Off-site Backup with Borg

From Run Your Own
Revision as of 10:45, 6 April 2020 by Gnd (talk | contribs)
Jump to navigation Jump to search

A quick&dirty run-down how to use Borg for daily offsite backups (non-sql). Situation: local is the machine that needs to be backed up, HOST is the machine where backups will be stored.

  • HOST - remote storage for backups
  • USER - remote user
  • DIRECTORY - remote directory containing backups

We assume Borg is installed on HOST already.

  • setup USER @ HOST (on local: ssh-keygen -t ed25519 -b 320, on HOST: useradd USER, add key to authorized_keys, etc etc)
  • create DIRECTORY at HOST and make it writable by USER
  • on local: compile borg like: https://borgbackup.readthedocs.io/en/stable/installation.html#git-installation
  • the above needs some additional packages but u'll figure that out
  • on local: enter borg env like
    source /root/src/borg-env/bin/activate
  • on local: init repository like
    borg init --encryption=keyfile-blake2 USER@HOST:DIRECTORY (provide passphrase)
  • on local: export key like:
    borg key export USER@HOST:DIRECTORY borg.key
  • on local: hide key in a safe place & remember passphrase & shred borg.key
  • on local: install sendemail for mail reporting:
    apt-get install sendemail

- modify & use the script (eg. by adding it into crontab):

#!/bin/bash
#
# Borg automated backups
# Based on: https://borgbackup.readthedocs.io/en/stable/quickstart.html#automating-backups
# .. but not so fancy, lel
#
# This will backup to HOST into DIRECTORY
#   ::sys is a repository for system backup (/etc /root /var/log /usr/local)
#   ::www is a repository for www backup (/data/www)
#   ::git is a repository for git backup (/data/git)
#
##########################################################################################
# mail reporting parameters
SERVER=""
PORT=""
USER="r"
PASS=""
FROM=""
TO=""

# get into the environment
source /root/src/borg-env/bin/activate

# set some variables
export BORG_REPO=USER@HOST:DIRECTORY
export BORG_PASSPHRASE='PASSPHRASE'

# some helpers and error handling
info() { printf "\n%s %s\n\n" "$( date )" "$*" >&2; }
trap 'echo $( date ) Backup interrupted >&2; exit 2' INT TERM

# make a sys backup and prune old sys backups
info "Starting sys backup"
borg create --stats ::'sys_{now}' /etc /root /var/log /usr/local
sys_create=$?
info "Pruning sys repository"
borg prune --list --prefix 'sys_' --show-rc --keep-daily 7 --keep-weekly 4 --keep-monthly 6
sys_prune=$?
sys_exit=$(( sys_create > sys_prune ? sys_create : sys_prune ))

# make a www backup and prune old www backups
info "Starting www backup"
borg create --stats ::'www_{now}' /data/www
www_create=$?
info "Pruning www repository"
borg prune --list --prefix 'www_' --show-rc --keep-daily 7 --keep-weekly 4 --keep-monthly 6
www_prune=$?
www_exit=$(( www_create > www_prune ? www_create : www_prune ))

# make a git backup and prune old git backups
info "Starting git backup"
borg create --stats ::'git_{now}' /data/git
git_create=$?
info "Pruning git repository"
borg prune --list --prefix 'git_' --show-rc --keep-daily 7 --keep-weekly 4 --keep-monthly 6
git_prune=$?
git_exit=$(( git_create > git_prune ? git_create : git_prune ))

# handle errors and report
# we can also do it like ''$sys_exit -gt 1'' in case we get warnings about changed files that we don't care about reporting
if [ $sys_exit -gt 0 ] || [ $www_exit -gt 0 ] || [ $git_exit -gt 0 ]; then 
        message="sys_exit: $sys_exit\nwww_exit: $www_exit\ngit_exit: $git_exit"
        sendemail -o tls=yes -s $SERVER:$PORT -xu $USER -xp $PASS -f $FROM -t $TO -u "Warning: Borg backup might have failed" -m "$message"
        global_exit=1
fi

# exit through trap
exit ${global_exit}