services/homelab
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ef9104c7965ed1a7ce57c9d5bcfaac4c574d758f
homelab/active/systemd_borg/borg.md
ducoterra ef9104c796
All checks were successful
Reese's Arch Toolbox / build-and-push-arch-toolbox (push) Successful in 14s
Details
moving everything to active or retired vs incubating and graduated
2025-04-19 18:52:33 -04:00

1.5 KiB
Raw Blame History

Borg Backup

Server Setup

https://borgbackup.readthedocs.io/en/stable/deployment/central-backup-server.html#user-and-group

User: backup

Group: backup

Shell: /bin/bash (or other capable to run the borg serve command)

Home: /home/backup

dnf install borgbackup

useradd backup
mkdir /home/backup/.ssh
touch /home/backup/.ssh/authorized_keys
chown -R backup:backup /home/backup/.ssh

Adding a Client

Note: See adding nextcloud for nextcloud instructions here.

export BACKUP_HOST=""

ssh-keygen -C backup@${BACKUP_HOST} -f ~/.ssh/id_${BACKUP_HOST}

cat <<EOF >> ~/.ssh/config
Host ${BACKUP_HOST}
    Hostname ${BACKUP_HOST}
    IdentityFile ~/.ssh/id_${BACKUP_HOST}
    User backup
    Port 22
    KeepAlive yes
EOF

Now on the server:

export CLIENT_FQDN=""
# Should look like ssh-rsa abcd1234 backup@fqdn.something.com
export SSH_PUBKEY=""
export AUTHKEY_ENTRY="command=\"cd /home/backup/repos/${CLIENT_FQDN}; borg serve --restrict-to-path /home/backup/repos/${CLIENT_FQDN}\",restrict ${SSH_PUBKEY}"
echo $AUTHKEY_ENTRY >> /home/backup/.ssh/authorized_keys

mkdir /home/backup/repos/${CLIENT_FQDN}
chown backup:backup /home/backup/repos/${CLIENT_FQDN}

Then back on the client:

ssh borg.reeselink.com

borg init --encryption none backup@${BACKUP_HOST}:root

Adding Nextcloud

Rather than creating a client, just set the borg backup location to:

backup@borg.reeselink.com:nextcloud

Then run the backup. It will generate a pubkey. Copy this into the authorized_keys file.

Reference in New Issue View Git Blame Copy Permalink