odie/qrz.is
1
0
Fork 0
mirror of https://codeberg.org/mclemens/qrz.is.git synced 2024-09-06 06:04:29 -04:00
Code Issues Packages Projects Releases Wiki Activity
9fc5295c9f
qrz.is/content/post/server-backup-with-borgmatic-and-borgbase.md
Michael Clemens 314ad86775 added new blog post
2021-12-13 11:03:00 +01:00

3.4 KiB
Raw Blame History

title type author date tags url
Server Backup with Borgmatic and Borgbase post micha 2021-11-18T18:00:00+01:00
Backup
Linux
/server-backup-with-borgmatic-and-borgbase/

In this article I document how I backup my servers locally as well as remotely to borgbase.com. After implementing the follwoing steps, you'll get:

  • encrypted backups to a local directory
  • encrypted offsite backups
  • alarms in the case backups fail

Preconditions

All these steps have been tested with Debian 10/11. You'll need a paid subscription with BorgBase or use your own remote repository server. All commands have to be executed in the context of the user root.

Installation of Borg and Borgmatic

On the system that needs to be backed up:

# apt install borgbackup borgmatic
# mkdir -p ~/.config/borgmatic
# cat ~/.ssh/id_rsa.pub

Copy the output of the last command. If you don't have SSH keys generated, you can do so by typing

# ssh-keygen

Configuring the Repositories

Login to BorgBase (https://www.borgbase.com) and perform the following steps:

  • Add a new SSH key under Account - SSH Keys - Add public key and paste here your previously copied public key
  • Go to Repositories - New Repo, create a new repository and add the new SSH pubkey
  • Look up how to initialize your repo under Setup - Initialize Repo. Copy the first command, e.g. "borg init -e repokey-blake2 abcdefgh@abcdefgh.repo.borgbase.com:repo"

Initializing your Repositories

Now is the time to generate and store a secure passphrase in your password manager. This will be needed to encrypt/decrypt your backups

Initialize both the local and the remote repository by entering the following command. If asked, enter the previously generated passphrase:

# borg init -e repokey-blake2 /backup/borgmatic/
# borg init -e repokey-blake2 abcdefgh@abcdefgh.repo.borgbase.com:repo

Configuration of Borgmatic

Create and edit the configuration file:

# vi ~/.config/borgmatic/config.yaml

Paste and adapt the following content:

location:
    source_directories:
        - /etc
        - /home
	- /var/www

    one_file_system: true
    repositories:
        - /backup/borgmatic
        - abcdefgh@abcdefgh.repo.borgbase.com:repo

    exclude_patterns:
        - '*.pyc'
        - ~/*/.cache
        - NoSyncNoBackup

    exclude_caches: true
    exclude_if_present: .nobackup

storage:
    compression: auto,zstd
    encryption_passphrase: <YOURSECRETPASSWORD>
    archive_name_format: '{hostname}-{now}'

retention:
    keep_daily: 3
    keep_weekly: 4
    keep_monthly: 12
    keep_yearly: 2
    prefix: '{hostname}-'

consistency:
    checks:
        # uncomment to always do integrity checks. (takes long time for large repos)
        #- repository
        - disabled

    check_last: 3
    prefix: '{hostname}-'

hooks:
    # List of one or more shell commands or scripts to execute before creating a backup.
    before_backup:
        - echo "`date` - Starting backup"

    after_backup:
        - echo "`date` - Finished backup"

Finally execute the following command to create your first backup:

# borgmatic

Backup Scheduling

In order to automatically perform backups e.g. every day at 1:00 am, edit the crontab with

# crontab -e

Paste the following line into the editor:

0 01 * * * /usr/bin/borgmatic >/dev/null 2>&1