Rabjerg/disaster_recovery
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
1f0d4b79c7a1f666d71cd6c0436dd941c2f05f75
disaster_recovery/README.MD
Adam Rabjerg 1f0d4b79c7 README, backup_exclude.txt
2021-03-22 21:32:40 +01:00

130 lines
4.6 KiB
Markdown
Raw Blame History

# Disaster recovery
This repository contains some helper scripts to get you started with making backups to Hetzner storage box and other online storage solution.
Everything is controlled by .env files.
### Files
#### backup.env
copy the file backup.env.sample to backup.env and start configuring it to your liking.
The some important parts are:
```BACKUP_PATH="/home"```
This is the directory you want to backup.
``` BACKUP_EXCLUDE="backup_exclude.txt.sample" ```
This is the "exclude file", more on that later.
```
export LOGFILE="$LOGPATH/backup_docker.log"
export LASTLOG="$LOGPATH/backup_docker.log.last"
```
This is the logfiles where the result of the backup is saved.
The LASTLOG contains only the result of the last backup, and will be included in the summary email.
```PRIVATE_KEY_FILE="./id_ed25519"```
The Private key used to access the storage device.
This can be generated with the init_backup.sh script.
You can also use an excisting file, or generate one by hand with "ssh-keygen -t ed25519"
```REPOSITORY_URL="disaster-recovery.example.com"```
URL of repository server, that is where your backups are going to be saved.
This can ofcourse also be a IP address.
```REPOSITORY_DIR="test"```
A repository can host several backups, thus we define in what directory on the repository server the backups shoud be saved.
This MUST BE UNIQUE for each system you are making backups for.
```REPOSITORY_USER="u000000"```
What user should be used to authenticate on the backup server.
``` export BORG_PASSPHRASE="soe4eiCae9ohSij7Aiceesh2ZiphiHoh"```
This is your passphrase used to encrypt the backup.
If you lose this, you lose EVERYTHING!
If someone else gets this, they can potentially access all your data.
Keep it safe and secure.
DO NOT USE THIS AS YOUR PASSPHRASE.
(And no, this is NOT my passphrase, it is some random garbage)
### backup_exclude.txt
A file containing files/directories that should NOT be included in the backup, this can be tmpfiles, virtual filesystems or mounted network devices that might not always be thre or inflate the backup size.
A good "default" exclude file is included in ```backup_exclude.txt.sample```
### init_backup.sh
Todo
### make_backup.sh
Todo
### mail_template.py
File containing email template as well as subject and list of email recievers.
```
recivers = ["example@example.com", "example2@example.com"]
subject = f"Backup on \"{HOSTNAME}\", for SERVICE complete."
```
Recivers is a python list of email addresses, a seperate email will be sent to each reciever.
Subject is the subjectline of the email being sent (surprise!).
It is made to be called by ```make_backup.sh``` and expects the LASTLOG environment variable to be set.
LASTLOG points to a a logfile containing only the result of the latest backup done.
### secrets.env
Contains mailserver configuration in an oldschool INI file format.
```
[MAIL]
SERVER = mail.example.com
PORT = 587
USER = service_notify@example.com
PASS = aelaGhuye8Co9cah7aighoo3oongohS4
```
Just configure your servername, port, username and password.
This is setup for SMTP startls authentication.
If you use something else and get it working, let me know.
Allow me to repeat... KEEP THIS SECRET, you don't want someone to abuse your email.
### etc/systemd/system/make-backup.service
Systemd service to make backup.
```WorkingDirectory=``` should be the absolute path to where ```make_backup.sh``` script is located.
```ExecStart=``` *MUST* be the absolute path to ```make_backup.sh```
### etc/systemd/system/make-backup.timer
Systemd timer to trigger backup.
When backups are made is defined in the line:
```OnCalendar= 04:00```
This currently does a backup at 04:00 every day, it could also be expressed by ```OnCalendar=daily``` but this would always trigger at ```00:00:00```
See ```man systemd.time``` for more how to configure OnCalendar events.
### Systemd service+timer install
Configure the trigger in the .timer, remember to change "Description" in both .service and .timer.
```systemd-analyze verify make-backup.*```
Have systemd verify that the files are correct before continueing.
If there is any errors, FIX THOSE FIRST!
```cp make-backup.* /etc/systemd/system/.```
Copy the files to /etc/systemd/system.
```systemctl daemon-reload```
Have systemd track the files you just added.
```systemctl start make-backup.service```
Trigger the backup via systemd to verify that everything is working as expected.
```systemctl enable make-backup.timer --now```
If the .service works and makes backups as wanted you can now enable the .timer.
DONE!!
Reference in New Issue View Git Blame Copy Permalink