ducoterra
ef9104c796
All checks were successful
Reese's Arch Toolbox / build-and-push-arch-toolbox (push) Successful in 14s
72 lines
1.5 KiB
Markdown
72 lines
1.5 KiB
Markdown
# Borg Backup
|
|
|
|
## Server Setup
|
|
|
|
<https://borgbackup.readthedocs.io/en/stable/deployment/central-backup-server.html#user-and-group>
|
|
|
|
User: backup
|
|
|
|
Group: backup
|
|
|
|
Shell: /bin/bash (or other capable to run the borg serve command)
|
|
|
|
Home: /home/backup
|
|
|
|
```bash
|
|
dnf install borgbackup
|
|
|
|
useradd backup
|
|
mkdir /home/backup/.ssh
|
|
touch /home/backup/.ssh/authorized_keys
|
|
chown -R backup:backup /home/backup/.ssh
|
|
```
|
|
|
|
### Adding a Client
|
|
|
|
Note: See [adding nextcloud](#adding-nextcloud) for nextcloud instructions here.
|
|
|
|
```bash
|
|
export BACKUP_HOST=""
|
|
|
|
ssh-keygen -C backup@${BACKUP_HOST} -f ~/.ssh/id_${BACKUP_HOST}
|
|
|
|
cat <<EOF >> ~/.ssh/config
|
|
Host ${BACKUP_HOST}
|
|
Hostname ${BACKUP_HOST}
|
|
IdentityFile ~/.ssh/id_${BACKUP_HOST}
|
|
User backup
|
|
Port 22
|
|
KeepAlive yes
|
|
EOF
|
|
```
|
|
|
|
Now on the server:
|
|
|
|
```bash
|
|
export CLIENT_FQDN=""
|
|
# Should look like ssh-rsa abcd1234 backup@fqdn.something.com
|
|
export SSH_PUBKEY=""
|
|
export AUTHKEY_ENTRY="command=\"cd /home/backup/repos/${CLIENT_FQDN}; borg serve --restrict-to-path /home/backup/repos/${CLIENT_FQDN}\",restrict ${SSH_PUBKEY}"
|
|
echo $AUTHKEY_ENTRY >> /home/backup/.ssh/authorized_keys
|
|
|
|
mkdir /home/backup/repos/${CLIENT_FQDN}
|
|
chown backup:backup /home/backup/repos/${CLIENT_FQDN}
|
|
```
|
|
|
|
Then back on the client:
|
|
|
|
```bash
|
|
ssh borg.reeselink.com
|
|
|
|
borg init --encryption none backup@${BACKUP_HOST}:root
|
|
```
|
|
|
|
#### Adding Nextcloud
|
|
|
|
Rather than creating a client, just set the borg backup location to:
|
|
|
|
```text
|
|
backup@borg.reeselink.com:nextcloud
|
|
```
|
|
|
|
Then run the backup. It will generate a pubkey. Copy this into the authorized_keys file. |