···

       
1
       
1
       
+
       
# BorgBackup {#module-borgbase}

     

       
2
       
2
       
+
       


     

       
3
       
3
       
+
       
*Source:* {file}`modules/services/backup/borgbackup.nix`

     

       
4
       
4
       
+
       


     

       
5
       
5
       
+
       
*Upstream documentation:* <https://borgbackup.readthedocs.io/>

     

       
6
       
6
       
+
       


     

       
7
       
7
       
+
       
[BorgBackup](https://www.borgbackup.org/) (short: Borg)

     

       
8
       
8
       
+
       
is a deduplicating backup program. Optionally, it supports compression and

     

       
9
       
9
       
+
       
authenticated encryption.

     

       
10
       
10
       
+
       


     

       
11
       
11
       
+
       
The main goal of Borg is to provide an efficient and secure way to backup

     

       
12
       
12
       
+
       
data. The data deduplication technique used makes Borg suitable for daily

     

       
13
       
13
       
+
       
backups since only changes are stored. The authenticated encryption technique

     

       
14
       
14
       
+
       
makes it suitable for backups to not fully trusted targets.

     

       
15
       
15
       
+
       


     

       
16
       
16
       
+
       
## Configuring {#module-services-backup-borgbackup-configuring}

     

       
17
       
17
       
+
       


     

       
18
       
18
       
+
       
A complete list of options for the Borgbase module may be found

     

       
19
       
19
       
+
       
[here](#opt-services.borgbackup.jobs).

     

       
20
       
20
       
+
       


     

       
21
       
21
       
+
       
## Basic usage for a local backup {#opt-services-backup-borgbackup-local-directory}

     

       
22
       
22
       
+
       


     

       
23
       
23
       
+
       
A very basic configuration for backing up to a locally accessible directory is:

     

       
24
       
24
       
+
       
```

     

       
25
       
25
       
+
       
{

     

       
26
       
26
       
+
       
    opt.services.borgbackup.jobs = {

     

       
27
       
27
       
+
       
      { rootBackup = {

     

       
28
       
28
       
+
       
          paths = "/";

     

       
29
       
29
       
+
       
          exclude = [ "/nix" "/path/to/local/repo" ];

     

       
30
       
30
       
+
       
          repo = "/path/to/local/repo";

     

       
31
       
31
       
+
       
          doInit = true;

     

       
32
       
32
       
+
       
          encryption = {

     

       
33
       
33
       
+
       
            mode = "repokey";

     

       
34
       
34
       
+
       
            passphrase = "secret";

     

       
35
       
35
       
+
       
          };

     

       
36
       
36
       
+
       
          compression = "auto,lzma";

     

       
37
       
37
       
+
       
          startAt = "weekly";

     

       
38
       
38
       
+
       
        };

     

       
39
       
39
       
+
       
      }

     

       
40
       
40
       
+
       
    };

     

       
41
       
41
       
+
       
}

     

       
42
       
42
       
+
       
```

     

       
43
       
43
       
+
       


     

       
44
       
44
       
+
       
::: {.warning}

     

       
45
       
45
       
+
       
If you do not want the passphrase to be stored in the world-readable

     

       
46
       
46
       
+
       
Nix store, use passCommand. You find an example below.

     

       
47
       
47
       
+
       
:::

     

       
48
       
48
       
+
       


     

       
49
       
49
       
+
       
## Create a borg backup server {#opt-services-backup-create-server}

     

       
50
       
50
       
+
       


     

       
51
       
51
       
+
       
You should use a different SSH key for each repository you write to,

     

       
52
       
52
       
+
       
because the specified keys are restricted to running borg serve and can only

     

       
53
       
53
       
+
       
access this single repository. You need the output of the generate pub file.

     

       
54
       
54
       
+
       


     

       
55
       
55
       
+
       
```ShellSession

     

       
56
       
56
       
+
       
# sudo ssh-keygen -N '' -t ed25519 -f /run/keys/id_ed25519_my_borg_repo

     

       
57
       
57
       
+
       
# cat /run/keys/id_ed25519_my_borg_repo

     

       
58
       
58
       
+
       
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID78zmOyA+5uPG4Ot0hfAy+sLDPU1L4AiIoRYEIVbbQ/ root@nixos

     

       
59
       
59
       
+
       
```

     

       
60
       
60
       
+
       


     

       
61
       
61
       
+
       
Add the following snippet to your NixOS configuration:

     

       
62
       
62
       
+
       
```

     

       
63
       
63
       
+
       
{

     

       
64
       
64
       
+
       
  services.borgbackup.repos = {

     

       
65
       
65
       
+
       
    my_borg_repo = {

     

       
66
       
66
       
+
       
      authorizedKeys = [

     

       
67
       
67
       
+
       
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID78zmOyA+5uPG4Ot0hfAy+sLDPU1L4AiIoRYEIVbbQ/ root@nixos"

     

       
68
       
68
       
+
       
      ] ;

     

       
69
       
69
       
+
       
      path = "/var/lib/my_borg_repo" ;

     

       
70
       
70
       
+
       
    };

     

       
71
       
71
       
+
       
  };

     

       
72
       
72
       
+
       
}

     

       
73
       
73
       
+
       
```

     

       
74
       
74
       
+
       


     

       
75
       
75
       
+
       
## Backup to the borg repository server {#opt-services-backup-borgbackup-remote-server}

     

       
76
       
76
       
+
       


     

       
77
       
77
       
+
       
The following NixOS snippet creates an hourly backup to the service

     

       
78
       
78
       
+
       
(on the host nixos) as created in the section above. We assume

     

       
79
       
79
       
+
       
that you have stored a secret passphrasse in the file

     

       
80
       
80
       
+
       
{file}`/run/keys/borgbackup_passphrase`, which should be only

     

       
81
       
81
       
+
       
accessible by root

     

       
82
       
82
       
+
       


     

       
83
       
83
       
+
       
```

     

       
84
       
84
       
+
       
{

     

       
85
       
85
       
+
       
  services.borgbackup.jobs = {

     

       
86
       
86
       
+
       
    backupToLocalServer = {

     

       
87
       
87
       
+
       
      paths = [ "/etc/nixos" ];

     

       
88
       
88
       
+
       
      doInit = true;

     

       
89
       
89
       
+
       
      repo =  "borg@nixos:." ;

     

       
90
       
90
       
+
       
      encryption = {

     

       
91
       
91
       
+
       
        mode = "repokey-blake2";

     

       
92
       
92
       
+
       
        passCommand = "cat /run/keys/borgbackup_passphrase";

     

       
93
       
93
       
+
       
      };

     

       
94
       
94
       
+
       
      environment = { BORG_RSH = "ssh -i /run/keys/id_ed25519_my_borg_repo"; };

     

       
95
       
95
       
+
       
      compression = "auto,lzma";

     

       
96
       
96
       
+
       
      startAt = "hourly";

     

       
97
       
97
       
+
       
    };

     

       
98
       
98
       
+
       
  };

     

       
99
       
99
       
+
       
};

     

       
100
       
100
       
+
       
```

     

       
101
       
101
       
+
       


     

       
102
       
102
       
+
       
The following few commands (run as root) let you test your backup.

     

       
103
       
103
       
+
       
```

     

       
104
       
104
       
+
       
> nixos-rebuild switch

     

       
105
       
105
       
+
       
...restarting the following units: polkit.service

     

       
106
       
106
       
+
       
> systemctl restart borgbackup-job-backupToLocalServer

     

       
107
       
107
       
+
       
> sleep 10

     

       
108
       
108
       
+
       
> systemctl restart borgbackup-job-backupToLocalServer

     

       
109
       
109
       
+
       
> export BORG_PASSPHRASE=topSecrect

     

       
110
       
110
       
+
       
> borg list --rsh='ssh -i /run/keys/id_ed25519_my_borg_repo' borg@nixos:.

     

       
111
       
111
       
+
       
nixos-backupToLocalServer-2020-03-30T21:46:17 Mon, 2020-03-30 21:46:19 [84feb97710954931ca384182f5f3cb90665f35cef214760abd7350fb064786ac]

     

       
112
       
112
       
+
       
nixos-backupToLocalServer-2020-03-30T21:46:30 Mon, 2020-03-30 21:46:32 [e77321694ecd160ca2228611747c6ad1be177d6e0d894538898de7a2621b6e68]

     

       
113
       
113
       
+
       
```

     

       
114
       
114
       
+
       


     

       
115
       
115
       
+
       
## Backup to a hosting service {#opt-services-backup-borgbackup-borgbase}

     

       
116
       
116
       
+
       


     

       
117
       
117
       
+
       
Several companies offer [(paid) hosting services](https://www.borgbackup.org/support/commercial.html)

     

       
118
       
118
       
+
       
for Borg repositories.

     

       
119
       
119
       
+
       


     

       
120
       
120
       
+
       
To backup your home directory to borgbase you have to:

     

       
121
       
121
       
+
       


     

       
122
       
122
       
+
       
  - Generate a SSH key without a password, to access the remote server. E.g.

     

       
123
       
123
       
+
       


     

       
124
       
124
       
+
       
        sudo ssh-keygen -N '' -t ed25519 -f /run/keys/id_ed25519_borgbase

     

       
125
       
125
       
+
       


     

       
126
       
126
       
+
       
  - Create the repository on the server by following the instructions for your

     

       
127
       
127
       
+
       
    hosting server.

     

       
128
       
128
       
+
       
  - Initialize the repository on the server. Eg.

     

       
129
       
129
       
+
       


     

       
130
       
130
       
+
       
        sudo borg init --encryption=repokey-blake2  \

     

       
131
       
131
       
+
       
            -rsh "ssh -i /run/keys/id_ed25519_borgbase" \

     

       
132
       
132
       
+
       
            zzz2aaaaa@zzz2aaaaa.repo.borgbase.com:repo

     

       
133
       
133
       
+
       


     

       
134
       
134
       
+
       
  - Add it to your NixOS configuration, e.g.

     

       
135
       
135
       
+
       


     

       
136
       
136
       
+
       
        {

     

       
137
       
137
       
+
       
            services.borgbackup.jobs = {

     

       
138
       
138
       
+
       
            my_Remote_Backup = {

     

       
139
       
139
       
+
       
                paths = [ "/" ];

     

       
140
       
140
       
+
       
                exclude = [ "/nix" "'**/.cache'" ];

     

       
141
       
141
       
+
       
                repo =  "zzz2aaaaa@zzz2aaaaa.repo.borgbase.com:repo";

     

       
142
       
142
       
+
       
                  encryption = {

     

       
143
       
143
       
+
       
                  mode = "repokey-blake2";

     

       
144
       
144
       
+
       
                  passCommand = "cat /run/keys/borgbackup_passphrase";

     

       
145
       
145
       
+
       
                };

     

       
146
       
146
       
+
       
                environment = { BORG_RSH = "ssh -i /run/keys/id_ed25519_borgbase"; };

     

       
147
       
147
       
+
       
                compression = "auto,lzma";

     

       
148
       
148
       
+
       
                startAt = "daily";

     

       
149
       
149
       
+
       
            };

     

       
150
       
150
       
+
       
          };

     

       
151
       
151
       
+
       
        }}

     

       
152
       
152
       
+
       


     

       
153
       
153
       
+
       
## Vorta backup client for the desktop {#opt-services-backup-borgbackup-vorta}

     

       
154
       
154
       
+
       


     

       
155
       
155
       
+
       
Vorta is a backup client for macOS and Linux desktops. It integrates the

     

       
156
       
156
       
+
       
mighty BorgBackup with your desktop environment to protect your data from

     

       
157
       
157
       
+
       
disk failure, ransomware and theft.

     

       
158
       
158
       
+
       


     

       
159
       
159
       
+
       
It can be installed in NixOS e.g. by adding `pkgs.vorta`

     

       
160
       
160
       
+
       
to [](#opt-environment.systemPackages).

     

       
161
       
161
       
+
       


     

       
162
       
162
       
+
       
Details about using Vorta can be found under

     

       
163
       
163
       
+
       
[https://vorta.borgbase.com](https://vorta.borgbase.com/usage) .

     

···

       
226
       
226
       
 
       


     

       
227
       
227
       
 
       
in {

     

       
228
       
228
       
 
       
  meta.maintainers = with maintainers; [ dotlambda ];

     

       
229
       
229
       
+
       
  # Don't edit the docbook xml directly, edit the md and generate it:

     

       
230
       
230
       
+
       
  # `pandoc borgbackup.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > borgbackup.xml`

     

       
229
       
231
       
 
       
  meta.doc = ./borgbackup.xml;

     

       
230
       
232
       
 
       


     

       
231
       
233
       
 
       
  ###### interface

     

···

       
1
       
1
       
-
       
<chapter xmlns="http://docbook.org/ns/docbook"

     

       
2
       
2
       
-
       
         xmlns:xlink="http://www.w3.org/1999/xlink"

     

       
3
       
3
       
-
       
         xmlns:xi="http://www.w3.org/2001/XInclude"

     

       
4
       
4
       
-
       
         version="5.0"

     

       
5
       
5
       
-
       
         xml:id="module-borgbase">

     

       
6
       
6
       
-
       
 <title>BorgBackup</title>

     

       
1
       
1
       
+
       
<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="module-borgbase">

     

       
2
       
2
       
+
       
  <title>BorgBackup</title>

     

       
7
       
3
       
 
       
  <para>

     

       
8
       
8
       
-
       
  <emphasis>Source:</emphasis>

     

       
9
       
9
       
-
       
  <filename>modules/services/backup/borgbackup.nix</filename>

     

       
10
       
10
       
-
       
 </para>

     

       
11
       
11
       
-
       
 <para>

     

       
12
       
12
       
-
       
  <emphasis>Upstream documentation:</emphasis>

     

       
13
       
13
       
-
       
  <link xlink:href="https://borgbackup.readthedocs.io/"/>

     

       
14
       
14
       
-
       
 </para>

     

       
15
       
15
       
-
       
 <para>

     

       
16
       
16
       
-
       
  <link xlink:href="https://www.borgbackup.org/">BorgBackup</link> (short: Borg)

     

       
17
       
17
       
-
       
  is a deduplicating backup program. Optionally, it supports compression and

     

       
18
       
18
       
-
       
  authenticated encryption.

     

       
4
       
4
       
+
       
    <emphasis>Source:</emphasis>

     

       
5
       
5
       
+
       
    <filename>modules/services/backup/borgbackup.nix</filename>

     

       
19
       
6
       
 
       
  </para>

     

       
20
       
7
       
 
       
  <para>

     

       
21
       
21
       
-
       
  The main goal of Borg is to provide an efficient and secure way to backup

     

       
22
       
22
       
-
       
  data. The data deduplication technique used makes Borg suitable for daily

     

       
23
       
23
       
-
       
  backups since only changes are stored. The authenticated encryption technique

     

       
24
       
24
       
-
       
  makes it suitable for backups to not fully trusted targets.

     

       
25
       
25
       
-
       
 </para>

     

       
26
       
26
       
-
       
  <section xml:id="module-services-backup-borgbackup-configuring">

     

       
27
       
27
       
-
       
  <title>Configuring</title>

     

       
8
       
8
       
+
       
    <emphasis>Upstream documentation:</emphasis>

     

       
9
       
9
       
+
       
    <link xlink:href="https://borgbackup.readthedocs.io/" role="uri">https://borgbackup.readthedocs.io/</link>

     

       
10
       
10
       
+
       
  </para>

     

       
28
       
11
       
 
       
  <para>

     

       
29
       
29
       
-
       
   A complete list of options for the Borgbase module may be found

     

       
30
       
30
       
-
       
   <link linkend="opt-services.borgbackup.jobs">here</link>.

     

       
12
       
12
       
+
       
    <link xlink:href="https://www.borgbackup.org/">BorgBackup</link>

     

       
13
       
13
       
+
       
    (short: Borg) is a deduplicating backup program. Optionally, it

     

       
14
       
14
       
+
       
    supports compression and authenticated encryption.

     

       
31
       
15
       
 
       
  </para>

     

       
32
       
32
       
-
       
</section>

     

       
33
       
33
       
-
       
 <section xml:id="opt-services-backup-borgbackup-local-directory">

     

       
34
       
34
       
-
       
  <title>Basic usage for a local backup</title>

     

       
35
       
35
       
-
       


     

       
36
       
16
       
 
       
  <para>

     

       
37
       
37
       
-
       
   A very basic configuration for backing up to a locally accessible directory

     

       
38
       
38
       
-
       
   is:

     

       
39
       
39
       
-
       
<programlisting>

     

       
17
       
17
       
+
       
    The main goal of Borg is to provide an efficient and secure way to

     

       
18
       
18
       
+
       
    backup data. The data deduplication technique used makes Borg

     

       
19
       
19
       
+
       
    suitable for daily backups since only changes are stored. The

     

       
20
       
20
       
+
       
    authenticated encryption technique makes it suitable for backups to

     

       
21
       
21
       
+
       
    not fully trusted targets.

     

       
22
       
22
       
+
       
  </para>

     

       
23
       
23
       
+
       
  <section xml:id="module-services-backup-borgbackup-configuring">

     

       
24
       
24
       
+
       
    <title>Configuring</title>

     

       
25
       
25
       
+
       
    <para>

     

       
26
       
26
       
+
       
      A complete list of options for the Borgbase module may be found

     

       
27
       
27
       
+
       
      <link linkend="opt-services.borgbackup.jobs">here</link>.

     

       
28
       
28
       
+
       
    </para>

     

       
29
       
29
       
+
       
  </section>

     

       
30
       
30
       
+
       
  <section xml:id="opt-services-backup-borgbackup-local-directory">

     

       
31
       
31
       
+
       
    <title>Basic usage for a local backup</title>

     

       
32
       
32
       
+
       
    <para>

     

       
33
       
33
       
+
       
      A very basic configuration for backing up to a locally accessible

     

       
34
       
34
       
+
       
      directory is:

     

       
35
       
35
       
+
       
    </para>

     

       
36
       
36
       
+
       
    <programlisting>

     

       
40
       
37
       
 
       
{

     

       
41
       
38
       
 
       
    opt.services.borgbackup.jobs = {

     

       
42
       
39
       
 
       
      { rootBackup = {

     

       
43
       
43
       
-
       
          paths = "/";

     

       
44
       
44
       
-
       
          exclude = [ "/nix" "/path/to/local/repo" ];

     

       
45
       
45
       
-
       
          repo = "/path/to/local/repo";

     

       
40
       
40
       
+
       
          paths = &quot;/&quot;;

     

       
41
       
41
       
+
       
          exclude = [ &quot;/nix&quot; &quot;/path/to/local/repo&quot; ];

     

       
42
       
42
       
+
       
          repo = &quot;/path/to/local/repo&quot;;

     

       
46
       
43
       
 
       
          doInit = true;

     

       
47
       
44
       
 
       
          encryption = {

     

       
48
       
48
       
-
       
            mode = "repokey";

     

       
49
       
49
       
-
       
            passphrase = "secret";

     

       
45
       
45
       
+
       
            mode = &quot;repokey&quot;;

     

       
46
       
46
       
+
       
            passphrase = &quot;secret&quot;;

     

       
50
       
47
       
 
       
          };

     

       
51
       
51
       
-
       
          compression = "auto,lzma";

     

       
52
       
52
       
-
       
          startAt = "weekly";

     

       
48
       
48
       
+
       
          compression = &quot;auto,lzma&quot;;

     

       
49
       
49
       
+
       
          startAt = &quot;weekly&quot;;

     

       
53
       
50
       
 
       
        };

     

       
54
       
51
       
 
       
      }

     

       
55
       
52
       
 
       
    };

     

       
56
       
53
       
 
       
}

     

       
57
       
54
       
 
       
</programlisting>

     

       
58
       
58
       
-
       
  </para>

     

       
59
       
59
       
-
       
  <warning>

     

       
55
       
55
       
+
       
    <warning>

     

       
56
       
56
       
+
       
      <para>

     

       
57
       
57
       
+
       
        If you do not want the passphrase to be stored in the

     

       
58
       
58
       
+
       
        world-readable Nix store, use passCommand. You find an example

     

       
59
       
59
       
+
       
        below.

     

       
60
       
60
       
+
       
      </para>

     

       
61
       
61
       
+
       
    </warning>

     

       
62
       
62
       
+
       
  </section>

     

       
63
       
63
       
+
       
  <section xml:id="opt-services-backup-create-server">

     

       
64
       
64
       
+
       
    <title>Create a borg backup server</title>

     

       
60
       
65
       
 
       
    <para>

     

       
61
       
61
       
-
       
        If you do not want the passphrase to be stored in the world-readable

     

       
62
       
62
       
-
       
        Nix store, use passCommand. You find an example below.

     

       
66
       
66
       
+
       
      You should use a different SSH key for each repository you write

     

       
67
       
67
       
+
       
      to, because the specified keys are restricted to running borg

     

       
68
       
68
       
+
       
      serve and can only access this single repository. You need the

     

       
69
       
69
       
+
       
      output of the generate pub file.

     

       
63
       
70
       
 
       
    </para>

     

       
64
       
64
       
-
       
  </warning>

     

       
65
       
65
       
-
       
 </section>

     

       
66
       
66
       
-
       
<section xml:id="opt-services-backup-create-server">

     

       
67
       
67
       
-
       
  <title>Create a borg backup server</title>

     

       
68
       
68
       
-
       
  <para>You should use a different SSH key for each repository you write to,

     

       
69
       
69
       
-
       
    because the specified keys are restricted to running borg serve and can only

     

       
70
       
70
       
-
       
    access this single repository. You need the output of the generate pub file.

     

       
71
       
71
       
-
       
  </para>

     

       
72
       
72
       
-
       
    <para>

     

       
73
       
73
       
-
       
<screen>

     

       
74
       
74
       
-
       
<prompt># </prompt>sudo ssh-keygen -N '' -t ed25519 -f /run/keys/id_ed25519_my_borg_repo

     

       
75
       
75
       
-
       
<prompt># </prompt>cat /run/keys/id_ed25519_my_borg_repo

     

       
71
       
71
       
+
       
    <programlisting>

     

       
72
       
72
       
+
       
# sudo ssh-keygen -N '' -t ed25519 -f /run/keys/id_ed25519_my_borg_repo

     

       
73
       
73
       
+
       
# cat /run/keys/id_ed25519_my_borg_repo

     

       
76
       
74
       
 
       
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID78zmOyA+5uPG4Ot0hfAy+sLDPU1L4AiIoRYEIVbbQ/ root@nixos

     

       
77
       
77
       
-
       
</screen>

     

       
78
       
78
       
-
       
    </para>

     

       
75
       
75
       
+
       
</programlisting>

     

       
79
       
76
       
 
       
    <para>

     

       
80
       
77
       
 
       
      Add the following snippet to your NixOS configuration:

     

       
81
       
81
       
-
       
      <programlisting>

     

       
78
       
78
       
+
       
    </para>

     

       
79
       
79
       
+
       
    <programlisting>

     

       
82
       
80
       
 
       
{

     

       
83
       
81
       
 
       
  services.borgbackup.repos = {

     

       
84
       
82
       
 
       
    my_borg_repo = {

     

       
85
       
83
       
 
       
      authorizedKeys = [

     

       
86
       
86
       
-
       
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID78zmOyA+5uPG4Ot0hfAy+sLDPU1L4AiIoRYEIVbbQ/ root@nixos"

     

       
84
       
84
       
+
       
        &quot;ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID78zmOyA+5uPG4Ot0hfAy+sLDPU1L4AiIoRYEIVbbQ/ root@nixos&quot;

     

       
87
       
85
       
 
       
      ] ;

     

       
88
       
88
       
-
       
      path = "/var/lib/my_borg_repo" ;

     

       
86
       
86
       
+
       
      path = &quot;/var/lib/my_borg_repo&quot; ;

     

       
89
       
87
       
 
       
    };

     

       
90
       
88
       
 
       
  };

     

       
91
       
89
       
 
       
}

     

       
92
       
90
       
 
       
</programlisting>

     

       
91
       
91
       
+
       
  </section>

     

       
92
       
92
       
+
       
  <section xml:id="opt-services-backup-borgbackup-remote-server">

     

       
93
       
93
       
+
       
    <title>Backup to the borg repository server</title>

     

       
94
       
94
       
+
       
    <para>

     

       
95
       
95
       
+
       
      The following NixOS snippet creates an hourly backup to the

     

       
96
       
96
       
+
       
      service (on the host nixos) as created in the section above. We

     

       
97
       
97
       
+
       
      assume that you have stored a secret passphrasse in the file

     

       
98
       
98
       
+
       
      <filename>/run/keys/borgbackup_passphrase</filename>, which should

     

       
99
       
99
       
+
       
      be only accessible by root

     

       
93
       
100
       
 
       
    </para>

     

       
94
       
94
       
-
       
</section>

     

       
95
       
95
       
-
       


     

       
96
       
96
       
-
       
 <section xml:id="opt-services-backup-borgbackup-remote-server">

     

       
97
       
97
       
-
       
  <title>Backup to the borg repository server</title>

     

       
98
       
98
       
-
       
  <para>The following NixOS snippet creates an hourly backup to the service

     

       
99
       
99
       
-
       
    (on the host nixos) as created in the section above. We assume

     

       
100
       
100
       
-
       
    that you have stored a secret passphrasse in the file

     

       
101
       
101
       
-
       
    <filename>/run/keys/borgbackup_passphrase</filename>, which should be only

     

       
102
       
102
       
-
       
    accessible by root

     

       
103
       
103
       
-
       
  </para>

     

       
104
       
104
       
-
       
  <para>

     

       
105
       
105
       
-
       
      <programlisting>

     

       
101
       
101
       
+
       
    <programlisting>

     

       
106
       
102
       
 
       
{

     

       
107
       
103
       
 
       
  services.borgbackup.jobs = {

     

       
108
       
104
       
 
       
    backupToLocalServer = {

     

       
109
       
109
       
-
       
      paths = [ "/etc/nixos" ];

     

       
105
       
105
       
+
       
      paths = [ &quot;/etc/nixos&quot; ];

     

       
110
       
106
       
 
       
      doInit = true;

     

       
111
       
111
       
-
       
      repo =  "borg@nixos:." ;

     

       
107
       
107
       
+
       
      repo =  &quot;borg@nixos:.&quot; ;

     

       
112
       
108
       
 
       
      encryption = {

     

       
113
       
113
       
-
       
        mode = "repokey-blake2";

     

       
114
       
114
       
-
       
        passCommand = "cat /run/keys/borgbackup_passphrase";

     

       
109
       
109
       
+
       
        mode = &quot;repokey-blake2&quot;;

     

       
110
       
110
       
+
       
        passCommand = &quot;cat /run/keys/borgbackup_passphrase&quot;;

     

       
115
       
111
       
 
       
      };

     

       
116
       
116
       
-
       
      environment = { BORG_RSH = "ssh -i /run/keys/id_ed25519_my_borg_repo"; };

     

       
117
       
117
       
-
       
      compression = "auto,lzma";

     

       
118
       
118
       
-
       
      startAt = "hourly";

     

       
112
       
112
       
+
       
      environment = { BORG_RSH = &quot;ssh -i /run/keys/id_ed25519_my_borg_repo&quot;; };

     

       
113
       
113
       
+
       
      compression = &quot;auto,lzma&quot;;

     

       
114
       
114
       
+
       
      startAt = &quot;hourly&quot;;

     

       
119
       
115
       
 
       
    };

     

       
120
       
116
       
 
       
  };

     

       
121
       
117
       
 
       
};

     

       
122
       
118
       
 
       
</programlisting>

     

       
123
       
123
       
-
       
  </para>

     

       
124
       
124
       
-
       
  <para>The following few commands (run as root) let you test your backup.

     

       
125
       
125
       
-
       
      <programlisting>

     

       
126
       
126
       
-
       
> nixos-rebuild switch

     

       
119
       
119
       
+
       
    <para>

     

       
120
       
120
       
+
       
      The following few commands (run as root) let you test your backup.

     

       
121
       
121
       
+
       
    </para>

     

       
122
       
122
       
+
       
    <programlisting>

     

       
123
       
123
       
+
       
&gt; nixos-rebuild switch

     

       
127
       
124
       
 
       
...restarting the following units: polkit.service

     

       
128
       
128
       
-
       
> systemctl restart borgbackup-job-backupToLocalServer

     

       
129
       
129
       
-
       
> sleep 10

     

       
130
       
130
       
-
       
> systemctl restart borgbackup-job-backupToLocalServer

     

       
131
       
131
       
-
       
> export BORG_PASSPHRASE=topSecrect

     

       
132
       
132
       
-
       
> borg list --rsh='ssh -i /run/keys/id_ed25519_my_borg_repo' borg@nixos:.

     

       
125
       
125
       
+
       
&gt; systemctl restart borgbackup-job-backupToLocalServer

     

       
126
       
126
       
+
       
&gt; sleep 10

     

       
127
       
127
       
+
       
&gt; systemctl restart borgbackup-job-backupToLocalServer

     

       
128
       
128
       
+
       
&gt; export BORG_PASSPHRASE=topSecrect

     

       
129
       
129
       
+
       
&gt; borg list --rsh='ssh -i /run/keys/id_ed25519_my_borg_repo' borg@nixos:.

     

       
133
       
130
       
 
       
nixos-backupToLocalServer-2020-03-30T21:46:17 Mon, 2020-03-30 21:46:19 [84feb97710954931ca384182f5f3cb90665f35cef214760abd7350fb064786ac]

     

       
134
       
131
       
 
       
nixos-backupToLocalServer-2020-03-30T21:46:30 Mon, 2020-03-30 21:46:32 [e77321694ecd160ca2228611747c6ad1be177d6e0d894538898de7a2621b6e68]

     

       
135
       
132
       
 
       
</programlisting>

     

       
133
       
133
       
+
       
  </section>

     

       
134
       
134
       
+
       
  <section xml:id="opt-services-backup-borgbackup-borgbase">

     

       
135
       
135
       
+
       
    <title>Backup to a hosting service</title>

     

       
136
       
136
       
+
       
    <para>

     

       
137
       
137
       
+
       
      Several companies offer

     

       
138
       
138
       
+
       
      <link xlink:href="https://www.borgbackup.org/support/commercial.html">(paid)

     

       
139
       
139
       
+
       
      hosting services</link> for Borg repositories.

     

       
136
       
140
       
 
       
    </para>

     

       
137
       
137
       
-
       
</section>

     

       
138
       
138
       
-
       


     

       
139
       
139
       
-
       
 <section xml:id="opt-services-backup-borgbackup-borgbase">

     

       
140
       
140
       
-
       
  <title>Backup to a hosting service</title>

     

       
141
       
141
       
-
       


     

       
142
       
142
       
-
       
  <para>

     

       
143
       
143
       
-
       
    Several companies offer <link

     

       
144
       
144
       
-
       
      xlink:href="https://www.borgbackup.org/support/commercial.html">(paid)

     

       
145
       
145
       
-
       
      hosting services</link> for Borg repositories.

     

       
146
       
146
       
-
       
  </para>

     

       
147
       
147
       
-
       
  <para>

     

       
148
       
148
       
-
       
    To backup your home directory to borgbase you have to:

     

       
149
       
149
       
-
       
  </para>

     

       
150
       
150
       
-
       
  <itemizedlist>

     

       
151
       
151
       
-
       
  <listitem>

     

       
152
       
141
       
 
       
    <para>

     

       
153
       
153
       
-
       
      Generate a SSH key without a password, to access the remote server. E.g.

     

       
142
       
142
       
+
       
      To backup your home directory to borgbase you have to:

     

       
154
       
143
       
 
       
    </para>

     

       
155
       
155
       
-
       
    <para>

     

       
144
       
144
       
+
       
    <itemizedlist>

     

       
145
       
145
       
+
       
      <listitem>

     

       
146
       
146
       
+
       
        <para>

     

       
147
       
147
       
+
       
          Generate a SSH key without a password, to access the remote

     

       
148
       
148
       
+
       
          server. E.g.

     

       
149
       
149
       
+
       
        </para>

     

       
156
       
150
       
 
       
        <programlisting>

     

       
157
       
151
       
 
       
sudo ssh-keygen -N '' -t ed25519 -f /run/keys/id_ed25519_borgbase

     

       
158
       
152
       
 
       
</programlisting>

     

       
159
       
159
       
-
       
    </para>

     

       
160
       
160
       
-
       
  </listitem>

     

       
161
       
161
       
-
       
  <listitem>

     

       
162
       
162
       
-
       
    <para>

     

       
163
       
163
       
-
       
      Create the repository on the server by following the instructions for your

     

       
164
       
164
       
-
       
      hosting server.

     

       
165
       
165
       
-
       
    </para>

     

       
166
       
166
       
-
       
  </listitem>

     

       
167
       
167
       
-
       
  <listitem>

     

       
168
       
168
       
-
       
    <para>

     

       
169
       
169
       
-
       
      Initialize the repository on the server. Eg.

     

       
170
       
170
       
-
       
      <programlisting>

     

       
153
       
153
       
+
       
      </listitem>

     

       
154
       
154
       
+
       
      <listitem>

     

       
155
       
155
       
+
       
        <para>

     

       
156
       
156
       
+
       
          Create the repository on the server by following the

     

       
157
       
157
       
+
       
          instructions for your hosting server.

     

       
158
       
158
       
+
       
        </para>

     

       
159
       
159
       
+
       
      </listitem>

     

       
160
       
160
       
+
       
      <listitem>

     

       
161
       
161
       
+
       
        <para>

     

       
162
       
162
       
+
       
          Initialize the repository on the server. Eg.

     

       
163
       
163
       
+
       
        </para>

     

       
164
       
164
       
+
       
        <programlisting>

     

       
171
       
165
       
 
       
sudo borg init --encryption=repokey-blake2  \

     

       
172
       
172
       
-
       
    -rsh "ssh -i /run/keys/id_ed25519_borgbase" \

     

       
166
       
166
       
+
       
    -rsh &quot;ssh -i /run/keys/id_ed25519_borgbase&quot; \

     

       
173
       
167
       
 
       
    zzz2aaaaa@zzz2aaaaa.repo.borgbase.com:repo

     

       
174
       
168
       
 
       
</programlisting>

     

       
175
       
175
       
-
       
  </para>

     

       
176
       
176
       
-
       
  </listitem>

     

       
177
       
177
       
-
       
  <listitem>

     

       
178
       
178
       
-
       
<para>Add it to your NixOS configuration, e.g.

     

       
179
       
179
       
-
       
<programlisting>

     

       
169
       
169
       
+
       
      </listitem>

     

       
170
       
170
       
+
       
      <listitem>

     

       
171
       
171
       
+
       
        <para>

     

       
172
       
172
       
+
       
          Add it to your NixOS configuration, e.g.

     

       
173
       
173
       
+
       
        </para>

     

       
174
       
174
       
+
       
        <programlisting>

     

       
180
       
175
       
 
       
{

     

       
181
       
176
       
 
       
    services.borgbackup.jobs = {

     

       
182
       
177
       
 
       
    my_Remote_Backup = {

     

       
183
       
183
       
-
       
        paths = [ "/" ];

     

       
184
       
184
       
-
       
        exclude = [ "/nix" "'**/.cache'" ];

     

       
185
       
185
       
-
       
        repo =  "zzz2aaaaa@zzz2aaaaa.repo.borgbase.com:repo";

     

       
178
       
178
       
+
       
        paths = [ &quot;/&quot; ];

     

       
179
       
179
       
+
       
        exclude = [ &quot;/nix&quot; &quot;'**/.cache'&quot; ];

     

       
180
       
180
       
+
       
        repo =  &quot;zzz2aaaaa@zzz2aaaaa.repo.borgbase.com:repo&quot;;

     

       
186
       
181
       
 
       
          encryption = {

     

       
187
       
187
       
-
       
          mode = "repokey-blake2";

     

       
188
       
188
       
-
       
          passCommand = "cat /run/keys/borgbackup_passphrase";

     

       
182
       
182
       
+
       
          mode = &quot;repokey-blake2&quot;;

     

       
183
       
183
       
+
       
          passCommand = &quot;cat /run/keys/borgbackup_passphrase&quot;;

     

       
189
       
184
       
 
       
        };

     

       
190
       
190
       
-
       
        environment = { BORG_RSH = "ssh -i /run/keys/id_ed25519_borgbase"; };

     

       
191
       
191
       
-
       
        compression = "auto,lzma";

     

       
192
       
192
       
-
       
        startAt = "daily";

     

       
185
       
185
       
+
       
        environment = { BORG_RSH = &quot;ssh -i /run/keys/id_ed25519_borgbase&quot;; };

     

       
186
       
186
       
+
       
        compression = &quot;auto,lzma&quot;;

     

       
187
       
187
       
+
       
        startAt = &quot;daily&quot;;

     

       
193
       
188
       
 
       
    };

     

       
194
       
189
       
 
       
  };

     

       
195
       
190
       
 
       
}}

     

       
196
       
191
       
 
       
</programlisting>

     

       
197
       
197
       
-
       
  </para>

     

       
198
       
198
       
-
       
  </listitem>

     

       
199
       
199
       
-
       
</itemizedlist>

     

       
200
       
200
       
-
       
 </section>

     

       
192
       
192
       
+
       
      </listitem>

     

       
193
       
193
       
+
       
    </itemizedlist>

     

       
194
       
194
       
+
       
  </section>

     

       
201
       
195
       
 
       
  <section xml:id="opt-services-backup-borgbackup-vorta">

     

       
202
       
202
       
-
       
  <title>Vorta backup client for the desktop</title>

     

       
203
       
203
       
-
       
  <para>

     

       
204
       
204
       
-
       
    Vorta is a backup client for macOS and Linux desktops. It integrates the

     

       
205
       
205
       
-
       
    mighty BorgBackup with your desktop environment to protect your data from

     

       
206
       
206
       
-
       
    disk failure, ransomware and theft.

     

       
207
       
207
       
-
       
  </para>

     

       
208
       
208
       
-
       
  <para>

     

       
209
       
209
       
-
       
   It can be installed in NixOS e.g. by adding <literal>pkgs.vorta</literal>

     

       
210
       
210
       
-
       
   to <xref linkend="opt-environment.systemPackages" />.

     

       
211
       
211
       
-
       
  </para>

     

       
212
       
212
       
-
       
  <para>

     

       
213
       
213
       
-
       
    Details about using Vorta can be found under <link

     

       
214
       
214
       
-
       
      xlink:href="https://vorta.borgbase.com/usage">https://vorta.borgbase.com

     

       
215
       
215
       
-
       
      </link>.

     

       
216
       
216
       
-
       
  </para>

     

       
217
       
217
       
-
       
 </section>

     

       
196
       
196
       
+
       
    <title>Vorta backup client for the desktop</title>

     

       
197
       
197
       
+
       
    <para>

     

       
198
       
198
       
+
       
      Vorta is a backup client for macOS and Linux desktops. It

     

       
199
       
199
       
+
       
      integrates the mighty BorgBackup with your desktop environment to

     

       
200
       
200
       
+
       
      protect your data from disk failure, ransomware and theft.

     

       
201
       
201
       
+
       
    </para>

     

       
202
       
202
       
+
       
    <para>

     

       
203
       
203
       
+
       
      It can be installed in NixOS e.g. by adding

     

       
204
       
204
       
+
       
      <literal>pkgs.vorta</literal> to

     

       
205
       
205
       
+
       
      <xref linkend="opt-environment.systemPackages"></xref>.

     

       
206
       
206
       
+
       
    </para>

     

       
207
       
207
       
+
       
    <para>

     

       
208
       
208
       
+
       
      Details about using Vorta can be found under

     

       
209
       
209
       
+
       
      <link xlink:href="https://vorta.borgbase.com/usage">https://vorta.borgbase.com</link>

     

       
210
       
210
       
+
       
      .

     

       
211
       
211
       
+
       
    </para>

     

       
212
       
212
       
+
       
  </section>

     

       
218
       
213
       
 
       
</chapter>