diff --git a/borg/backup.sh b/borg/backup.sh index 6654bef..2f20e57 100644 --- a/borg/backup.sh +++ b/borg/backup.sh @@ -1,33 +1,22 @@ #!/bin/bash +set -e -# Desktop notification - function notify() { - if [ -x "$(command -v notify-send)" ]; then - # https://stackoverflow.com/questions/28195805/running-notify-send-as-root/49533938#49533938 - local display=":$(ls /tmp/.X11-unix/* | sed 's#/tmp/.X11-unix/X##' | head -n 1)" - local uid=$(id -u caspervk) - sudo -u caspervk DISPLAY=$display DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/$uid/bus notify-send --expire-time=0 --icon=backup "$@" - fi - } +# This script is based on the script at: +# https://borgbackup.readthedocs.io/en/stable/quickstart.html#automating-backups -notify "Borgbackup: Started" +# The repo path is relative to the directory the server `cd`s to before calling `borg serve`, i.e. `repos//` +# https://borgbackup.readthedocs.io/en/stable/usage/general.html#repository-urls +export BORG_REPO=ssh://borg@borg.caspervk.net:22222/./auto -# Avoid UnicodeError -export LANG=en_US.UTF-8 - -# Ask an external program to supply the repository passphrase: +# Use stdout of the following command to answer the passphrase question for encrypted repositories export BORG_PASSCOMMAND='cat /usr/local/etc/borg/passphrase.key' # When running Borg using an automated script, ssh might still ask for a password, even if there is an SSH key for # the target server. Use this to make scripts more robust: export BORG_RSH='ssh -oBatchMode=yes' -# Set repository location -# Note: because of the way the server is set up, the repo resides in `/home/borg/repos//` on the server. -export BORG_REPO=ssh://borg@sigma.caspervk.net:222/./auto-full - -# Initialize remote repository (doesn't matter if it already is). +# Initialize remote repository (doesn't matter if it already has been) borg init --encryption=repokey-blake2 # Backup directories into an archive named after the machine and current utc time. @@ -37,11 +26,10 @@ borg init --encryption=repokey-blake2 # An exclude rule starts with the prefix -. # An exclude-norecurse rule starts with !. borg create \ - --filter AME \ --show-rc \ + --progress \ --stats \ --compression zstd \ - --remote-ratelimit 0 \ --exclude-caches \ \ --pattern '! /dev' \ @@ -55,40 +43,42 @@ borg create --pattern '! /var/cache' \ --pattern '! /**/found.000/*' \ --pattern '! /mnt' \ + --pattern '! /var/lib/docker' \ \ --pattern '! /home/*/.steam' \ --pattern '! /home/*/GOG Games' \ --pattern '! /home/*/.cache' \ --pattern '! /home/*/Downloads' \ --pattern '! /home/*/.local/share/Trash' \ + --pattern '! /home/*/infrastructure/*/*/data' \ \ --pattern '+ /media/caspervk/C/Users/Casper/Desktop' \ + --pattern '+ /media/caspervk/C/Users/Casper/Documents' \ --pattern '+ /media/caspervk/C/Program Files (x86)/World of Warcraft/_classic_' \ - --pattern '- /media' \ + --pattern '+ /media/caspervk/Backup/borg' \ + --pattern '! /media' \ \ - --pattern '- /media/caspervk/Backup/Downloads' \ - --pattern '- /media/caspervk/Backup/monero' \ - --pattern '- /media/caspervk/Backup/Programmer/VirtualBox' \ - --pattern '+ /media/caspervk/Backup' \ ::'{hostname}-{utcnow}' \ / backup_exit=$? -# Use the `prune` subcommand to maintain 7 daily, 4 weekly and 6 monthly archives: -# Note that as the repo is append-only, prune won’t free disk space, but merely tag data as deleted in a new -# transaction. As soon as we write to the repo in non-append-only mode (e.g. prune, delete or create archives from an -# admin machine), it will remove the deleted objects permanently (including the ones that were already marked as -# deleted, but not removed, in append-only mode). -borg prune \ - --list \ - --show-rc \ - --keep-daily 7 \ - --keep-weekly 4 \ - --keep-monthly 6 +# Prunes repository by deleting all archives not matching any of the specified retention options. Repository disk space +# is NOT freed until `borg compact` is run. +# See https://borgbackup.readthedocs.io/en/stable/usage/prune.html for an explanation of the 'keep' options. +borg prune \ + --show-rc \ + --list \ + --keep-daily 14 \ + --keep-weekly 6 \ + --keep-monthly 12 prune_exit=$? -notify "Borgbackup: Finished" +# _Actually_ free repository disk space by compacting segments +borg compact +compact_exit=$? -# use highest exit code as global exit code + +# Use highest exit code as global exit code global_exit=$(( backup_exit > prune_exit ? backup_exit : prune_exit )) +global_exit=$(( compact_exit > global_exit ? compact_exit : global_exit )) exit ${global_exit} diff --git a/borg/borg-daily.service b/borg/borg-daily.service index 67b1b94..972e551 100644 --- a/borg/borg-daily.service +++ b/borg/borg-daily.service @@ -4,5 +4,5 @@ After=network.target network-online.target [Service] Type=oneshot -ExecStartPre=/bin/sh -c 'until host sigma.caspervk.net; do sleep 10; done' +ExecStartPre=/bin/sh -c 'until host borg.caspervk.net; do sleep 10; done' ExecStart=/usr/local/sbin/backup.sh diff --git a/install/borg.sh b/install/borg.sh index 7db4493..a225367 100755 --- a/install/borg.sh +++ b/install/borg.sh @@ -13,7 +13,7 @@ sudo chmod 744 /usr/local/sbin/backup.sh # Passphrase if [ ! -f /usr/local/etc/borg/passphrase.key ]; then - sudo mkdir --parents --mode=700 /usr/local/etc/borg/ + sudo mkdir --parents --mode=755 /usr/local/etc/borg/ echo '@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@' echo '@@ PLEASE BACKUP BORG PASSPHRASE: @@' pwgen 32 1 | sudo tee /usr/local/etc/borg/passphrase.key @@ -33,17 +33,8 @@ sudo systemctl start borg-daily.timer # SSH -ssh-keyscan -t ed25519 -p 222 sigma.caspervk.net | sudo tee /root/.ssh/known_hosts # add backup server to known_hosts -sudo ssh-keygen -t ed25519 # generate key for the root user -echo "Please add the following to ~borg/.ssh/authorized_keys on the server:" -echo "command=\"mkdir -p ~/repos/$(hostname); cd ~/repos/$(hostname); borg serve --append-only --restrict-to-path ~/repos/$(hostname)\",restrict $(sudo cat /root/.ssh/id_ed25519.pub)" +ssh-keyscan -t ed25519 -p 22222 borg.caspervk.net | sudo tee /root/.ssh/known_hosts # add backup server to known_hosts +sudo ssh-keygen -t ed25519 || true # generate key for the root user, it's fine if it already exists +echo "Please add /root/.ssh/id_ed25519.pub to the servers authorized_keys" read -p 'Press any key when done to test the connection.. (should return "PTY allocation request failed on channel 0")' -sudo ssh borg@sigma.caspervk.net -p 222 - - -# To setup the server: -# sudo apt install borgbackup -# sudo adduser --disabled-password borg -# sudo su borg -# cd ~ -# mkdir --mode=700 repos/ +sudo ssh borg@borg.caspervk.net -p 22222