# Borg Backup - [Borg Backup](#borg-backup) - [Server Setup](#server-setup) - [Adding a Client](#adding-a-client) - [Installing the Backup Service](#installing-the-backup-service) - [Adding Nextcloud](#adding-nextcloud) - [Manual Client Use](#manual-client-use) ## Server Setup User: backup Group: backup Shell: /bin/bash (or other capable to run the borg serve command) Home: /home/backup ```bash dnf install borgbackup useradd backup mkdir /home/backup/.ssh touch /home/backup/.ssh/authorized_keys chown -R backup:backup /home/backup/.ssh ``` ### Adding a Client Note: See [adding nextcloud](#adding-nextcloud) for nextcloud instructions here. ```bash export BACKUP_HOST="" ssh-keygen -C ${USER}@${HOSTNAME} -f ~/.ssh/id_${BACKUP_HOST} cat <> ~/.ssh/config Host ${BACKUP_HOST} Hostname ${BACKUP_HOST} IdentityFile ~/.ssh/id_${BACKUP_HOST} User backup Port 22 KeepAlive yes EOF ``` Now on the server: ```bash export CLIENT_FQDN="" # Should look like ssh-rsa abcd1234 backup@fqdn.something.com export SSH_PUBKEY="" export AUTHKEY_ENTRY="command=\"cd /home/backup/repos/${CLIENT_FQDN}; borg serve --restrict-to-path /home/backup/repos/${CLIENT_FQDN}\",restrict ${SSH_PUBKEY}" echo $AUTHKEY_ENTRY >> /home/backup/.ssh/authorized_keys mkdir /home/backup/repos/${CLIENT_FQDN} chown backup:backup /home/backup/repos/${CLIENT_FQDN} ``` Then back on the client: ```bash ssh borg.reeselink.com # root borg init --encryption none backup@${BACKUP_HOST}:root # home borg init --encryption none backup@${BACKUP_HOST}:home # app borg init --encryption none backup@${BACKUP_HOST}:gitea # another app borg init --encryption none backup@${BACKUP_HOST}:nextcloud ``` ### Installing the Backup Service Create your vars file in `secrets/host_vars.yaml` ```yaml repo_name: my_repo borg_user: backup borg_host: borg.reeselink.com borg_passphrase: "" backup_dirs: - /home exclude_dirs: [] keep_daily: 7 keep_weekly: 4 keep_monthly: 1 stop_services: [] stop_user_services: - gitea - postgres ``` ```bash ansible-playbook \ -i active/ansible/inventory.yaml \ -l podman \ active/systemd_borg/install_backup.yaml \ -e "@active/systemd_borg/secrets/gitea_vars.yaml" ``` #### Adding Nextcloud Rather than creating a client, just set the borg backup location to: ```text backup@borg.reeselink.com:nextcloud ``` Then run the backup. It will generate a pubkey. Copy this into the authorized_keys file. ## Manual Client Use ```bash borg list borg.reeselink.com:home # Do not include the first / in the path export PATH_TO_BACKUP=var/home/ducoterra export BORG_REPO=borg.reeselink.com:home # If not initialized, do that now borg init --encryption none $BORG_REPO # Run backup and timestamp it borg create \ --verbose \ --filter AME \ --list \ --stats \ --progress \ --show-rc \ --compression lz4 \ --exclude-caches \ -e "pp:/${PATH_TO_BACKUP}/.cache" \ -e "re:^${PATH_TO_BACKUP}/\.var/app/[^/]+/cache/" \ -e "CACHEDIR.TAG" \ -e "pp:/${PATH_TO_BACKUP}/.local/share/gnome-boxes" \ -e "pp:/${PATH_TO_BACKUP}/.var/app/org.gnome.Boxes" \ -e "pp:/${PATH_TO_BACKUP}/.var/app/org.gnome.BoxesDevel" \ -e "pp:/${PATH_TO_BACKUP}/.local/share/bottles" \ -e "pp:/${PATH_TO_BACKUP}/.var/app/com.usebottles.bottles" \ -e "pp:/${PATH_TO_BACKUP}/.local/share/libvirt" \ -e "pp:/${PATH_TO_BACKUP}/.config/libvirt" \ -e "pp:/${PATH_TO_BACKUP}/.local/share/containers" \ -e "pp:/${PATH_TO_BACKUP}/.local/share/docker" \ ${BORG_REPO}::$(date +"%F-%H-%M-%S") \ /${PATH_TO_BACKUP} # Mount a borg archive borg mount $BORG_REPO::2025-05-14-00-44-05 /mnt/ # Restore a borg archive to a location (dry run) borg extract --dry-run --list --strip-components 1 $BORG_REPO::my-files home/USERNAME ```