Edd1d ago

Been a while since I blogged, so it's time for the latest installment in "Edd massively over-complicates things with SSH certificates" This time, a post about how I got rid of the need to create a new sub account on my #Hetzner Storage Box every time I wanted to create a new VM and back it up with #Borg. Definitely easier ways to have achieved it, but it shows of the versatility of ssh certificates, and #StepCA that's powering them in my home lab.

https://i.am.eddmil.es/posts/sshcertsborg/

#Borgmatic #Homelab #ssh

Adapting Step CA's SSH user certificates to safely automate provisioning Borg backups on Hetzner Storage Boxes

Intro Over the Christmas break, I suffered a complete NAS failure, and thanks to QNAP’s custom extensions to the standard Linux software RAID, I wasn’t able to recover any data off it. Now, of course, I had backups; and everything I had backed up (except for my Bluesky PDS, which I barely use) restored absolutely fine. However, I was not backing everything up. This was because my backup setup for a new server in my home lab was largely a manual process, and there were a number of services I decided weren’t worth the effort. Having now had to spend the time rebuilding them all, I regret that decision, and so now I wanted to fix the issue, so the backups were automatically setup whenever I deployed a host. This post will explain how I achieved that using SSH Certificates, because I am an unapologetic SSH certificate fanboy.

I Am Edd Miles
MikaMay 2
I already use #Borg/#Borgmatic for my #Docker backups and dat was easy to setup. Then I tried doing the same thing for my #Kubernetes cluster, then realised it may not be that simple to backup the volumes - the databases, that was easy since Borgmatic supports that super easily. The PVCs tho, which uses #Longhorn underneath... I'm not too sure how to back them up - esp the RWO ones. One option I've found seems to be to set up backups, possible for Longhorn, to some #S3 storage location but ofc #MinIO is like, not an option now. Idk if finding a diff S3 option (#Garage? #RustFS?) is a good idea or, really, how do others back up data on their #K8s cluster in their #homelab/workplace?
borgmaticApr 20

borgmatic 2.1.5 has been released with mTLS support for the Loki monitoring hook and several fixes.

#borgmatic #borgbackup #backup

Release notes: https://projects.torsion.org/borgmatic-collective/borgmatic/releases/tag/2.1.5

borgmatic 2.1.5 - borgmatic-collective/borgmatic

* #1229: Document the permissions needed for the PostgreSQL database hook: https://torsion.org/borgmatic/reference/configuration/data-sources/postgresql/ * #1289: Add mutual TLS support for the Loki monitoring hook. See the documentation for more information: https://torsion.org/borgmatic...

projects.torsion.org
borgmaticApr 6

borgmatic 2.1.4 has been released with a stand-alone Linux binary, "info" and "repo-list" performance improvements, and several fixes.

#borgmatic #borgbackup #backup

Release notes: https://projects.torsion.org/borgmatic-collective/borgmatic/releases/tag/2.1.4

borgmatic 2.1.4 - borgmatic-collective/borgmatic

* #1266: Add a stand-alone borgmatic Linux binary to the release downloads to serve as another way to install borgmatic. Consider this binary a beta feature. * #1286: Fix a regression in which running borgmatic with no arguments and no configuration files doesn't error as expected. * #12...

projects.torsion.org
KuraikoApr 1

Does anyone know why my filesystem gets read only when I try to mount a #backup from #borgmatic?

(borgmatic mount --archive [...] )

It shows an error that the destination has to be writeable and tries again. After that the filesystem is in RO mode...

#borg #sysadmin #admin #linux

KuraikoApr 1

Does anyone know why my filesystem gets read only when I try to mount a #backup from #borgmatic?

(borgmatic mount --archive [...] )

It shows an error that the destination has to be writeable and tries again. After that the filesystem is in RO mode...

#borg #sysadmin #admin #linux

borgmaticMar 6

borgmatic 2.1.3 has been released with a "diff" action to show deltas between archives, a "config show" action to get computed borgmatic configuration, "spot" check improvements, and more.

#borgmatic #borgbackup #backup

Release notes: https://projects.torsion.org/borgmatic-collective/borgmatic/releases/tag/2.1.3

borgmatic

Simple, configuration-driven backup software for servers and workstations

projects.torsion.org
Daniel LakelandFeb 13

Ok, we've got a plan in place to repurpose the old fileserver as a new archive server. Needs the purchase of two largish NAS hard drives, and a full refresh of the OS and some scripting etc, but after that, we're good to go.

I'm gonna put #guix on it so it's reproducible in case the old device dies (motherboard is 9 years old), and gonna use #borgmatic to do the internal and offsite backup drives. The deduplication should make all this stuff work and we should be able to keep years of history

Daniel LakelandFeb 10

Ok, thanks to @borgmatic I have a backup that is running and sending data to a repurposed backup drive that used to be formatted to my old backup scheme and is now fully assimilated to the borg.

I'm gonna run it for a few weeks, then convert my other hard drive that I swap between... and once those have run for a month or two I'll swap one of them to my offsite location and convert my current offsite drive. Slow, steady, and with a fallback at all times!

#borgmatic #borgbackup #borg

Daniel LakelandFeb 10

#borgmatic friends. I have several backup drives that I rotate through. If I list each of their mount points in the borgmatic config, and the drive isn't mounted so the path doesn't exist, will borgmatic error out, or continue with the additionally listed destinations?

ideally It'd just update whatever drives I have mounted, and skip over whatever ones I don't.

#borgbackup #borg