Added basic support for borgbackup

[phdoerfler]

Featuring:

• Another backup solution, yay
• Support for pushing the backup on a remote server
• Incremental chunk based backups
• Easier to move to a different computer than rsync based backups
• Encryption
• Selectable encryption method (with hardware acceleration)
• Automatic handling of passphrase
• Compression
• Heuristic for only compressing compressable files
• Selectable compression method and level
• Pre exec commands
• Post exec commands
• Allows to mount the created backup
• Integrity checking
• A systemd service with timer

I have written a nix module encapsulating these things together with a number of checks. My motivation behind this was that I found it awkward to move the backup rsnapshot created to a different computer since there you have different uids, gids, file system features, etc. With borgbackup you don't have this problem. Had I known about borg earlier I would not have created the rsnapshot backup. I put some effort into hiding the password (when encryipting your backups). It is neither stored in /nix/store nor in any other obvious way visible. It gets handed in to borg through an environment variable which is set locally for the borg process using env and read in from a file which one can place in /root for instance.

[dotlambda]

+1 for using borgbackup. It's the best solution for (remote) backups I think.

One feature that could be very useful if you want to do remote backups: You can set something like

command="borg serve --restrict-to-repository  /var/virtualMailBackup --append-only",restrict ssh-rsa <SSH key>

in SSH's authorized_keys file, where <SSH key> is the key of the user running borgbackup on the mailserver. Then, it will not be possible to remotely delete backups or write to other borg repositories than the one specified. See https://borgbackup.readthedocs.io/en/stable/usage/serve.html.

[phdoerfler]

@dotlambda Thanks for the feedback! I have incorporated it like this:

• virtualMail is now the default user and group,
• the BORG_REPO is exported as environment variable for convenience,
• the cron line is removed,
• the manual invocations of nice and ionice are replaced by systemd equivalents,
• Described cmdPreexec and cmdPostexec in greater detail and with an example.

[r-raymond]

Awesome work! Give me some time to look it over. Also do you want to replace the current system with this?

[phdoerfler]

I don't think there's neither harm nor use in keeping the current system around. To preserve the backup history one can include the old backup once in the new one before deleting it. Ultimately I lean slightly more towards replacing it than keeping it because had I known of borg earlier I would not have made an rsnapshot module in the first place.

[r-raymond]

Great work! I guess we can phase out the other backup system then. Thanks again!