Borg in a jail
In this short tutorial we gonna learn how-to install Borg in a jail and use borgmatic on client machine.
Remember to always read the doc if you have a doubt.
The installation in a jail
To be honest, it’s really really easy. Borg is one of the most easy backup tool I saw. Believe me, I made a lot of backups, with scripts, with tar, cpio, based on ZFS snasphot, rsnapshot, NetBackup, etc.
On the host
The host must have some configurations.
Load the fuse
kernel module
To load the fuse kernel module your can use the command:
sudo kldload fuse
Or, to make it permanent add the line:
fuse_load="YES"
/boot/loader.conf
file.
Allow user to mount
We must change the value of the kernel variable vfs.usermount
using the
command:
sysctl vfs.usermount=1
Or by editing /etc/sysctl.conf
and adding:
vfs.usermount=1
The jail definition
Depending of your jail usage ezjail
, iocage
, bastille
or the old
/etc/jail.conf
file, define a new jail. Here my own definition in jail.conf
style.
|
|
Things to do
- configure the firewall;
- configure ssh on the jail (if you want to use a custom port)
Then launch your jail.
On the jail
Install Borg
You must install… Borg
which is a python
project.
Once again depending the way you choose to install software (poudriere
, pkg
,
ports
), use it.
pkg instakk py37-borgbackup
Create a user
We’re going to create a user (I choose own name) to receive datas form my laptop.
|
|
Then form my laptop I install a ssh key
:
ssh-copy-id ~/.id_ed2519-borg jacques@backup.exemple.com
On the laptop
I let you check the connexion to the jail
Install borgmatic
Borgmatic is not a Borg project but a opensource project with goal to simply
Borg usage.
it’s a python
project to, so you must have python
installed on the source
computer
Simply use our preferred installation method:
sudo pkg install python37
sudo pkg install py37-pip
sudo pip3 install --user --upgrade borgmatic
borgmatic
configuration
We’re going to stay simple and only backup the HOME DIRECTORY of your user.
borgmatic
came with several useful tool, for exemple generated a generic
config file:
|
|
Once the config file generated it’s time to make some change on it
The configuration file
The configuration use the yaml
syntax, with big section (location
,
storage
, retention
).
Be sure to have two passphase ot complicated password with you and saved in a
secure place.
Location
It’s where your backupo will be stored:
|
|
First what I want to backup, then where I want to store it.
Storage
The main configuration line is encryption_passpharse:
encryption_passphrase: "ThisIsMyVeryHardToGuessEncryptionPassPhrase"
Remember to keep-it secret and with you. If you lose it your backup will not be
usable.
Retention
This is the part whre you define how many time borg must keep old backups. The default value are the most use.
Bonuses
Thereis is many other configuration possibilities, for exemple, borg
can backup SQL databases (postgresql
, MySQL
, MariaDB
, SQLite
, …)
Time to start
You can check your configuration file with the command
validate-bormatic-config
:
validate-borgmatic-config
All given configuration files are valid: /home/jacques/.config/borgmatic/config.yaml
Init the repository
We must initialize the remote borg repository, using the configuration of our local configuration file:
borgmatic init --encryption repokey
Launch our first backup
It could be long, depe nding of the amount of data you have to send, the
bandwith you can use, etc… Be patient and remember, you can always launch it in
a tmux
borgmatic --verbosity 1
We use verbosity, may be you can use none when launching automaticaly.
Check our backup
We’re gonna list our archives (for now we only have one)
borgmatic --list ✔
jacques@backup.example.com:/data/laptop.borg: Listing archives
laptop-2020-10-10T19:51:14.869552 Sat, 2020-10-10 19:51:16 [73a65edefb8279f2b316dd3ddfdeb89886192fbb841cd2362a738e0b15c942f8]
What’s next
Well you have to automat your backup, with cron
or periodic
Restore a backup
To restore a backup, we use the commande borgmatic extract
.
Find the correct archive and restore it
With borgmatic list
you can find the correct archive to restore then use:
borgmatic extract --archive laptop-2020-10-10T19:51:14.869552
Use the latest
keyword to restore the latest backup
Restore only some files
Simply give the path at the end of the extract command:
borgmatic extract --archive laptop-2020-10-10T19:51:14.869552 --path .gnupg .ssh
One again there is many options, read the doc.
To conclude
Have a distant backup with borg
is really easy if you have an external server.
You can also use a NAS to store your backup or even a removable disk that you can bring with you when you go out.
A small advice
I use a small 4TB external disk to my backup. When I goes out without my computer, I take the disk with me, and we I goes out with my computer, the backup disk stay at home.