile ~/.ssh/id_${BACKUP_HOST}
|
||||
User backup
|
||||
Port 22
|
||||
EOF
|
||||
|
||||
echo "export CLIENT_FQDN=${USER}.${HOSTNAME}.reeselink.com"
|
||||
echo "export SSH_PUBKEY=\"$(cat ~/.ssh/id_${BACKUP_HOST}.pub)\""
|
||||
```
|
||||
|
||||
2. On the borg backup server as the backup user:
|
||||
|
||||
```bash
|
||||
# Use echo from above
|
||||
export CLIENT_FQDN=
|
||||
export SSH_PUBKEY=
|
||||
|
||||
# Create the authkey entry to restrict the user's access to the borg repo folder
|
||||
export BORG_COMMAND="cd /home/backup/repos/${CLIENT_FQDN}; borg serve --restrict-to-path /home/backup/repos/${CLIENT_FQDN}"
|
||||
export AUTHKEY_ENTRY="command=\"${BORG_COMMAND}\",restrict ${SSH_PUBKEY}"
|
||||
echo $AUTHKEY_ENTRY >> /home/backup/.ssh/authorized_keys
|
||||
|
||||
# Create the directory
|
||||
mkdir repos/${CLIENT_FQDN}
|
||||
```
|
||||
|
||||
3. On your personal account, create the repo and your first backup
|
||||
|
||||
```bash
|
||||
# Do not include the first / in the path
|
||||
export PATH_TO_BACKUP=home/${USER}
|
||||
export BACKUP_HOST="borg.reeselink.com"
|
||||
export BORG_REPO=${BACKUP_HOST}:home
|
||||
|
||||
# If not initialized, do that now
|
||||
borg init --encryption none $BORG_REPO
|
||||
borg list
|
||||
|
||||
# Run backup and timestamp it
|
||||
borg create \
|
||||
--verbose \
|
||||
--filter AME \
|
||||
--list \
|
||||
--stats \
|
||||
--progress \
|
||||
--show-rc \
|
||||
--compression lz4 \
|
||||
--exclude-caches \
|
||||
${BORG_REPO}::$(date +"%F-%H-%M-%S") \
|
||||
/${PATH_TO_BACKUP}
|
||||
|
||||
# Mount a borg archive
|
||||
borg mount $BORG_REPO::2025-05-14-00-44-05 /mnt/
|
||||
|
||||
# Restore a borg archive to a location (dry run)
|
||||
# First, cd to the location you want to extract to
|
||||
cd ~
|
||||
# Then, extract to that location. --strip-components takes the first n items off a path
|
||||
borg extract --dry-run --list --strip-components 2 $BORG_REPO::my-files home/USERNAME
|
||||
```
|
||||
|
||||
## Set up a new server client
|
||||
|
||||
Backups will be run as the root user. Generate them an SSH key to
|
||||
|
||||
@@ -57,6 +132,8 @@ export SSH_PUBKEY="ssh-rsa abcd1234 backup@fqdn.something.com"
|
||||
export BORG_COMMAND="cd /home/backup/repos/${CLIENT_FQDN}; borg serve --restrict-to-path /home/backup/repos/${CLIENT_FQDN}"
|
||||
export AUTHKEY_ENTRY="command=\"${BORG_COMMAND}\",restrict ${SSH_PUBKEY}"
|
||||
echo $AUTHKEY_ENTRY >> /home/backup/.ssh/authorized_keys
|
||||
mkdir /home/backup/repos/${CLIENT_FQDN}
|
||||
chown -R backup:backup /home/backup/repos/${CLIENT_FQDN}
|
||||
```
|
||||
|
||||
## Create a Backup Service
|
||||
@@ -69,15 +146,14 @@ borg_user: backup
|
||||
borg_host: borg.reeselink.com
|
||||
borg_passphrase: ""
|
||||
backup_dirs:
|
||||
- /home
|
||||
- /home/foobar
|
||||
exclude_dirs: []
|
||||
keep_daily: 7
|
||||
keep_weekly: 4
|
||||
keep_monthly: 1
|
||||
stop_services: []
|
||||
stop_user_services:
|
||||
- gitea
|
||||
- postgres
|
||||
- foobar
|
||||
```
|
||||
|
||||
```bash
|
||||
@@ -85,7 +161,7 @@ stop_user_services:
|
||||
for var_file in $(ls active/systemd_borg/secrets); do
|
||||
ansible-playbook \
|
||||
-i ansible/inventory.yaml \
|
||||
-l podman \
|
||||
-l 3dserver \
|
||||
active/systemd_borg/install_backup.yaml \
|
||||
-e "@active/systemd_borg/secrets/$var_file"
|
||||
done
|
||||
@@ -94,7 +170,8 @@ done
|
||||
## Check backup service logs
|
||||
|
||||
```bash
|
||||
ssh podman journalctl -u 'backup-*' -f
|
||||
export SERVER_SSH_NAME=
|
||||
ssh $SERVER_SSH_NAME journalctl -u 'backup-*' -f
|
||||
```
|
||||
|
||||
## Run a Manual Backup
|
||||
|
||||
Reference in New Issue
Block a user