Archived
1
0
Fork 0

borg: update

This commit is contained in:
Casper V. Kristensen 2022-06-11 23:30:42 +02:00
parent c4ecd61bb4
commit e04683f26a
3 changed files with 35 additions and 54 deletions

View file

@ -1,33 +1,22 @@
#!/bin/bash #!/bin/bash
set -e
# Desktop notification # This script is based on the script at:
function notify() { # https://borgbackup.readthedocs.io/en/stable/quickstart.html#automating-backups
if [ -x "$(command -v notify-send)" ]; then
# https://stackoverflow.com/questions/28195805/running-notify-send-as-root/49533938#49533938
local display=":$(ls /tmp/.X11-unix/* | sed 's#/tmp/.X11-unix/X##' | head -n 1)"
local uid=$(id -u caspervk)
sudo -u caspervk DISPLAY=$display DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/$uid/bus notify-send --expire-time=0 --icon=backup "$@"
fi
}
notify "Borgbackup: Started" # The repo path is relative to the directory the server `cd`s to before calling `borg serve`, i.e. `repos/<hostname>/`
# https://borgbackup.readthedocs.io/en/stable/usage/general.html#repository-urls
export BORG_REPO=ssh://borg@borg.caspervk.net:22222/./auto
# Avoid UnicodeError # Use stdout of the following command to answer the passphrase question for encrypted repositories
export LANG=en_US.UTF-8
# Ask an external program to supply the repository passphrase:
export BORG_PASSCOMMAND='cat /usr/local/etc/borg/passphrase.key' export BORG_PASSCOMMAND='cat /usr/local/etc/borg/passphrase.key'
# When running Borg using an automated script, ssh might still ask for a password, even if there is an SSH key for # When running Borg using an automated script, ssh might still ask for a password, even if there is an SSH key for
# the target server. Use this to make scripts more robust: # the target server. Use this to make scripts more robust:
export BORG_RSH='ssh -oBatchMode=yes' export BORG_RSH='ssh -oBatchMode=yes'
# Set repository location # Initialize remote repository (doesn't matter if it already has been)
# Note: because of the way the server is set up, the repo resides in `/home/borg/repos/<hostname>/` on the server.
export BORG_REPO=ssh://borg@sigma.caspervk.net:222/./auto-full
# Initialize remote repository (doesn't matter if it already is).
borg init --encryption=repokey-blake2 borg init --encryption=repokey-blake2
# Backup directories into an archive named after the machine and current utc time. # Backup directories into an archive named after the machine and current utc time.
@ -37,11 +26,10 @@ borg init --encryption=repokey-blake2
# An exclude rule starts with the prefix -. # An exclude rule starts with the prefix -.
# An exclude-norecurse rule starts with !. # An exclude-norecurse rule starts with !.
borg create \ borg create \
--filter AME \
--show-rc \ --show-rc \
--progress \
--stats \ --stats \
--compression zstd \ --compression zstd \
--remote-ratelimit 0 \
--exclude-caches \ --exclude-caches \
\ \
--pattern '! /dev' \ --pattern '! /dev' \
@ -55,40 +43,42 @@ borg create
--pattern '! /var/cache' \ --pattern '! /var/cache' \
--pattern '! /**/found.000/*' \ --pattern '! /**/found.000/*' \
--pattern '! /mnt' \ --pattern '! /mnt' \
--pattern '! /var/lib/docker' \
\ \
--pattern '! /home/*/.steam' \ --pattern '! /home/*/.steam' \
--pattern '! /home/*/GOG Games' \ --pattern '! /home/*/GOG Games' \
--pattern '! /home/*/.cache' \ --pattern '! /home/*/.cache' \
--pattern '! /home/*/Downloads' \ --pattern '! /home/*/Downloads' \
--pattern '! /home/*/.local/share/Trash' \ --pattern '! /home/*/.local/share/Trash' \
--pattern '! /home/*/infrastructure/*/*/data' \
\ \
--pattern '+ /media/caspervk/C/Users/Casper/Desktop' \ --pattern '+ /media/caspervk/C/Users/Casper/Desktop' \
--pattern '+ /media/caspervk/C/Users/Casper/Documents' \
--pattern '+ /media/caspervk/C/Program Files (x86)/World of Warcraft/_classic_' \ --pattern '+ /media/caspervk/C/Program Files (x86)/World of Warcraft/_classic_' \
--pattern '- /media' \ --pattern '+ /media/caspervk/Backup/borg' \
--pattern '! /media' \
\ \
--pattern '- /media/caspervk/Backup/Downloads' \
--pattern '- /media/caspervk/Backup/monero' \
--pattern '- /media/caspervk/Backup/Programmer/VirtualBox' \
--pattern '+ /media/caspervk/Backup' \
::'{hostname}-{utcnow}' \ ::'{hostname}-{utcnow}' \
/ /
backup_exit=$? backup_exit=$?
# Use the `prune` subcommand to maintain 7 daily, 4 weekly and 6 monthly archives: # Prunes repository by deleting all archives not matching any of the specified retention options. Repository disk space
# Note that as the repo is append-only, prune wont free disk space, but merely tag data as deleted in a new # is NOT freed until `borg compact` is run.
# transaction. As soon as we write to the repo in non-append-only mode (e.g. prune, delete or create archives from an # See https://borgbackup.readthedocs.io/en/stable/usage/prune.html for an explanation of the 'keep' options.
# admin machine), it will remove the deleted objects permanently (including the ones that were already marked as borg prune \
# deleted, but not removed, in append-only mode). --show-rc \
borg prune \ --list \
--list \ --keep-daily 14 \
--show-rc \ --keep-weekly 6 \
--keep-daily 7 \ --keep-monthly 12
--keep-weekly 4 \
--keep-monthly 6
prune_exit=$? prune_exit=$?
notify "Borgbackup: Finished" # _Actually_ free repository disk space by compacting segments
borg compact
compact_exit=$?
# use highest exit code as global exit code
# Use highest exit code as global exit code
global_exit=$(( backup_exit > prune_exit ? backup_exit : prune_exit )) global_exit=$(( backup_exit > prune_exit ? backup_exit : prune_exit ))
global_exit=$(( compact_exit > global_exit ? compact_exit : global_exit ))
exit ${global_exit} exit ${global_exit}

View file

@ -4,5 +4,5 @@ After=network.target network-online.target
[Service] [Service]
Type=oneshot Type=oneshot
ExecStartPre=/bin/sh -c 'until host sigma.caspervk.net; do sleep 10; done' ExecStartPre=/bin/sh -c 'until host borg.caspervk.net; do sleep 10; done'
ExecStart=/usr/local/sbin/backup.sh ExecStart=/usr/local/sbin/backup.sh

View file

@ -13,7 +13,7 @@ sudo chmod 744 /usr/local/sbin/backup.sh
# Passphrase # Passphrase
if [ ! -f /usr/local/etc/borg/passphrase.key ]; then if [ ! -f /usr/local/etc/borg/passphrase.key ]; then
sudo mkdir --parents --mode=700 /usr/local/etc/borg/ sudo mkdir --parents --mode=755 /usr/local/etc/borg/
echo '@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@' echo '@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@'
echo '@@ PLEASE BACKUP BORG PASSPHRASE: @@' echo '@@ PLEASE BACKUP BORG PASSPHRASE: @@'
pwgen 32 1 | sudo tee /usr/local/etc/borg/passphrase.key pwgen 32 1 | sudo tee /usr/local/etc/borg/passphrase.key
@ -33,17 +33,8 @@ sudo systemctl start borg-daily.timer
# SSH # SSH
ssh-keyscan -t ed25519 -p 222 sigma.caspervk.net | sudo tee /root/.ssh/known_hosts # add backup server to known_hosts ssh-keyscan -t ed25519 -p 22222 borg.caspervk.net | sudo tee /root/.ssh/known_hosts # add backup server to known_hosts
sudo ssh-keygen -t ed25519 # generate key for the root user sudo ssh-keygen -t ed25519 || true # generate key for the root user, it's fine if it already exists
echo "Please add the following to ~borg/.ssh/authorized_keys on the server:" echo "Please add /root/.ssh/id_ed25519.pub to the servers authorized_keys"
echo "command=\"mkdir -p ~/repos/$(hostname); cd ~/repos/$(hostname); borg serve --append-only --restrict-to-path ~/repos/$(hostname)\",restrict $(sudo cat /root/.ssh/id_ed25519.pub)"
read -p 'Press any key when done to test the connection.. (should return "PTY allocation request failed on channel 0")' read -p 'Press any key when done to test the connection.. (should return "PTY allocation request failed on channel 0")'
sudo ssh borg@sigma.caspervk.net -p 222 sudo ssh borg@borg.caspervk.net -p 22222
# To setup the server:
# sudo apt install borgbackup
# sudo adduser --disabled-password borg
# sudo su borg
# cd ~
# mkdir --mode=700 repos/