DK1MI.radio

Server Backup with Borgmatic and Borgbase

In this article I document how I backup my servers locally as well as remotely to borgbase.com. After implementing the follwoing steps, you’ll get:

Preconditions

All these steps have been tested with Debian 10/11. You’ll need a paid subscription with BorgBase or use your own remote repository server. All commands have to be executed in the context of the user root.

Installation of Borg and Borgmatic

On the system that needs to be backed up:

# apt install borgbackup borgmatic
# mkdir -p ~/.config/borgmatic
# cat ~/.ssh/id_rsa.pub

Copy the output of the last command. If you don’t have SSH keys generated, you can do so by typing

# ssh-keygen

Configuring the Repositories

Login to BorgBase (https://www.borgbase.com) and perform the following steps:

Initializing your Repositories

Now is the time to generate and store a secure passphrase in your password manager. This will be needed to encrypt/decrypt your backups

Initialize both the local and the remote repository by entering the following command. If asked, enter the previously generated passphrase:

# borg init -e repokey-blake2 /backup/borgmatic/
# borg init -e repokey-blake2 abcdefgh@abcdefgh.repo.borgbase.com:repo

Configuration of Borgmatic

Create and edit the configuration file:

# vi ~/.config/borgmatic/config.yaml

Paste and adapt the following content:

location:
    source_directories:
        - /etc
        - /home
        - /var/www

    one_file_system: true
    repositories:
        - /backup/borgmatic
        - abcdefgh@abcdefgh.repo.borgbase.com:repo

    exclude_patterns:
        - '*.pyc'
        - ~/*/.cache
        - NoSyncNoBackup

    exclude_caches: true
    exclude_if_present: .nobackup

storage:
    compression: auto,zstd
    encryption_passphrase: <YOURSECRETPASSWORD>
    archive_name_format: '{hostname}-{now}'

retention:
    keep_daily: 3
    keep_weekly: 4
    keep_monthly: 12
    keep_yearly: 2
    prefix: '{hostname}-'

consistency:
    checks:
        # uncomment to always do integrity checks. (takes long time for large repos)
        #- repository
        - disabled

    check_last: 3
    prefix: '{hostname}-'

hooks:
    # List of one or more shell commands or scripts to execute before creating a backup.
    before_backup:
        - echo "`date` - Starting backup"

    after_backup:
        - echo "`date` - Finished backup"

Finally execute the following command to create your first backup:

# borgmatic

Backup Scheduling

In order to automatically perform backups e.g. every day at 1:00 am, edit the crontab with

# crontab -e

Paste the following line into the editor:

0 01 * * * /usr/bin/borgmatic >/dev/null 2>&1

Thank you for reading! If you have any comments or questions, please send me an e-mail.

#Backup #Linux