Off-site Backup with Borg

A quick&dirty run-down how to use Borg for daily offsite backups (non-sql).

Situation
local is the machine that needs to be backed up, HOST is the machine where backups will be stored.


 * HOST - remote storage for backups
 * USER - remote user
 * DIRECTORY - remote directory containing backups

Setup
We assume Borg is installed on HOST already.


 * setup USER @ HOST (on local: ssh-keygen -t ed25519 -b 320, on HOST: useradd USER, add key to authorized_keys, etc etc)
 * create DIRECTORY at HOST and make it writable by USER
 * on local: compile borg like: https://borgbackup.readthedocs.io/en/stable/installation.html#git-installation
 * the above needs some additional packages but u'll figure that out
 * on local: enter borg env like source /root/src/borg-env/bin/activate
 * on local: init repository like borg init --encryption=keyfile-blake2 USER@HOST:DIRECTORY (provide passphrase)
 * on local: export key like: borg key export USER@HOST:DIRECTORY borg.key
 * on local: hide key in a safe place & remember passphrase & shred borg.key
 * on local: install sendemail for mail reporting: apt-get install sendemail
 * modify & use the script below (eg. by adding it into crontab)

Script
SERVER="" PORT="" USER="r" PASS="" FROM="" TO=""
 * 1) !/bin/bash
 * 2) Borg automated backups
 * 3) Based on: https://borgbackup.readthedocs.io/en/stable/quickstart.html#automating-backups
 * 4) .. but not so fancy, lel
 * 5) This will backup to HOST into DIRECTORY
 * ::sys is a repository for system backup (/etc /root /var/log /usr/local)
 * ::www is a repository for www backup (/data/www)
 * ::git is a repository for git backup (/data/git)
 * 1) mail reporting parameters
 * ::git is a repository for git backup (/data/git)
 * 1) mail reporting parameters
 * 1) mail reporting parameters
 * 1) mail reporting parameters

source /root/src/borg-env/bin/activate
 * 1) get into the environment

export BORG_REPO=USER@HOST:DIRECTORY export BORG_PASSPHRASE='PASSPHRASE'
 * 1) set some variables

info { printf "\n%s %s\n\n" "$( date )" "$*" >&2; } trap 'echo $( date ) Backup interrupted >&2; exit 2' INT TERM
 * 1) some helpers and error handling

info "Starting sys backup" borg create --stats ::'sys_{now}' /etc /root /var/log /usr/local sys_create=$? info "Pruning sys repository" borg prune --list --prefix 'sys_' --show-rc --keep-daily 7 --keep-weekly 4 --keep-monthly 6 sys_prune=$? sys_exit=$(( sys_create > sys_prune ? sys_create : sys_prune ))
 * 1) make a sys backup and prune old sys backups

info "Starting www backup" borg create --stats ::'www_{now}' /data/www www_create=$? info "Pruning www repository" borg prune --list --prefix 'www_' --show-rc --keep-daily 7 --keep-weekly 4 --keep-monthly 6 www_prune=$? www_exit=$(( www_create > www_prune ? www_create : www_prune ))
 * 1) make a www backup and prune old www backups

info "Starting git backup" borg create --stats ::'git_{now}' /data/git git_create=$? info "Pruning git repository" borg prune --list --prefix 'git_' --show-rc --keep-daily 7 --keep-weekly 4 --keep-monthly 6 git_prune=$? git_exit=$(( git_create > git_prune ? git_create : git_prune ))
 * 1) make a git backup and prune old git backups

if [ $sys_exit -gt 0 ] || [ $www_exit -gt 0 ] || [ $git_exit -gt 0 ]; then message="sys_exit: $sys_exit\nwww_exit: $www_exit\ngit_exit: $git_exit" sendemail -o tls=yes -s $SERVER:$PORT -xu $USER -xp $PASS -f $FROM -t $TO -u "Warning: Borg backup might have failed" -m "$message" global_exit=1 fi
 * 1) handle errors and report
 * 2) we can also do it like $sys_exit -gt 1 in case we get warnings about changed files that we don't care about reporting

exit ${global_exit}
 * 1) exit through trap