Rabjerg/disaster_recovery
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
22 Commits 2 Branches 0 Tags
master
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE

README.MD

Disaster recovery

This repository contains some helper scripts to get you started with making backups to Hetzner storage box and other online storage solution.

Everything is controlled by .env files.

Files

backup.env

copy the file backup.env.sample to backup.env and start configuring it to your liking.

The some important parts are:

BACKUP_PATH="/home"
This is the directory you want to backup.

BACKUP_EXCLUDE="backup_exclude.txt.sample"
This is the "exclude file", more on that later.

export LOGFILE="$LOGPATH/backup_docker.log"
export LASTLOG="$LOGPATH/backup_docker.log.last"

This is the logfiles where the result of the backup is saved. The LASTLOG contains only the result of the last backup, and will be included in the summary email.

PRIVATE_KEY_FILE="./id_ed25519"
The Private key used to access the storage device. This can be generated with the init_backup.sh script. You can also use an excisting file, or generate one by hand with "ssh-keygen -t ed25519"

REPOSITORY_URL="disaster-recovery.example.com"
URL of repository server, that is where your backups are going to be saved. This can ofcourse also be a IP address.

REPOSITORY_DIR="test"
A repository can host several backups, thus we define in what directory on the repository server the backups shoud be saved. This MUST BE UNIQUE for each system you are making backups for.

REPOSITORY_USER="u000000"
What user should be used to authenticate on the backup server.

export BORG_PASSPHRASE="soe4eiCae9ohSij7Aiceesh2ZiphiHoh"
This is your passphrase used to encrypt the backup. If you lose this, you lose EVERYTHING! If someone else gets this, they can potentially access all your data. Keep it safe and secure. DO NOT USE THIS AS YOUR PASSPHRASE. (And no, this is NOT my passphrase, it is some random garbage)

backup_exclude.txt

A file containing files/directories that should NOT be included in the backup, this can be tmpfiles, virtual filesystems or mounted network devices that might not always be there or inflate the backup size.
A good "default" exclude file is included in backup_exclude.txt.sample

init_backup.sh

An interactive helper script to get you started, this includes creating ssh keys, collecting information for your backup.env file and much more.
Have your server/login information ready and follow carefully, if at any point there is issues you should interrupt and correct before retrying.
When everything goes well it will in the end initialize the remote repository for you, once that is done you are ready to take backups once the settings shown are transferred to your .env file.

make_backup.sh

Once repository is initialized with init_backup.sh and your .env file is filled, you can make your first backup.
This file is the "meat" of your backup, it is responsilbe (together with your .env file) for making the backups.
In the end the mail_template.py is called to send you an email, this can be commented out if you want to supress emails (this should be a setting in .env).

mail_template.py

File containing email template as well as subject and list of email recievers.

recivers = ["example@example.com", "example2@example.com"]
subject = f"Backup on \"{HOSTNAME}\", for SERVICE complete."

Recivers is a python list of email addresses, a seperate email will be sent to each reciever.
Subject is the subjectline of the email being sent (surprise!).

It is made to be called by make_backup.sh and expects the LASTLOG environment variable to be set.
LASTLOG points to a a logfile containing only the result of the latest backup done.

secrets.env

Contains mailserver configuration in an oldschool INI file format.

[MAIL]
SERVER = mail.example.com
PORT = 587
USER = service_notify@example.com
PASS = aelaGhuye8Co9cah7aighoo3oongohS4

Just configure your servername, port, username and password. This is setup for SMTP startls authentication.
If you use something else and get it working, let me know.

Allow me to repeat... KEEP THIS SECRET, you don't want someone to abuse your email.

etc/systemd/system/make-backup.service

Systemd service to make backup.
WorkingDirectory= should be the absolute path to where make_backup.sh script is located.
ExecStart= MUST be the absolute path to make_backup.sh

etc/systemd/system/make-backup.timer

Systemd timer to trigger backup.
When backups are made is defined in the line:
OnCalendar= 04:00
This currently does a backup at 04:00 every day, it could also be expressed by OnCalendar=daily but this would always trigger at 00:00:00
See man systemd.time for more how to configure OnCalendar events.

Systemd service+timer install

Configure the trigger in the .timer, remember to change "Description" in both .service and .timer.

systemd-analyze verify make-backup.*
Have systemd verify that the files are correct before continueing.
If there is any errors, FIX THOSE FIRST!

cp make-backup.* /etc/systemd/system/.
Copy the files to /etc/systemd/system.

systemctl daemon-reload
Have systemd track the files you just added.

systemctl start make-backup.service
Trigger the backup via systemd to verify that everything is working as expected.

systemctl enable make-backup.timer --now
If the .service works and makes backups as wanted you can now enable the .timer.

DONE!!

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 77 KiB
Languages
Shell 71.4%
Python 28.6%