Tech, musics, fountain pen and soup receipts

Setup backup with Borg

Borgbackup is a powerful open source tool written in python. These lines were wrote with the help of official doc Borgmatic is a python wrapper know to use a yaml config file We will not use it today.

Let’s start with basic on client side

bob@linuxlaptop:~$ sudo apt update && sudo apt upgrade -y

Install borgbackup

bob@linuxlaptop:~$ sudo apt install borgbackup

Generate a new ssh key

bob@linuxlaptop:~$ ssh-keygen -t ed25519 -C "borgKeyBackup" -f borgSshKey
Generating public/private ed25519 key pair.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in borgSshKey
Your public key has been saved in borgSshKey.pub

Make sure keys have strict permissions:

bob@linuxlaptop:~/.ssh$ ls -lh b*
-rw------- 1 bob bob 399  1 févr. 21:30 borgSshKey
-rw------- 1 bob bob  95  1 févr. 21:30 borgSshKey.pub

Add you public key to borg server

bob@borgserver.com:~/.ssh$ grep borg authorized_keys 
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDV8+S0vkINs9t9EUnlatD/i9lHan1WhCf3CB649rFXo borgKeyBackup

Init the repository

bob@linuxlaptop:~$ borg init --encryption=repokey ssh://bob@borgserver.com:22/~/linuxlaptop.home
Enter new passphrase: 
Enter same passphrase again: 
keep you passphrase safe with tools like keepass.

Also export borg key as an ready to import file for recovery on another server if needed. Trust me you will be happy to have done this step while attempt to restoring backup.

bob@linuxlaptop:~$ borg key export --paper ssh://bob@borgserver.com:22/~/linuxlaptop.home | tee exportedBorgKey.key
To restore key use borg key import --paper ssh://bob@borgserver.com:22/~/linuxlaptop.home

and also in html:

borg key export --qr-html ssh://bob@borgserver.com:22/~/linuxlaptop.home exportedBorgKey.html

Run backup

Here a minimal bash script to put in a cron/systemdTimer

#!/bin/bash

export BORG_REPO="ssh://bob@borgserver.com:22/~/linuxlaptop.home"
export BORG_PASSPHRASE='oodiechueT0Sahchoh3ieNohd6wia4pCHANGEME'
borg create --stats --verbose --progress --compression zstd,10 ssh://bob@borgserver.com:22/~/linuxlaptop.home::"$(hostname)--$(date +%A-%C-%B-%Y_%H:%M)" /home/bob