oxeo0/selfhosting-blogposts
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/selfhosting-blogposts.git synced 2025-05-16 12:16:59 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
selfhosting-blogposts/borg_auto/index.md

261 lines
7.9 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
search:
exclude: true
---
# borg_auto Setup
![](0.png)
## **Initial Setup**
![]()
[ Temple ] [ /dev/pts/1 ] [/backups]
→ useradd borg
[ Temple ] [ /dev/pts/1 ] [/backups]
→ passwd borg
New password:
Retype new password:
passwd: password updated successfully
[ Temple ] [ /dev/pts/1 ] [/backups]
→ mkdir /backups
[ Temple ] [ /dev/pts/1 ] [/backups]
→ mkdir /backups
mkdir: cannot create directory /backups: File exists
[ Temple ] [ /dev/pts/1 ] [/backups]
→ chown -R borg:borg /backups
[ Temple ] [ /dev/pts/1 ] [/backups]
→ tree /backups
/backups
├── gitea
├── kanboard
├── lain
├── tf2
├── void.yt
└── zabbix
6 directories, 0 files
[ Temple ] [ /dev/pts/1 ] [/backups]
→ apt update -y ; apt upgrade -y ; apt install borgbackup openssh-server -y
[ Temple ] [ /dev/pts/1 ] [~borg/.ssh]
→ wget https://raw.githubusercontent.com/ech1/serverside/master/ssh/sshd_config -O /etc/ssh/sshd_config
[ Temple ] [ /dev/pts/1 ] [~borg/.ssh]
→ systemctl restart ssh
[ Temple ] [ /dev/pts/1 ] [/backups]
→ mkdir -p /home/borg/.ssh/
[ Temple ] [ /dev/pts/1 ] [/backups]
→ cd /home/borg/.ssh/
Then simply create ssh keys of the clients that need to connect to the server:
[ 10.0.0.101/16 ] [ /dev/pts/0 ] [~/.ssh]
→ ssh-keygen -t ed25519
Generating public/private ed25519 key pair.
Enter file in which to save the key (/root/.ssh/id_ed25519):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_ed25519.
Your public key has been saved in /root/.ssh/id_ed25519.pub.
[ 10.0.0.101/16 ] [ /dev/pts/0 ] [~/.ssh]
→ cat /root/.ssh/id_ed25519.pub
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHiRId0rF7zyfZGNHqck7vm8yLzhlPyHDEOvERxLGDfb root@home
[ 10.0.0.101/16 ] [ /dev/pts/0 ] [~/.ssh]
→ vim config
[ 10.0.0.101/16 ] [ /dev/pts/0 ] [~/.ssh]
→ cat config | head -n4
Host backup
Hostname backup.void.yt
IdentityFile ~/.ssh/id_ed25519
User borg
Then add it to the server and test the connection:
[ Temple ] [ /dev/pts/1 ] [~borg/.ssh]
→ echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHiRId0rF7zyfZGNHqck7vm8yLzhlPyHDEOvERxLGDfb root@home" >> authorized_keys
[ 10.0.0.101/16 ] [ /dev/pts/0 ] [~/.ssh]
→ apt install borgbackup -y
[ 10.0.0.101/16 ] [ /dev/pts/0 ] [~/.ssh]
→ ssh backup
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
$ pwd
/home/borg
Now that's done, we can start backuping what we need:
## **Setup**
[ 10.0.0.101/16 ] [ /dev/pts/0 ] [~/.ssh]
→ borg init --encryption=repokey backup:/backups/void.yt/
Enter new passphrase:
Enter same passphrase again:
Do you want your passphrase to be displayed for verification? [yN]: N
By default repositories initialized with this version will produce security
errors if written to with an older version (up to and including Borg 1.0.8).
If you want to use these older versions, you can disable the check by running:
borg upgrade --disable-tam ssh://backup/backups/void.yt
[ 10.0.0.101/16 ] [ /dev/pts/0 ] [~/.ssh]
→ borg create --progress --stats backup:/backups/void.yt::backup-name /var/www/nextcloud/data/nothing/files
Enter passphrase for key ssh://backup/backups/void.yt:
17.88 MB O 14.88 MB C 13.58 MB D 82 N var/www/nextcloud/data/nothing/files
Now that is a manual backup done, however we want it to be non-interactive:
[ 10.0.0.101/16 ] [ /dev/pts/0 ] [~/.ssh]
→ export BORG_PASSPHRASE='your repository password'
[ 10.0.0.101/16 ] [ /dev/pts/0 ] [~/.ssh]
→ export BORG_REPO='backup:/backups/void.yt/'
[ 10.0.0.101/16 ] [ /dev/pts/0 ] [~]
→ cat borg.sh
#!/bin/bash
# Backup a folder to a remote address using borg.
# Usage: backup-borg.sh
# To restore: borg extract $BORG_REPO::computer-and-date
set -eu
export BORG_REPO='backup:/backups/void.yt/'
export BORG_PASSPHRASE='password'
PATH_TO_BACKUP="/var/www/nextcloud/data/nothing/files/"
/usr/bin/borg create ::$(hostname)-$(date --iso-8601) $PATH_TO_BACKUP --stats --progress
/usr/bin/borg prune --keep-daily=7
[ 10.0.0.101/16 ] [ /dev/pts/0 ] [~]
→ chmod +x borg.sh
[ 10.0.0.101/16 ] [ /dev/pts/0 ] [~]
→ ./borg.sh
[ 10.0.0.101/16 ] [ /dev/pts/0 ] [~]
→ borg list
home-2022-03-19 Sat, 2022-03-19 23:34:08 [f98c23b6e90e4d35937891e07f0f45c6e870248cb5ef18bebd7857c83a36ff80]
Now to automate it, to make it run every day at night:
[ 10.0.0.101/16 ] [ /dev/pts/0 ] [~]
→ crontab -e
0 3 * * * "/root/borg.sh"
:wq
[ 10.0.0.101/16 ] [ /dev/pts/0 ] [~]
→ cronitor select
✔ "/root/borg.sh"
----► Running command: "/root/borg.sh"
Now we write a script to check the backups automatically from the server:
[ Temple ] [ /dev/pts/1 ] [~]
→ vim check_backups.sh
[ Temple ] [ /dev/pts/1 ] [~]
→ cat check_backups.sh
#!/bin/bash
GREEN="\033[0;32m"
RED="\033[0;31m"
ORANGE="\033[0;33m"
NC="\033[0m"
export BORG_PASSPHRASE='password'
echo -en "\n${GREEN}[+]${NC} Gitea Backups:\n"
borg list /backups/gitea
echo -en "\n${GREEN}[+]${NC} Kanboard Backups:\n"
borg list /backups/kanboard
echo -en "\n${GREEN}[+]${NC} Lain Backups:\n"
borg list /backups/lain
echo -en "\n${GREEN}[+]${NC} Mainpc Backups:\n"
borg list /backups/mainpc
echo -en "\n${GREEN}[+]${NC} TF2 Backups:\n"
borg list /backups/tf2
echo -en "\n${GREEN}[+]${NC} void.yt Backups:\n"
borg list /backups/void.yt
Then we test it:
[ Temple ] [ /dev/pts/1 ] [~]
→ ./check_backups.sh
[+] Gitea Backups:
gitea-2022-03-28 Mon, 2022-03-28 20:22:20 [28866dd3b0597ac2d9e51eaac4bc637348a0f60e217983501dd517fbe482ab29]
gitea-2022-03-29 Tue, 2022-03-29 05:00:03 [1bdaa05b398f373df4eeeb383d57069d8d31e9270a444f8c2af2ad3745c69b59]
[+] Kanboard Backups:
kanboard-2022-03-28 Mon, 2022-03-28 19:01:31 [fa5f11ded525a779b3766260c2dc9a87296227b7790c0d9d46fc2cb90e91247e]
kanboard-2022-03-29 Tue, 2022-03-29 05:00:03 [a03049fc5ccc71be524377d80c8c314b67945b133b1869b9a69763167cfafc98]
[+] Lain Backups:
lain-2022-03-28 Mon, 2022-03-28 20:24:46 [37a09d909525ebd4be4d7eb198ee9d3dc1c4e07748535e0d3ebec646be81f565]
lain-2022-03-29 Tue, 2022-03-29 03:00:04 [188d8d588cd636de8abbd18ce110d437b0e585cc322956dd84fdb67ba888d490]
[+] Mainpc Backups:
Failed to create/acquire the lock /backups/mainpc/lock.exclusive (timeout).
[+] TF2 Backups:
tf2-2022-03-28 Mon, 2022-03-28 20:26:16 [ae3eeb3de9daa59118fc3f891497c6b97ac9ffec8c7c22592d13c2f5e4996d89]
tf2-2022-03-29 Tue, 2022-03-29 05:00:03 [fb2e5f00a129e7d452cdae9f3531209fc750d19ebda8549cbfe304442252a956]
[+] void.yt Backups:
home-2022-03-28 Mon, 2022-03-28 20:22:30 [e29ddefecd16999446220de76258b80674d398e6d24c116ab7c5fa7e2a394985]
home-2022-03-29 Tue, 2022-03-29 03:00:03 [f5b0e21c131a3ce885177e009e6864cb1dbfebb1953266e26509336ebfa815bd]
Reference in a new issue View git blame Copy permalink