moving everything to active or retired vs incubating and graduated

active/systemd_borg/borg.md

@@ -0,0 +1,72 @@
+# Borg Backup
+
+## Server Setup
+
+<https://borgbackup.readthedocs.io/en/stable/deployment/central-backup-server.html#user-and-group>
+
+User: backup
+
+Group: backup
+
+Shell: /bin/bash (or other capable to run the borg serve command)
+
+Home: /home/backup
+
+```bash
+dnf install borgbackup
+
+useradd backup
+mkdir /home/backup/.ssh
+touch /home/backup/.ssh/authorized_keys
+chown -R backup:backup /home/backup/.ssh
+```
+
+### Adding a Client
+
+Note: See [adding nextcloud](#adding-nextcloud) for nextcloud instructions here.
+
+```bash
+export BACKUP_HOST=""
+
+ssh-keygen -C backup@${BACKUP_HOST} -f ~/.ssh/id_${BACKUP_HOST}
+
+cat <<EOF >> ~/.ssh/config
+Host ${BACKUP_HOST}
+    Hostname ${BACKUP_HOST}
+    IdentityFile ~/.ssh/id_${BACKUP_HOST}
+    User backup
+    Port 22
+    KeepAlive yes
+EOF
+```
+
+Now on the server:
+
+```bash
+export CLIENT_FQDN=""
+# Should look like ssh-rsa abcd1234 backup@fqdn.something.com
+export SSH_PUBKEY=""
+export AUTHKEY_ENTRY="command=\"cd /home/backup/repos/${CLIENT_FQDN}; borg serve --restrict-to-path /home/backup/repos/${CLIENT_FQDN}\",restrict ${SSH_PUBKEY}"
+echo $AUTHKEY_ENTRY >> /home/backup/.ssh/authorized_keys
+
+mkdir /home/backup/repos/${CLIENT_FQDN}
+chown backup:backup /home/backup/repos/${CLIENT_FQDN}
+```
+
+Then back on the client:
+
+```bash
+ssh borg.reeselink.com
+
+borg init --encryption none backup@${BACKUP_HOST}:root
+```
+
+#### Adding Nextcloud
+
+Rather than creating a client, just set the borg backup location to:
+
+```text
+backup@borg.reeselink.com:nextcloud
+```
+
+Then run the backup. It will generate a pubkey. Copy this into the authorized_keys file.