# BorgBackup in docker ###### guide-by-example ![logo](https://i.imgur.com/dR50bkP.png) # Purpose & Overview Backups. * [Official site](https://www.borgbackup.org/) * [Github](https://github.com/borgbackup/borg) Borg is an open source deduplicating archiver with compression and encryption.
Written in python with performance critical code implemented in C/Cython. Highlight of borg is the deduplication, where files are cut in to variable size chunks, and only new chunks are stored. This allows to keep snapshots from several days, weeks and months, while not wasting disk space. In this setup borg is installed directly on the host system.
A script is created that backs up the entire docker directory and /etc locally.
Cronjob is set to execute this script daily. The repository is also pruned on each run of the script - old archives are deleted while keeping the ones fitting the retention rules in the script.
One backup per day for last 7 days, last 4 weeks, last 6 months are kept. # Files and directory structure ``` /home/ └── ~/ ├── borg/ │ ├── docker_backup/ │ ├── borg_backup.sh │ └── borg_backup.log │ └── docker/ ├── container-setup #1 ├── container-setup #2 ├── ... ``` * `docker_backup/` - borg repository directory containg the backups * `borg_backup.sh` - the backup script that adds new archive in to the repository * `borg_backup.log` - log file with the dates of backups Only `borg_backup.sh` has to be provided.
Repo directory is created by `borg init` command and the log file is created on the first run. # The setup #### Install BorgBackup Borg is likely in your linux repositories. #### Create a new borg repo `mkdir ~/borg`
`borg init --encryption=none ~/borg/docker_backup` Note the lack of sudo for initialization, this allows regular user to browse it. But the script should be run as root to have full access. #### The backup script `borg_backup.sh` ```bash #!/bin/bash # INITIALIZE THE REPO WITH THE COMMAND: # borg init --encryption=none ~/borg/my_backup # THEN RUN THIS SCRIPT # ----------------------------------------------- BACKUP_THIS='/home/bastard/docker /etc' REPOSITORY='/home/bastard/borg/docker_backup' LOGFILE='/home/bastard/borg/borg_backup.log' # ----------------------------------------------- NOW=$(date +"%Y-%m-%d | %H:%M | ") echo "$NOW Starting Backup and Prune" >> $LOGFILE # CREATES NEW ARCHIVE IN PRESET REPOSITORY borg create \ $REPOSITORY::'{now:%s}' \ $BACKUP_THIS \ \ --compression zstd \ --one-file-system \ --exclude-caches \ --exclude-if-present '.nobackup' \ --exclude '/home/*/Downloads/' \ # DELETES ARCHIVES NOT FITTING KEEP-RULES borg prune -v --list $REPOSITORY \ --keep-daily=7 \ --keep-weekly=4 \ --keep-monthly=6 \ --keep-yearly=0 \ echo "$NOW Done" >> $LOGFILE echo '------------------------------' >> $LOGFILE # --- USEFULL SHIT --- # setup above ignores directories containing '.nobackup' file # make '.nobackup' imutable using chattr to prevent accidental removal # touch .nobackup # chattr +i .nobackup # in the repo folder, to list available backups: # borg list . # to mount one of them: # borg mount .::1584472836 ~/temp # to umount: # borg umount ~/temp # to delete single backup in a repo: # borg delete .::1584472836 ``` The script must be **executabe** - `chmod +x borg_backup.sh` ### Manual run `sudo ./borg_backup.sh` It could ask about *Attempting to access a previously unknown unencrypted repository*
Answer yes.
If we would initialize the repo with sudo then it would be no issue, but then non root user would not be able to enter the repo directory. ### Automatic execution Previously cron has been used, but decided to try systemd timers. [This](https://blog.andrewkeech.com/posts/170719_borg.html) is the source. # Accessing the backup files * go in to the borg repo
`cd /home/bastard/borg/docker_backup/` * list the archives
`sudo borg list .` * choose one by the date, copy its identifier which is epoch time, e.g. 1588986941 * mount it to some folder
`sudo borg mount .::1588986941 /mnt/temp` * browse the directory where the archive is mounted and do whatever is needed * umount the backup
`sudo borg umount /mnt/temp` # Extra info Test your backups, test your recovery procedure. # Remote backup Backing up borg repo to a network share or cloud using rclone *To be continued*