Off-site Backup with Borg

From Run Your Own
Revision as of 10:44, 6 April 2020 by Gnd (talk | contribs)
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

A quick&dirty run-down how to use Borg for daily offsite backups (non-sql). Situation: local is the machine that needs to be backed up, HOST is the machine where backups will be stored.

  • HOST - remote storage for backups
  • USER - remote user
  • DIRECTORY - remote directory containing backups

We assume Borg is installed on HOST already.

  • setup USER @ HOST (on local: ssh-keygen -t ed25519 -b 320, on HOST: useradd USER, add key to authorized_keys, etc etc)
  • create DIRECTORY at HOST and make it writable by USER
  • on local: compile borg like: https://borgbackup.readthedocs.io/en/stable/installation.html#git-installation
  • the above needs some additional packages but u'll figure that out
  • on local: enter borg env like
    source /root/src/borg-env/bin/activate
  • on local: init repository like
    borg init --encryption=keyfile-blake2 USER@HOST:DIRECTORY (provide passphrase)
  • on local: export key like:
    borg key export USER@HOST:DIRECTORY borg.key
  • on local: hide key in a safe place & remember passphrase & shred borg.key
  • on local: install sendemail for mail reporting (apt-get install sendemail)

- modify & use the script (eg. by adding it into crontab):

#!/bin/bash
#
# Borg automated backups
# Based on: https://borgbackup.readthedocs.io/en/stable/quickstart.html#automating-backups
# .. but not so fancy, lel
#
# This will backup to HOST into DIRECTORY
#   ::sys is a repository for system backup (/etc /root /var/log /usr/local)
#   ::www is a repository for www backup (/data/www)
#   ::git is a repository for git backup (/data/git)
#
##########################################################################################
# mail reporting parameters
SERVER=""
PORT=""
USER="r"
PASS=""
FROM=""
TO=""

# get into the environment
source /root/src/borg-env/bin/activate

# set some variables
export BORG_REPO=USER@HOST:DIRECTORY
export BORG_PASSPHRASE='PASSPHRASE'

# some helpers and error handling
info() { printf "\n%s %s\n\n" "$( date )" "$*" >&2; }
trap 'echo $( date ) Backup interrupted >&2; exit 2' INT TERM

# make a sys backup and prune old sys backups
info "Starting sys backup"
borg create --stats ::'sys_{now}' /etc /root /var/log /usr/local
sys_create=$?
info "Pruning sys repository"
borg prune --list --prefix 'sys_' --show-rc --keep-daily 7 --keep-weekly 4 --keep-monthly 6
sys_prune=$?
sys_exit=$(( sys_create > sys_prune ? sys_create : sys_prune ))

# make a www backup and prune old www backups
info "Starting www backup"
borg create --stats ::'www_{now}' /data/www
www_create=$?
info "Pruning www repository"
borg prune --list --prefix 'www_' --show-rc --keep-daily 7 --keep-weekly 4 --keep-monthly 6
www_prune=$?

# make a git backup and prune old git backups
info "Starting git backup"
borg create --stats ::'git_{now}' /data/git
git_create=$?
info "Pruning git repository"
borg prune --list --prefix 'git_' --show-rc --keep-daily 7 --keep-weekly 4 --keep-monthly 6
git_prune=$?

# handle errors and report
# we can also do it like ''$sys_exit -gt 1'' in case we get warnings about changed files that we don't care about reporting
if [ $sys_exit -gt 0 ] || [ $www_exit -gt 0 ] || [ $git_exit -gt 0 ]; then 
        message="sys_exit: $sys_exit\nwww_exit: $www_exit\ngit_exit: $git_exit"
        sendemail -o tls=yes -s $SERVER:$PORT -xu $USER -xp $PASS -f $FROM -t $TO -u "Warning: Borg backup might have failed" -m "$message"
        global_exit=1
fi

# exit through trap
exit ${global_exit}