Off-site Backup with Borg
Jump to navigation
Jump to search
A quick&dirty run-down how to use Borg for daily offsite backups (non-sql). Situation: local is the machine that needs to be backed up, HOST is the machine where backups will be stored.
- HOST - remote storage for backups
- USER - remote user
- DIRECTORY - remote directory containing backups
We assume Borg is installed on HOST already.
- setup USER @ HOST (on local: ssh-keygen -t ed25519 -b 320, on HOST: useradd USER, add key to authorized_keys, etc etc)
- create DIRECTORY at HOST and make it writable by USER
- on local: compile borg like: https://borgbackup.readthedocs.io/en/stable/installation.html#git-installation
- the above needs some additional packages but u'll figure that out
- on local: enter borg env like
source /root/src/borg-env/bin/activate
- on local: init repository like
borg init --encryption=keyfile-blake2 USER@HOST:DIRECTORY (provide passphrase)
- on local: export key like:
borg key export USER@HOST:DIRECTORY borg.key
- on local: hide key in a safe place & remember passphrase & shred borg.key
- on local: install sendemail for mail reporting (apt-get install sendemail)
- modify & use the script (eg. by adding it into crontab):
#!/bin/bash # # Borg automated backups # Based on: https://borgbackup.readthedocs.io/en/stable/quickstart.html#automating-backups # .. but not so fancy, lel # # This will backup to HOST into DIRECTORY # ::sys is a repository for system backup (/etc /root /var/log /usr/local) # ::www is a repository for www backup (/data/www) # ::git is a repository for git backup (/data/git) # ########################################################################################## # mail reporting parameters SERVER="" PORT="" USER="r" PASS="" FROM="" TO="" # get into the environment source /root/src/borg-env/bin/activate # set some variables export BORG_REPO=USER@HOST:DIRECTORY export BORG_PASSPHRASE='PASSPHRASE' # some helpers and error handling info() { printf "\n%s %s\n\n" "$( date )" "$*" >&2; } trap 'echo $( date ) Backup interrupted >&2; exit 2' INT TERM # make a sys backup and prune old sys backups info "Starting sys backup" borg create --stats ::'sys_{now}' /etc /root /var/log /usr/local sys_create=$? info "Pruning sys repository" borg prune --list --prefix 'sys_' --show-rc --keep-daily 7 --keep-weekly 4 --keep-monthly 6 sys_prune=$? sys_exit=$(( sys_create > sys_prune ? sys_create : sys_prune )) # make a www backup and prune old www backups info "Starting www backup" borg create --stats ::'www_{now}' /data/www www_create=$? info "Pruning www repository" borg prune --list --prefix 'www_' --show-rc --keep-daily 7 --keep-weekly 4 --keep-monthly 6 www_prune=$? # make a git backup and prune old git backups info "Starting git backup" borg create --stats ::'git_{now}' /data/git git_create=$? info "Pruning git repository" borg prune --list --prefix 'git_' --show-rc --keep-daily 7 --keep-weekly 4 --keep-monthly 6 git_prune=$? # handle errors and report # we can also do it like ''$sys_exit -gt 1'' in case we get warnings about changed files that we don't care about reporting if [ $sys_exit -gt 0 ] || [ $www_exit -gt 0 ] || [ $git_exit -gt 0 ]; then message="sys_exit: $sys_exit\nwww_exit: $www_exit\ngit_exit: $git_exit" sendemail -o tls=yes -s $SERVER:$PORT -xu $USER -xp $PASS -f $FROM -t $TO -u "Warning: Borg backup might have failed" -m "$message" global_exit=1 fi # exit through trap exit ${global_exit}