160 lines
5.4 KiB
Markdown
160 lines
5.4 KiB
Markdown
# borgwrapper
|
|
Wrapper to simplify backups with borgbackup
|
|
|
|
-----
|
|
# Auto Installation
|
|
|
|
Copy `config.example` to `config`
|
|
Edit `config with your settings`
|
|
Edit `systemd timer` files if you want to change backup timing
|
|
Follow instructions under Manual Installation to set up prerequisits for database dumps.
|
|
|
|
Run `./install` from borgwrapper directory
|
|
|
|
This will install borgwrapper and create a basic setup using one config file.
|
|
From there you can modify as you want.
|
|
* Create additional config files in `/etc/borgwrapper/`
|
|
* Change systemd timer file(s)
|
|
* Edit the log rotation
|
|
* Other
|
|
|
|
-----
|
|
# Manual Installation
|
|
|
|
Put the [script](src/borgwrapper) somewhere practical
|
|
|
|
cp borgwrapper /usr/local/bin/borgwrapper
|
|
chown root. /usr/local/bin/borgwrapper
|
|
chmod 750 /usr/local/bin/borgwrapper
|
|
|
|
## Configuration
|
|
By default borgwrapper expects the configuration to be located at `/etc/borgwrapper/config`.
|
|
An example configuration file is included in [config.example](src/config.example).
|
|
Ensure restrictive permissions on this file as it exposes the passphrase.
|
|
|
|
chown root. config
|
|
chmod 600 config
|
|
## Special files
|
|
To be able to dump special files there are a few things that need to be done.
|
|
### Installed package list
|
|
Must have the package **apt-mark** installed.
|
|
### MySql Dump
|
|
Must have the package **mysqldump** installed.
|
|
Must have `.my.cnf` configuration file in `/root` directory.
|
|
|
|
Create `.my.cnf` in `/root` directory:
|
|
|
|
[mysql]
|
|
user="root"
|
|
password="mysql-root-password"
|
|
|
|
[mysqldump]
|
|
user="root"
|
|
password="mysql-root-password"
|
|
|
|
Change permissions of `.my.conf`:
|
|
|
|
chmod 600 /root/.my.conf
|
|
|
|
## Scheduling
|
|
### systemd
|
|
Copy the example systemd [unit files](systemd/) to `/etc/systemd/system/`. Then for each
|
|
configuration file in `/etc/borgwrapper/<config_name>` do:
|
|
|
|
systemctl enable borgwrapper-backup@<config_name>.timer
|
|
systemctl enable borgwrapper-verify@<config_name>.timer
|
|
|
|
systemctl start borgwrapper-backup@<config_name>.timer
|
|
systemctl start borgwrapper-verify@<config_name>.timer
|
|
|
|
The included systemd files are set up using a daily schedule. If you want to
|
|
take backups more often than that you can either change the `Timer` parameters
|
|
directly in the systemd timer files, or if you only want to override them for
|
|
some of the backups you can add per-config overrides by using
|
|
|
|
systemctl edit borgwrapper-backup@<config>.timer
|
|
|
|
and add the wanted overrides. Here is an example where you run a backup 4 times
|
|
a day (every 6 hours). See the manual for systemd.timer for more information on
|
|
the `OnCalendar` format.
|
|
|
|
[Timer]
|
|
OnCalendar=00/6:00
|
|
RandomizedDelaySec=0
|
|
|
|
The output will land in
|
|
|
|
/etc/systemd/system/borgwrapper-backup@<config>.timer.d/override.conf
|
|
|
|
You can just drop files in the directory directly too, without editing via
|
|
systemctl. This is better suited for configuration management systems.
|
|
|
|
If you want to run the tasks manually outside the timers you can just start them like usual
|
|
services:
|
|
|
|
systemctl start borgwrapper-backup@<config_name>
|
|
systemctl start borgwrapper-verify@<config_name>
|
|
|
|
## Cron (use only if systemd is not available)
|
|
|
|
# Run the backup daily
|
|
23 1 * * * /usr/local/bin/borgwrapper backup
|
|
|
|
# Verify the backups once a month
|
|
40 17 23 * * /usr/local/bin/borgwrapper verify
|
|
|
|
# Borg server preparation
|
|
Install borg and then
|
|
|
|
adduser --system --group --shell /bin/bash borg
|
|
mkdir /home/borg/.ssh
|
|
chown borg. /home/borg/.ssh
|
|
mkdir /srv/borg
|
|
chown borg. /srv/borg
|
|
chmod 755 /srv/borg
|
|
Generate the needed passwordless ssh-keys as root (the user you run the backup as) on the client
|
|
|
|
ssh-keygen
|
|
Copy the content of the generated public key from `/root/.ssh/<key>.pub` to `/home/borg/.ssh/authorized_keys` on the server, with
|
|
some restrictions so it looks something like this:
|
|
|
|
command="borg serve --restrict-to-path /srv/borg/<hostname>",no-pty,no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-user-rc ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDeCInOLjv0hgzI0u1b/p4yYnCEV5n89HIXF1hrLor+ZQ7lSUii21tpn47Aw8RJJAjfDCwCdQ27MXjpzNelBf4KrlAiN1K3FcnGGIiE3XFNoj4LW7oAjzjFgOKC/ea/hXaCI6E8M/Pn5+MhdNN1ZsWNm/9Zp0+jza+l74DQgOE33XhSBjckUchqtBci7BqoCejy2lVvboFA231mSEpPValcKmG2qaNphAkCgAPjtDOx3V6DGQ8e7jfA2McQYxfju6HlpWPUx/li6VJhRa5huczfJ3J/sdfu123s/lgTW4rG5QNng1vt1FOIZ/TkaEsPt2wzD2Qxdwo70qVts3hrd+r root@client
|
|
|
|
# Usage
|
|
## Initialize backup repo
|
|
|
|
borgwrapper init
|
|
## Backup
|
|
|
|
borgwrapper backup
|
|
## Verify backups
|
|
|
|
borgwrapper verify
|
|
## Run other borg commands
|
|
### Wrapped and easy
|
|
Use `exec <borg arguments>`. `BORG_REPO` is exported to the environment so use `::` when the repo
|
|
argument is required.
|
|
|
|
Examples:
|
|
|
|
borgwrapper exec mount :: /mnt
|
|
borgwrapper exec list
|
|
### Borg directly
|
|
Run in subshell if you do not want the passphrase stored in the current shell after the command have exited.
|
|
|
|
Examples:
|
|
|
|
(. /etc/borgwrapper/config; export BORG_PASSPHRASE; borg mount "$BORG_REPO" /mnt)
|
|
(. /etc/borgwrapper/config; export BORG_PASSPHRASE; borg list "$BORG_REPO")
|
|
|
|
|
|
# Miscellaneous
|
|
|
|
## Multiple config files
|
|
You may have multiple config files. Place all config files you want in `/etc/borgwrapper/config`
|
|
Run `./install` from borgwrapper directory and it will update systemd to include the new config files
|
|
|
|
## Logging
|
|
The logs in `/var/log/borgwrapper` are by default rotated daily, keeping 5 logs.
|
|
If you want to change that edit `/etc/logrotate/logrotate.d/borgwrapper.conf`
|