Skip to content
Snippets Groups Projects
Commit 022aaf05 authored by Florian Sesser's avatar Florian Sesser
Browse files

Borgbackup: Improve docs

parent ce4b20ff
No related branches found
No related tags found
5 merge requests!315update production,!314update production,!313update production,!312update production,!297Borgbackup
Pipeline #2045 passed
Stage: build
Stage: test
Hide whitespace changes
Inline Side-by-side
docs/ops/backup-recovery.rst
+ 18
8
View file @ 022aaf05
......@@ -117,9 +117,10 @@ Recovery
Storage Directories
~~~~~~~~~~~~~~~~~~~
The user ciphertext is backed up to a separate location using `Borg backup <https://borgbackup.readthedocs.io/>`_ and `borgbase.com <https://borgbase.com>`_.
Borg backup uses a *RepoKey* secured by a *passphrase* to encrypt the backup data, and an *SSH key* to authenticate against the backup service (borgbase).
Each Borg backup job requires one *backup repository* (at borgbase).
The user ciphertext is backed up using `Borg backup <https://borgbackup.readthedocs.io/>`_ to a separate location - currently a SaaS backup storage service (`borgbase.com <https://borgbase.com>`_).
Borg backup uses a *RepoKey* secured by a *passphrase* to encrypt the backup data, and an *SSH key* to authenticate against the backup storage service.
Each Borg backup job requires one *backup repository*.
SSH keys
......@@ -136,24 +137,33 @@ Next, create repositories to back up to.
Passphrase
``````````
Make up a passphrase to encrypt our repository key with, use computer help if you like::
Make up a passphrase to encrypt our repository key with. Use computer help if you like::
nix-shell --packages pwgen --command 'pwgen --secure 83 1' # 83 is the year I was born. Very random.
Create & initialize the backup repository
`````````````````````````````````````````
Borgbase.com offers a `borgbase.com GraphQL API <https://docs.borgbase.com/api/>`_, but since our current number of repositories is small, we save time by creating the repositories by clicking a few buttons in the `borgbase.com Web Interface <https://www.borgbase.com/repositories>`_.
Borgbase.com offers a `borgbase.com GraphQL API <https://docs.borgbase.com/api/>`_, but since our current number of repositories is small, we save time by creating the repositories by clicking a few buttons in the `borgbase.com Web Interface <https://www.borgbase.com/repositories>`_:
Set up one repo per backup job.
Set the *Repository Name* to the FQDN of the host to be backed up, add the SSH key created earlier as *Append-Only Access* key and leave the other settings at their defaults.
* Set up one repository per backup job.
* Set the *Repository Name* to the FQDN of the host to be backed up.
* Add the SSH key created earlier as *Append-Only Access* key.
* Leave the other settings at their defaults.
Once only: Initialize those repositories with our chosen parameters::
Then, initialize those repositories with our chosen parameters::
export BORG_PASSCOMMAND="cat borgbackup-passphrase-staging"
export BORG_RSH="ssh -i borgbackup-appendonly-staging"
borg init -e repokey-blake2 xyxyx123@xyxyx123.repo.borgbase.com:repo
Reliability checks
``````````````````
Borg handles large amounts of data.
Given enough bits, rare, spurious bit flips become a problem.
That is why regular runs of ``borg check`` are recommended (see the `borgbase FAQ <https://docs.borgbase.com/faq/#how-often-should-i-run-borg-check>`_).
Recovery
````````
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment