From 022aaf05d053c8017a1a5fd39e27637566eb43e0 Mon Sep 17 00:00:00 2001
From: Florian Sesser <florian@private.storage>
Date: Tue, 10 May 2022 11:30:44 +0000
Subject: [PATCH] Borgbackup: Improve docs

---
 docs/ops/backup-recovery.rst | 26 ++++++++++++++++++--------
 1 file changed, 18 insertions(+), 8 deletions(-)

diff --git a/docs/ops/backup-recovery.rst b/docs/ops/backup-recovery.rst
index 93ccf4ae..d676497f 100644
--- a/docs/ops/backup-recovery.rst
+++ b/docs/ops/backup-recovery.rst
@@ -117,9 +117,10 @@ Recovery
 Storage Directories
 ~~~~~~~~~~~~~~~~~~~
 
-The user ciphertext is backed up to a separate location using `Borg backup <https://borgbackup.readthedocs.io/>`_ and `borgbase.com <https://borgbase.com>`_.
-Borg backup uses a *RepoKey* secured by a *passphrase* to encrypt the backup data, and an *SSH key* to authenticate against the backup service (borgbase).
-Each Borg backup job requires one *backup repository* (at borgbase).
+The user ciphertext is backed up using `Borg backup <https://borgbackup.readthedocs.io/>`_ to a separate location - currently a SaaS backup storage service (`borgbase.com <https://borgbase.com>`_).
+
+Borg backup uses a *RepoKey* secured by a *passphrase* to encrypt the backup data, and an *SSH key* to authenticate against the backup storage service.
+Each Borg backup job requires one *backup repository*.
 
 
 SSH keys
@@ -136,24 +137,33 @@ Next, create repositories to back up to.
 Passphrase
 ``````````
 
-Make up a passphrase to encrypt our repository key with, use computer help if you like::
+Make up a passphrase to encrypt our repository key with. Use computer help if you like::
 
     nix-shell --packages pwgen --command 'pwgen --secure 83 1'  # 83 is the year I was born. Very random.
 
 Create & initialize the backup repository
 `````````````````````````````````````````
 
-Borgbase.com offers a `borgbase.com GraphQL API <https://docs.borgbase.com/api/>`_, but since our current number of repositories is small, we save time by creating the repositories by clicking a few buttons in the `borgbase.com Web Interface <https://www.borgbase.com/repositories>`_.
+Borgbase.com offers a `borgbase.com GraphQL API <https://docs.borgbase.com/api/>`_, but since our current number of repositories is small, we save time by creating the repositories by clicking a few buttons in the `borgbase.com Web Interface <https://www.borgbase.com/repositories>`_:
 
-Set up one repo per backup job.
-Set the *Repository Name* to the FQDN of the host to be backed up, add the SSH key created earlier as *Append-Only Access* key and leave the other settings at their defaults.
+* Set up one repository per backup job.
+* Set the *Repository Name* to the FQDN of the host to be backed up.
+* Add the SSH key created earlier as *Append-Only Access* key.
+* Leave the other settings at their defaults.
 
-Once only: Initialize those repositories with our chosen parameters::
+Then, initialize those repositories with our chosen parameters::
 
     export BORG_PASSCOMMAND="cat borgbackup-passphrase-staging"
     export BORG_RSH="ssh -i borgbackup-appendonly-staging"
     borg init -e repokey-blake2 xyxyx123@xyxyx123.repo.borgbase.com:repo
 
+Reliability checks
+``````````````````
+
+Borg handles large amounts of data.
+Given enough bits, rare, spurious bit flips become a problem.
+That is why regular runs of ``borg check`` are recommended (see the `borgbase FAQ <https://docs.borgbase.com/faq/#how-often-should-i-run-borg-check>`_).
+
 Recovery
 ````````
 
-- 
GitLab