borg: update
This commit is contained in:
parent
c4ecd61bb4
commit
e04683f26a
3 changed files with 35 additions and 54 deletions
|
@ -1,33 +1,22 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
# Desktop notification
|
# This script is based on the script at:
|
||||||
function notify() {
|
# https://borgbackup.readthedocs.io/en/stable/quickstart.html#automating-backups
|
||||||
if [ -x "$(command -v notify-send)" ]; then
|
|
||||||
# https://stackoverflow.com/questions/28195805/running-notify-send-as-root/49533938#49533938
|
|
||||||
local display=":$(ls /tmp/.X11-unix/* | sed 's#/tmp/.X11-unix/X##' | head -n 1)"
|
|
||||||
local uid=$(id -u caspervk)
|
|
||||||
sudo -u caspervk DISPLAY=$display DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/$uid/bus notify-send --expire-time=0 --icon=backup "$@"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
notify "Borgbackup: Started"
|
# The repo path is relative to the directory the server `cd`s to before calling `borg serve`, i.e. `repos/<hostname>/`
|
||||||
|
# https://borgbackup.readthedocs.io/en/stable/usage/general.html#repository-urls
|
||||||
|
export BORG_REPO=ssh://borg@borg.caspervk.net:22222/./auto
|
||||||
|
|
||||||
# Avoid UnicodeError
|
# Use stdout of the following command to answer the passphrase question for encrypted repositories
|
||||||
export LANG=en_US.UTF-8
|
|
||||||
|
|
||||||
# Ask an external program to supply the repository passphrase:
|
|
||||||
export BORG_PASSCOMMAND='cat /usr/local/etc/borg/passphrase.key'
|
export BORG_PASSCOMMAND='cat /usr/local/etc/borg/passphrase.key'
|
||||||
|
|
||||||
# When running Borg using an automated script, ssh might still ask for a password, even if there is an SSH key for
|
# When running Borg using an automated script, ssh might still ask for a password, even if there is an SSH key for
|
||||||
# the target server. Use this to make scripts more robust:
|
# the target server. Use this to make scripts more robust:
|
||||||
export BORG_RSH='ssh -oBatchMode=yes'
|
export BORG_RSH='ssh -oBatchMode=yes'
|
||||||
|
|
||||||
# Set repository location
|
# Initialize remote repository (doesn't matter if it already has been)
|
||||||
# Note: because of the way the server is set up, the repo resides in `/home/borg/repos/<hostname>/` on the server.
|
|
||||||
export BORG_REPO=ssh://borg@sigma.caspervk.net:222/./auto-full
|
|
||||||
|
|
||||||
# Initialize remote repository (doesn't matter if it already is).
|
|
||||||
borg init --encryption=repokey-blake2
|
borg init --encryption=repokey-blake2
|
||||||
|
|
||||||
# Backup directories into an archive named after the machine and current utc time.
|
# Backup directories into an archive named after the machine and current utc time.
|
||||||
|
@ -37,11 +26,10 @@ borg init --encryption=repokey-blake2
|
||||||
# An exclude rule starts with the prefix -.
|
# An exclude rule starts with the prefix -.
|
||||||
# An exclude-norecurse rule starts with !.
|
# An exclude-norecurse rule starts with !.
|
||||||
borg create \
|
borg create \
|
||||||
--filter AME \
|
|
||||||
--show-rc \
|
--show-rc \
|
||||||
|
--progress \
|
||||||
--stats \
|
--stats \
|
||||||
--compression zstd \
|
--compression zstd \
|
||||||
--remote-ratelimit 0 \
|
|
||||||
--exclude-caches \
|
--exclude-caches \
|
||||||
\
|
\
|
||||||
--pattern '! /dev' \
|
--pattern '! /dev' \
|
||||||
|
@ -55,40 +43,42 @@ borg create
|
||||||
--pattern '! /var/cache' \
|
--pattern '! /var/cache' \
|
||||||
--pattern '! /**/found.000/*' \
|
--pattern '! /**/found.000/*' \
|
||||||
--pattern '! /mnt' \
|
--pattern '! /mnt' \
|
||||||
|
--pattern '! /var/lib/docker' \
|
||||||
\
|
\
|
||||||
--pattern '! /home/*/.steam' \
|
--pattern '! /home/*/.steam' \
|
||||||
--pattern '! /home/*/GOG Games' \
|
--pattern '! /home/*/GOG Games' \
|
||||||
--pattern '! /home/*/.cache' \
|
--pattern '! /home/*/.cache' \
|
||||||
--pattern '! /home/*/Downloads' \
|
--pattern '! /home/*/Downloads' \
|
||||||
--pattern '! /home/*/.local/share/Trash' \
|
--pattern '! /home/*/.local/share/Trash' \
|
||||||
|
--pattern '! /home/*/infrastructure/*/*/data' \
|
||||||
\
|
\
|
||||||
--pattern '+ /media/caspervk/C/Users/Casper/Desktop' \
|
--pattern '+ /media/caspervk/C/Users/Casper/Desktop' \
|
||||||
|
--pattern '+ /media/caspervk/C/Users/Casper/Documents' \
|
||||||
--pattern '+ /media/caspervk/C/Program Files (x86)/World of Warcraft/_classic_' \
|
--pattern '+ /media/caspervk/C/Program Files (x86)/World of Warcraft/_classic_' \
|
||||||
--pattern '- /media' \
|
--pattern '+ /media/caspervk/Backup/borg' \
|
||||||
|
--pattern '! /media' \
|
||||||
\
|
\
|
||||||
--pattern '- /media/caspervk/Backup/Downloads' \
|
|
||||||
--pattern '- /media/caspervk/Backup/monero' \
|
|
||||||
--pattern '- /media/caspervk/Backup/Programmer/VirtualBox' \
|
|
||||||
--pattern '+ /media/caspervk/Backup' \
|
|
||||||
::'{hostname}-{utcnow}' \
|
::'{hostname}-{utcnow}' \
|
||||||
/
|
/
|
||||||
backup_exit=$?
|
backup_exit=$?
|
||||||
|
|
||||||
# Use the `prune` subcommand to maintain 7 daily, 4 weekly and 6 monthly archives:
|
# Prunes repository by deleting all archives not matching any of the specified retention options. Repository disk space
|
||||||
# Note that as the repo is append-only, prune won’t free disk space, but merely tag data as deleted in a new
|
# is NOT freed until `borg compact` is run.
|
||||||
# transaction. As soon as we write to the repo in non-append-only mode (e.g. prune, delete or create archives from an
|
# See https://borgbackup.readthedocs.io/en/stable/usage/prune.html for an explanation of the 'keep' options.
|
||||||
# admin machine), it will remove the deleted objects permanently (including the ones that were already marked as
|
borg prune \
|
||||||
# deleted, but not removed, in append-only mode).
|
--show-rc \
|
||||||
borg prune \
|
--list \
|
||||||
--list \
|
--keep-daily 14 \
|
||||||
--show-rc \
|
--keep-weekly 6 \
|
||||||
--keep-daily 7 \
|
--keep-monthly 12
|
||||||
--keep-weekly 4 \
|
|
||||||
--keep-monthly 6
|
|
||||||
prune_exit=$?
|
prune_exit=$?
|
||||||
|
|
||||||
notify "Borgbackup: Finished"
|
# _Actually_ free repository disk space by compacting segments
|
||||||
|
borg compact
|
||||||
|
compact_exit=$?
|
||||||
|
|
||||||
# use highest exit code as global exit code
|
|
||||||
|
# Use highest exit code as global exit code
|
||||||
global_exit=$(( backup_exit > prune_exit ? backup_exit : prune_exit ))
|
global_exit=$(( backup_exit > prune_exit ? backup_exit : prune_exit ))
|
||||||
|
global_exit=$(( compact_exit > global_exit ? compact_exit : global_exit ))
|
||||||
exit ${global_exit}
|
exit ${global_exit}
|
||||||
|
|
|
@ -4,5 +4,5 @@ After=network.target network-online.target
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
ExecStartPre=/bin/sh -c 'until host sigma.caspervk.net; do sleep 10; done'
|
ExecStartPre=/bin/sh -c 'until host borg.caspervk.net; do sleep 10; done'
|
||||||
ExecStart=/usr/local/sbin/backup.sh
|
ExecStart=/usr/local/sbin/backup.sh
|
||||||
|
|
|
@ -13,7 +13,7 @@ sudo chmod 744 /usr/local/sbin/backup.sh
|
||||||
|
|
||||||
# Passphrase
|
# Passphrase
|
||||||
if [ ! -f /usr/local/etc/borg/passphrase.key ]; then
|
if [ ! -f /usr/local/etc/borg/passphrase.key ]; then
|
||||||
sudo mkdir --parents --mode=700 /usr/local/etc/borg/
|
sudo mkdir --parents --mode=755 /usr/local/etc/borg/
|
||||||
echo '@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@'
|
echo '@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@'
|
||||||
echo '@@ PLEASE BACKUP BORG PASSPHRASE: @@'
|
echo '@@ PLEASE BACKUP BORG PASSPHRASE: @@'
|
||||||
pwgen 32 1 | sudo tee /usr/local/etc/borg/passphrase.key
|
pwgen 32 1 | sudo tee /usr/local/etc/borg/passphrase.key
|
||||||
|
@ -33,17 +33,8 @@ sudo systemctl start borg-daily.timer
|
||||||
|
|
||||||
|
|
||||||
# SSH
|
# SSH
|
||||||
ssh-keyscan -t ed25519 -p 222 sigma.caspervk.net | sudo tee /root/.ssh/known_hosts # add backup server to known_hosts
|
ssh-keyscan -t ed25519 -p 22222 borg.caspervk.net | sudo tee /root/.ssh/known_hosts # add backup server to known_hosts
|
||||||
sudo ssh-keygen -t ed25519 # generate key for the root user
|
sudo ssh-keygen -t ed25519 || true # generate key for the root user, it's fine if it already exists
|
||||||
echo "Please add the following to ~borg/.ssh/authorized_keys on the server:"
|
echo "Please add /root/.ssh/id_ed25519.pub to the servers authorized_keys"
|
||||||
echo "command=\"mkdir -p ~/repos/$(hostname); cd ~/repos/$(hostname); borg serve --append-only --restrict-to-path ~/repos/$(hostname)\",restrict $(sudo cat /root/.ssh/id_ed25519.pub)"
|
|
||||||
read -p 'Press any key when done to test the connection.. (should return "PTY allocation request failed on channel 0")'
|
read -p 'Press any key when done to test the connection.. (should return "PTY allocation request failed on channel 0")'
|
||||||
sudo ssh borg@sigma.caspervk.net -p 222
|
sudo ssh borg@borg.caspervk.net -p 22222
|
||||||
|
|
||||||
|
|
||||||
# To setup the server:
|
|
||||||
# sudo apt install borgbackup
|
|
||||||
# sudo adduser --disabled-password borg
|
|
||||||
# sudo su borg
|
|
||||||
# cd ~
|
|
||||||
# mkdir --mode=700 repos/
|
|
||||||
|
|
Reference in a new issue