Compare commits
2 commits
a64fbb9f39
...
e04683f26a
| Author | SHA1 | Date | |
|---|---|---|---|
 Casper V. Kristensen
|
e04683f26a | ||
|
Casper V. Kristensen
|
c4ecd61bb4 |
|
|
@ -1,33 +1,22 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
# Desktop notification
|
||||
function notify() {
|
||||
if [ -x "$(command -v notify-send)" ]; then
|
||||
# https://stackoverflow.com/questions/28195805/running-notify-send-as-root/49533938#49533938
|
||||
local display=":$(ls /tmp/.X11-unix/* | sed 's#/tmp/.X11-unix/X##' | head -n 1)"
|
||||
local uid=$(id -u caspervk)
|
||||
sudo -u caspervk DISPLAY=$display DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/$uid/bus notify-send --expire-time=0 --icon=backup "$@"
|
||||
fi
|
||||
}
|
||||
# This script is based on the script at:
|
||||
# https://borgbackup.readthedocs.io/en/stable/quickstart.html#automating-backups
|
||||
|
||||
notify "Borgbackup: Started"
|
||||
# The repo path is relative to the directory the server `cd`s to before calling `borg serve`, i.e. `repos/<hostname>/`
|
||||
# https://borgbackup.readthedocs.io/en/stable/usage/general.html#repository-urls
|
||||
export BORG_REPO=ssh://borg@borg.caspervk.net:22222/./auto
|
||||
|
||||
# Avoid UnicodeError
|
||||
export LANG=en_US.UTF-8
|
||||
|
||||
# Ask an external program to supply the repository passphrase:
|
||||
# Use stdout of the following command to answer the passphrase question for encrypted repositories
|
||||
export BORG_PASSCOMMAND='cat /usr/local/etc/borg/passphrase.key'
|
||||
|
||||
# When running Borg using an automated script, ssh might still ask for a password, even if there is an SSH key for
|
||||
# the target server. Use this to make scripts more robust:
|
||||
export BORG_RSH='ssh -oBatchMode=yes'
|
||||
|
||||
# Set repository location
|
||||
# Note: because of the way the server is set up, the repo resides in `/home/borg/repos/<hostname>/` on the server.
|
||||
export BORG_REPO=ssh://borg@sigma.caspervk.net:222/./auto-full
|
||||
|
||||
# Initialize remote repository (doesn't matter if it already is).
|
||||
# Initialize remote repository (doesn't matter if it already has been)
|
||||
borg init --encryption=repokey-blake2
|
||||
|
||||
# Backup directories into an archive named after the machine and current utc time.
|
||||
|
|
@ -37,11 +26,10 @@ borg init --encryption=repokey-blake2
|
|||
# An exclude rule starts with the prefix -.
|
||||
# An exclude-norecurse rule starts with !.
|
||||
borg create \
|
||||
--filter AME \
|
||||
--show-rc \
|
||||
--progress \
|
||||
--stats \
|
||||
--compression zstd \
|
||||
--remote-ratelimit 0 \
|
||||
--exclude-caches \
|
||||
\
|
||||
--pattern '! /dev' \
|
||||
|
|
@ -55,40 +43,42 @@ borg create
|
|||
--pattern '! /var/cache' \
|
||||
--pattern '! /**/found.000/*' \
|
||||
--pattern '! /mnt' \
|
||||
--pattern '! /var/lib/docker' \
|
||||
\
|
||||
--pattern '! /home/*/.steam' \
|
||||
--pattern '! /home/*/GOG Games' \
|
||||
--pattern '! /home/*/.cache' \
|
||||
--pattern '! /home/*/Downloads' \
|
||||
--pattern '! /home/*/.local/share/Trash' \
|
||||
--pattern '! /home/*/infrastructure/*/*/data' \
|
||||
\
|
||||
--pattern '+ /media/caspervk/C/Users/Casper/Desktop' \
|
||||
--pattern '+ /media/caspervk/C/Users/Casper/Documents' \
|
||||
--pattern '+ /media/caspervk/C/Program Files (x86)/World of Warcraft/_classic_' \
|
||||
--pattern '- /media' \
|
||||
--pattern '+ /media/caspervk/Backup/borg' \
|
||||
--pattern '! /media' \
|
||||
\
|
||||
--pattern '- /media/caspervk/Backup/Downloads' \
|
||||
--pattern '- /media/caspervk/Backup/monero' \
|
||||
--pattern '- /media/caspervk/Backup/Programmer/VirtualBox' \
|
||||
--pattern '+ /media/caspervk/Backup' \
|
||||
::'{hostname}-{utcnow}' \
|
||||
/
|
||||
backup_exit=$?
|
||||
|
||||
# Use the `prune` subcommand to maintain 7 daily, 4 weekly and 6 monthly archives:
|
||||
# Note that as the repo is append-only, prune won’t free disk space, but merely tag data as deleted in a new
|
||||
# transaction. As soon as we write to the repo in non-append-only mode (e.g. prune, delete or create archives from an
|
||||
# admin machine), it will remove the deleted objects permanently (including the ones that were already marked as
|
||||
# deleted, but not removed, in append-only mode).
|
||||
borg prune \
|
||||
--list \
|
||||
--show-rc \
|
||||
--keep-daily 7 \
|
||||
--keep-weekly 4 \
|
||||
--keep-monthly 6
|
||||
# Prunes repository by deleting all archives not matching any of the specified retention options. Repository disk space
|
||||
# is NOT freed until `borg compact` is run.
|
||||
# See https://borgbackup.readthedocs.io/en/stable/usage/prune.html for an explanation of the 'keep' options.
|
||||
borg prune \
|
||||
--show-rc \
|
||||
--list \
|
||||
--keep-daily 14 \
|
||||
--keep-weekly 6 \
|
||||
--keep-monthly 12
|
||||
prune_exit=$?
|
||||
|
||||
notify "Borgbackup: Finished"
|
||||
# _Actually_ free repository disk space by compacting segments
|
||||
borg compact
|
||||
compact_exit=$?
|
||||
|
||||
# use highest exit code as global exit code
|
||||
|
||||
# Use highest exit code as global exit code
|
||||
global_exit=$(( backup_exit > prune_exit ? backup_exit : prune_exit ))
|
||||
global_exit=$(( compact_exit > global_exit ? compact_exit : global_exit ))
|
||||
exit ${global_exit}
|
||||
|
|
|
|||
|
|
@ -4,5 +4,5 @@ After=network.target network-online.target
|
|||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStartPre=/bin/sh -c 'until host sigma.caspervk.net; do sleep 10; done'
|
||||
ExecStartPre=/bin/sh -c 'until host borg.caspervk.net; do sleep 10; done'
|
||||
ExecStart=/usr/local/sbin/backup.sh
|
||||
|
|
|
|||
20
config.fish
20
config.fish
|
|
@ -1 +1,21 @@
|
|||
fzf_configure_bindings --directory=\cf --git_log=\cg
|
||||
|
||||
# Completions for 3rd-party applications
|
||||
if type -q flux
|
||||
flux completion fish | source
|
||||
end
|
||||
if type -q helm
|
||||
helm completion fish | source
|
||||
end
|
||||
if type -q k9s
|
||||
k9s completion fish | source
|
||||
end
|
||||
if type -q kind
|
||||
kind completion fish | source
|
||||
end
|
||||
if type -q tfctl
|
||||
tfctl completion fish | source
|
||||
end
|
||||
if type -q ytt
|
||||
ytt completion fish | source
|
||||
end
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ sudo chmod 744 /usr/local/sbin/backup.sh
|
|||
|
||||
# Passphrase
|
||||
if [ ! -f /usr/local/etc/borg/passphrase.key ]; then
|
||||
sudo mkdir --parents --mode=700 /usr/local/etc/borg/
|
||||
sudo mkdir --parents --mode=755 /usr/local/etc/borg/
|
||||
echo '@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@'
|
||||
echo '@@ PLEASE BACKUP BORG PASSPHRASE: @@'
|
||||
pwgen 32 1 | sudo tee /usr/local/etc/borg/passphrase.key
|
||||
|
|
@ -33,17 +33,8 @@ sudo systemctl start borg-daily.timer
|
|||
|
||||
|
||||
# SSH
|
||||
ssh-keyscan -t ed25519 -p 222 sigma.caspervk.net | sudo tee /root/.ssh/known_hosts # add backup server to known_hosts
|
||||
sudo ssh-keygen -t ed25519 # generate key for the root user
|
||||
echo "Please add the following to ~borg/.ssh/authorized_keys on the server:"
|
||||
echo "command=\"mkdir -p ~/repos/$(hostname); cd ~/repos/$(hostname); borg serve --append-only --restrict-to-path ~/repos/$(hostname)\",restrict $(sudo cat /root/.ssh/id_ed25519.pub)"
|
||||
ssh-keyscan -t ed25519 -p 22222 borg.caspervk.net | sudo tee /root/.ssh/known_hosts # add backup server to known_hosts
|
||||
sudo ssh-keygen -t ed25519 || true # generate key for the root user, it's fine if it already exists
|
||||
echo "Please add /root/.ssh/id_ed25519.pub to the servers authorized_keys"
|
||||
read -p 'Press any key when done to test the connection.. (should return "PTY allocation request failed on channel 0")'
|
||||
sudo ssh borg@sigma.caspervk.net -p 222
|
||||
|
||||
|
||||
# To setup the server:
|
||||
# sudo apt install borgbackup
|
||||
# sudo adduser --disabled-password borg
|
||||
# sudo su borg
|
||||
# cd ~
|
||||
# mkdir --mode=700 repos/
|
||||
sudo ssh borg@borg.caspervk.net -p 22222
|
||||
|
|
|
|||
Reference in a new issue