Closed phdoerfler closed 6 years ago
+1 for using borgbackup. It's the best solution for (remote) backups I think.
One feature that could be very useful if you want to do remote backups: You can set something like
command="borg serve --restrict-to-repository /var/virtualMailBackup --append-only",restrict ssh-rsa <SSH key>
in SSH's authorized_keys
file, where <SSH key>
is the key of the user running borgbackup on the mailserver. Then, it will not be possible to remotely delete backups or write to other borg repositories than the one specified.
See https://borgbackup.readthedocs.io/en/stable/usage/serve.html.
@dotlambda Thanks for the feedback! I have incorporated it like this:
nice
and ionice
are replaced by systemd equivalents,cmdPreexec
and cmdPostexec
in greater detail and with an example.Awesome work! Give me some time to look it over. Also do you want to replace the current system with this?
I don't think there's neither harm nor use in keeping the current system around. To preserve the backup history one can include the old backup once in the new one before deleting it. Ultimately I lean slightly more towards replacing it than keeping it because had I known of borg earlier I would not have made an rsnapshot module in the first place.
Great work! I guess we can phase out the other backup system then. Thanks again!
Featuring:
I have written a nix module encapsulating these things together with a number of checks. My motivation behind this was that I found it awkward to move the backup rsnapshot created to a different computer since there you have different uids, gids, file system features, etc. With borgbackup you don't have this problem. Had I known about borg earlier I would not have created the rsnapshot backup. I put some effort into hiding the password (when encryipting your backups). It is neither stored in /nix/store nor in any other obvious way visible. It gets handed in to borg through an environment variable which is set locally for the borg process using
env
and read in from a file which one can place in/root
for instance.