It was one of the easiest to setup and it works flawlessly. I’m a bit paranoid about losing my data even with the backups… Any recommendation?

  • PlexSheep@feddit.de
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I use both too for all my stuff, didn’t know of an append mode.

    Do you perhaps have a good solution for backing up backups on another system? I’d like to store the repo of my vps on my Homeserver.

    I currently have set up a cromjib that downloads the newest backup repo every week using SFTP, then deletes the old one if everything is fine.

    I should do some testing that goes beyond just looking at files in my backup through.

      • PlexSheep@feddit.de
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        My homeserver runs borg, but how would I go about backing the remote server up? I read somewhere that sshfs would be an option, but that involves opening my ssh for root login, which sounds a bit sketchy IMO.

        • danA
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Borgbackup runs via SSH, so you just need the client to be able to reach the server via SSH. You don’t need root login, and in fact I’d recommend a separate user per system being backed up so that one client can’t access another client’s backups.

          I haven’t automated setup of backup repos yet, so I’ve copied a part of my personal “new server setup” document below: (alice is the name of the client system and bob is the name of the server system)

          1. On the client system, generate an SSH key for root, if one doesn’t already exist. Don’t set a password.
          ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C "root@alice.example.com"
          
          1. On the backup server, add a user and create the backup directory:
          adduser backup-alice --disabled-password
          mkdir /data/backup/alice
          chown backup-alice:backup-alice /data/backup/alice
          chmod 0700 /data/backup/alice
          mkdir ~backup-alice/.ssh
          
          1. On the backup server, create an authorized_keys for the user (in ~backup-alice/.ssh/authorized_keys), containing the public key you generated in step 1:
          command="borg serve --append-only --restrict-to-path /data/backup/alice",restrict ssh-ed25519 AAAAC3Nz....... root@alice.example.com
          

          (--append-only enables append-only mode. --restrict-to-path means the user is only allowed to access that one repo. The ,restrict after the command but before the SSH key means the user is only allowed to run borg, nothing else, so for example the same credentials can’t be used to SSH in for an interactive session)

          1. On the client system, create the Borg repo and backup key:
          borg init --encryption=keyfile-blake2 backup-alice@bob.example.com:/data/backup/alice
          

          (it’ll prompt for an encryption passphrase. Make it long and keep a copy in safe place)

          1. On the client system, export the repo key and keep a copy in a safe place:
          borg key export backup-alice@bob.example.com:/data/backup/alice key
          cat key # copy and paste it somewhere safe
          rm key
          
          1. Install and configure borgmatic for automatic backups.