Borg in a jail

In this short tutorial we gonna learn how-to install Borg in a jail and use borgmatic on client machine.

Remember to always read the doc if you have a doubt.

The installation in a jail

To be honest, it’s really really easy. Borg is one of the most easy backup tool I saw. Believe me, I made a lot of backups, with scripts, with tar, cpio, based on ZFS snasphot, rsnapshot, NetBackup, etc.

On the host

The host must have some configurations.

Load the fuse kernel module

To load the fuse kernel module your can use the command:

 sudo kldload fuse

Or, to make it permanent add the line:

 fuse_load="YES" 

Allow user to mount

We must change the value of the kernel variable vfs.usermount using the command:

 sysctl vfs.usermount=1

Or by editing /etc/sysctl.conf and adding:

 vfs.usermount=1

The jail definition

Depending of your jail usage ezjail, iocage, bastille or the old /etc/jail.conf file, define a new jail. Here my own definition in jail.conf style.

1
2
3
4
5
6
7
8

 backup{
   host.hostname="backup.exemple.com";
   path="/jails/backup";
   ip4.addr="lo1|192.168.2.29/24";
   ip4.addr+="lo0|127.0.1.29/32";
   ip6.addr="em0|2a01:4f9:4a:1fd8::dead:beef/64";
   persist=true;
}

Things to do

• configure the firewall;
• configure ssh on the jail (if you want to use a custom port)

Then launch your jail.

On the jail

Install Borg

You must install… Borg which is a python project.

Once again depending the way you choose to install software (poudriere, pkg, ports), use it.

 pkg instakk py37-borgbackup

Create a user

We’re going to create a user (I choose own name) to receive datas form my laptop.

1
2
3

 pw groupadd -n jacques -g 1010
 pw useradd -n jacques -g 1010 -G wheel -m /usr/home/jacques
 passwd jacques

Then form my laptop I install a ssh key:

 ssh-copy-id ~/.id_ed2519-borg jacques@backup.exemple.com

On the laptop

I let you check the connexion to the jail

Install borgmatic

Borgmatic is not a Borg project but a opensource project with goal to simply Borg usage. it’s a python project to, so you must have python installed on the source computer

Simply use our preferred installation method:

 sudo pkg install python37
 sudo pkg install py37-pip
 sudo pip3 install --user --upgrade borgmatic

borgmatic configuration

We’re going to stay simple and only backup the HOME DIRECTORY of your user.

borgmatic came with several useful tool, for exemple generated a generic config file:

1
2

 mkdir ~/.config/borgmatic
 generated-borgmatic-config -d ~/.config/borgmatic.config.yaml

Once the config file generated it’s time to make some change on it

The configuration file

The configuration use the yaml syntax, with big section (location, storage, retention).

  Be sure to have two passphase ot complicated password with you and saved in a secure place.

Location

It’s where your backupo will be stored:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

 location:
    # List of source directories to backup (required). Globs and
    # tildes are expanded.
    source_directories:
        - /usr/home

    # Paths to local or remote repositories (required). Tildes are
    # expanded. Multiple repositories are backed up to in
    # sequence. See ssh_command for SSH options like identity file
    # or port.
    repositories:
        - jacques@backup.example.com:/data/laptop.borg

First what I want to backup, then where I want to store it.

Storage

The main configuration line is encryption_passpharse:

 encryption_passphrase: "ThisIsMyVeryHardToGuessEncryptionPassPhrase"

  Remember to keep-it secret and with you. If you lose it your backup will not be usable.

Retention

This is the part whre you define how many time borg must keep old backups. The default value are the most use.

Bonuses

Thereis is many other configuration possibilities, for exemple, borg can backup SQL databases (postgresql, MySQL, MariaDB, SQLite, …)

Time to start

You can check your configuration file with the command validate-bormatic-config:

 validate-borgmatic-config
 All given configuration files are valid: /home/jacques/.config/borgmatic/config.yaml 

Init the repository

We must initialize the remote borg repository, using the configuration of our local configuration file:

 borgmatic init --encryption repokey

Launch our first backup

  It could be long, depe nding of the amount of data you have to send, the bandwith you can use, etc… Be patient and remember, you can always launch it in a tmux

 borgmatic --verbosity 1

We use verbosity, may be you can use none when launching automaticaly.

Check our backup

We’re gonna list our archives (for now we only have one)

 borgmatic --list                                                                          ✔ 
jacques@backup.example.com:/data/laptop.borg: Listing archives
laptop-2020-10-10T19:51:14.869552   Sat, 2020-10-10 19:51:16 [73a65edefb8279f2b316dd3ddfdeb89886192fbb841cd2362a738e0b15c942f8]

What’s next

Well you have to automat your backup, with cron or periodic

Restore a backup

To restore a backup, we use the commande borgmatic extract.

Find the correct archive and restore it

With borgmatic list you can find the correct archive to restore then use:

 borgmatic extract --archive laptop-2020-10-10T19:51:14.869552

  Use the latest keyword to restore the latest backup

Restore only some files

Simply give the path at the end of the extract command:

 borgmatic extract --archive laptop-2020-10-10T19:51:14.869552 --path .gnupg .ssh

  One again there is many options, read the doc.

To conclude

Have a distant backup with borg is really easy if you have an external server.

You can also use a NAS to store your backup or even a removable disk that you can bring with you when you go out.

A small advice

I use a small 4TB external disk to my backup. When I goes out without my computer, I take the disk with me, and we I goes out with my computer, the backup disk stay at home.