Previous Page

nothing@nowhere - 2022-03-19

borg_auto Setup

Initial Setup


[ Temple ] [ /dev/pts/1 ] [/backups]
→ useradd borg

[ Temple ] [ /dev/pts/1 ] [/backups]
→ passwd borg
New password:
Retype new password:
passwd: password updated successfully

[ Temple ] [ /dev/pts/1 ] [/backups]
→ mkdir /backups

[ Temple ] [ /dev/pts/1 ] [/backups]
→ mkdir /backups
mkdir: cannot create directory ‘/backups’: File exists

[ Temple ] [ /dev/pts/1 ] [/backups]
→ chown -R borg:borg /backups

[ Temple ] [ /dev/pts/1 ] [/backups]
→ tree /backups
/backups
├── gitea
├── kanboard
├── lain
├── tf2
├── void.yt
└── zabbix

6 directories, 0 files
	
[ Temple ] [ /dev/pts/1 ] [/backups]
→ apt update -y ; apt upgrade -y ; apt install borgbackup openssh-server -y


[ Temple ] [ /dev/pts/1 ] [~borg/.ssh]
→ wget https://raw.githubusercontent.com/ech1/serverside/master/ssh/sshd_config -O /etc/ssh/sshd_config

[ Temple ] [ /dev/pts/1 ] [~borg/.ssh]
→ systemctl restart ssh

[ Temple ] [ /dev/pts/1 ] [/backups]
→ mkdir -p /home/borg/.ssh/

[ Temple ] [ /dev/pts/1 ] [/backups]
→ cd /home/borg/.ssh/

Then simply create ssh keys of the clients that need to connect to the server:


[ 10.0.0.101/16 ] [ /dev/pts/0 ] [~/.ssh]
→ ssh-keygen -t ed25519
Generating public/private ed25519 key pair.
Enter file in which to save the key (/root/.ssh/id_ed25519):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_ed25519.
Your public key has been saved in /root/.ssh/id_ed25519.pub.

[ 10.0.0.101/16 ] [ /dev/pts/0 ] [~/.ssh]
→ cat /root/.ssh/id_ed25519.pub
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHiRId0rF7zyfZGNHqck7vm8yLzhlPyHDEOvERxLGDfb root@home	

[ 10.0.0.101/16 ] [ /dev/pts/0 ] [~/.ssh]
→ vim config

[ 10.0.0.101/16 ] [ /dev/pts/0 ] [~/.ssh]
→ cat config | head -n4
Host backup
        Hostname backup.void.yt
        IdentityFile ~/.ssh/id_ed25519
        User borg

Then add it to the server and test the connection:


[ Temple ] [ /dev/pts/1 ] [~borg/.ssh]
→ echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHiRId0rF7zyfZGNHqck7vm8yLzhlPyHDEOvERxLGDfb root@home" >> authorized_keys

[ 10.0.0.101/16 ] [ /dev/pts/0 ] [~/.ssh]
→ apt install borgbackup -y

[ 10.0.0.101/16 ] [ /dev/pts/0 ] [~/.ssh]
→ ssh  backup

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
$ pwd
/home/borg
	

Now that's done, we can start backuping what we need:

Setup




[ 10.0.0.101/16 ] [ /dev/pts/0 ] [~/.ssh]
→ borg init --encryption=repokey backup:/backups/void.yt/
Enter new passphrase:
Enter same passphrase again:
Do you want your passphrase to be displayed for verification? [yN]: N

By default repositories initialized with this version will produce security
errors if written to with an older version (up to and including Borg 1.0.8).

If you want to use these older versions, you can disable the check by running:
borg upgrade --disable-tam ssh://backup/backups/void.yt

[ 10.0.0.101/16 ] [ /dev/pts/0 ] [~/.ssh]
→ borg create --progress --stats backup:/backups/void.yt::backup-name /var/www/nextcloud/data/nothing/files
Enter passphrase for key ssh://backup/backups/void.yt:
17.88 MB O 14.88 MB C 13.58 MB D 82 N var/www/nextcloud/data/nothing/files

Now that is a manual backup done, however we want it to be non-interactive:


[ 10.0.0.101/16 ] [ /dev/pts/0 ] [~/.ssh]
→ export BORG_PASSPHRASE='your repository password'

[ 10.0.0.101/16 ] [ /dev/pts/0 ] [~/.ssh]
→ export BORG_REPO='backup:/backups/void.yt/'

[ 10.0.0.101/16 ] [ /dev/pts/0 ] [~]
→ cat borg.sh
#!/bin/bash
# Backup a folder to a remote address using borg.
# Usage: backup-borg.sh
# To restore: borg extract $BORG_REPO::computer-and-date

set -eu
export BORG_REPO='backup:/backups/void.yt/'
export BORG_PASSPHRASE='password'

PATH_TO_BACKUP="/var/www/nextcloud/data/nothing/files/"

/usr/bin/borg create ::$(hostname)-$(date --iso-8601) $PATH_TO_BACKUP --stats --progress
/usr/bin/borg prune --keep-daily=7

[ 10.0.0.101/16 ] [ /dev/pts/0 ] [~]
→ chmod +x borg.sh

[ 10.0.0.101/16 ] [ /dev/pts/0 ] [~]
→ ./borg.sh

[ 10.0.0.101/16 ] [ /dev/pts/0 ] [~]
→ borg list
home-2022-03-19                      Sat, 2022-03-19 23:34:08 [f98c23b6e90e4d35937891e07f0f45c6e870248cb5ef18bebd7857c83a36ff80]

Now to automate it, to make it run every day at night:


[ 10.0.0.101/16 ] [ /dev/pts/0 ] [~]
→ crontab -e
	
0  3 * * * "/root/borg.sh"

:wq

[ 10.0.0.101/16 ] [ /dev/pts/0 ] [~]
→ cronitor select

✔ "/root/borg.sh"
----► Running command: "/root/borg.sh"

Now we write a script to check the backups automatically from the server:


[ Temple ] [ /dev/pts/1 ] [~]
→ vim check_backups.sh

[ Temple ] [ /dev/pts/1 ] [~]
→ cat check_backups.sh
#!/bin/bash

GREEN="\033[0;32m"
RED="\033[0;31m"
ORANGE="\033[0;33m"
NC="\033[0m"

export BORG_PASSPHRASE='password'
echo -en "\n${GREEN}[+]${NC} Gitea Backups:\n"
borg list /backups/gitea

echo -en "\n${GREEN}[+]${NC} Kanboard Backups:\n"
borg list /backups/kanboard

echo -en "\n${GREEN}[+]${NC} Lain Backups:\n"
borg list /backups/lain

echo -en "\n${GREEN}[+]${NC} Mainpc Backups:\n"
borg list /backups/mainpc

echo -en "\n${GREEN}[+]${NC} TF2 Backups:\n"
borg list /backups/tf2

echo -en "\n${GREEN}[+]${NC} void.yt Backups:\n"
borg list /backups/void.yt	

Then we test it:


[ Temple ] [ /dev/pts/1 ] [~]
→ ./check_backups.sh

[+] Gitea Backups:
gitea-2022-03-28                     Mon, 2022-03-28 20:22:20 [28866dd3b0597ac2d9e51eaac4bc637348a0f60e217983501dd517fbe482ab29]
gitea-2022-03-29                     Tue, 2022-03-29 05:00:03 [1bdaa05b398f373df4eeeb383d57069d8d31e9270a444f8c2af2ad3745c69b59]

[+] Kanboard Backups:
kanboard-2022-03-28                  Mon, 2022-03-28 19:01:31 [fa5f11ded525a779b3766260c2dc9a87296227b7790c0d9d46fc2cb90e91247e]
kanboard-2022-03-29                  Tue, 2022-03-29 05:00:03 [a03049fc5ccc71be524377d80c8c314b67945b133b1869b9a69763167cfafc98]

[+] Lain Backups:
lain-2022-03-28                      Mon, 2022-03-28 20:24:46 [37a09d909525ebd4be4d7eb198ee9d3dc1c4e07748535e0d3ebec646be81f565]
lain-2022-03-29                      Tue, 2022-03-29 03:00:04 [188d8d588cd636de8abbd18ce110d437b0e585cc322956dd84fdb67ba888d490]

[+] Mainpc Backups:
Failed to create/acquire the lock /backups/mainpc/lock.exclusive (timeout).

[+] TF2 Backups:
tf2-2022-03-28                       Mon, 2022-03-28 20:26:16 [ae3eeb3de9daa59118fc3f891497c6b97ac9ffec8c7c22592d13c2f5e4996d89]
tf2-2022-03-29                       Tue, 2022-03-29 05:00:03 [fb2e5f00a129e7d452cdae9f3531209fc750d19ebda8549cbfe304442252a956]

[+] void.yt Backups:
home-2022-03-28                      Mon, 2022-03-28 20:22:30 [e29ddefecd16999446220de76258b80674d398e6d24c116ab7c5fa7e2a394985]
home-2022-03-29                      Tue, 2022-03-29 03:00:03 [f5b0e21c131a3ce885177e009e6864cb1dbfebb1953266e26509336ebfa815bd]
	

Nihilism

Until there is Nothing left.



Creative Commons Zero: No Rights Reserved

About nihilist

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@contact.nowhere.moe (PGP)