๐ Stupid simple local backups with systemd, Borg and microSD card.
๐ก Newskategorie: Linux Tipps
๐ Quelle: reddit.com
My Thinkpad has a nice flushed SD card slot I don't use for anything in particular. I also had a pretty decent microSD card laying around. Well... until now. If you don't have a card buy a fast Samsung or Sandisk in whatever size you want. Mine is 16GB and it's plenty enough for documents and scripts etc.
[disclaimer] this is only a local laptop backup protecting mostly from accidental data removal and providing some historic data. For anything serious you still want a real backup, preferably 3-2-1. This info is provided as-is with no warranty of any kind.
Create the necessary files:
For those who don't know .timer unit is like a `cron` on steroids. This one will run a job once a day (OnCalendar=daily) and imminently after wakeup/boot if it's past the schedule (Persistent=true).
[root@x260 ~]# cat /etc/systemd/system/borg-backup.timer [Unit] Description=Run Borg backup daily [Timer] OnCalendar=daily Persistent=true AccuracySec=1h [Install] WantedBy=timers.target
This is the actual .service unit called by the .timer (notice the file names). systemd automatically find the coresponding service file based on the names. It'll automatically mount what's needed. For that we need next thing.
[root@x260 ~]# cat /etc/systemd/system/borg-backup.service [Unit] Description=Borg Backup RequiresMountsFor=/mnt/backup [Service] Type=oneshot ExecStart=/root/borg.sh
This one is needed to have the mounting binded to service. It'll unmount device after the job is done (StopWhenUnneeded=true). The idea here is to have backups hidden from accidental removal by the user. Change the UUID to match your device.
[root@x260 ~]# cat /etc/systemd/system/mnt-backup.mount [Unit] StopWhenUnneeded=true BindsTo=borg-backup.service [Mount] What=/dev/disk/by-uuid/aba306f6-aaea-4374-aa6c-8af637fe4e8d Where=/mnt/backup Type=ext4
Create backup directory.
# mkdir /mnt/backup # chmod 650 /mnt/backup
Setup a borg repo on the card. Create borg script in /root. Everything is explained here: https://borgbackup.readthedocs.io/en/stable/quickstart.html
I used mostly the default script from the link with minor tweaks. Change `BORG_REPO` to local path (in my case /mnt/backup/borg_backups/). Change paths. Exclude ~/Downloads, ~/.local, ~/.cache. Remember to make script executable.
Protip: Add this variable so the job won't fail even if you start playing around with the Borg repo under a different path.
#For "Warning: The repository at location ... was previously located at ..." export BORG_RELOCATED_REPO_ACCESS_IS_OK=yes
If you want to play around the recovery mount it manually under different path (e.g. /mnt/recovery) because /mnt/backup (in this example) will be automatically unmounted by systemd (becasue it's not needed by the service, duh). Or you know, mask the service and mount units. Should do the trick.
Bonus: add entry to /etc/fstab so the card won't be mountable from DE or by the user (systemd will the the magic behind the scenes).
UUID=aba306f6-aaea-4374-aa6c-8af637fe4e8d /mnt/backup ext4 noauto,nouser,nofail,x-systemd.device-timeout=1ms 0 2
I was looking at udev and other means on how to protect the card from hypothetical rm -rf or hypothetical ransomware from the level of regular user but the fstab does seems to do the trick.
Enable the timer:
systemctl enable borg-backup.timer
You can run backups ad-hoc:
systemctl start borg-backup.service
If I didn't forget anything it'll work. Check the logs:
journalctl -u borg-backup
Enjoy.
[link] [comments] ...