Finally I came to avoid all the traps and found an (almost) clean and up to date solution to backup Camille’s server on Sam’s server (which is NOT a yunohost machine)
My home setup is:
- a Yunohost server (Camille)
- a borg backup server (Sam), which is in charge to backup everything on all my devices into encrypted borg repositories. This server is a raspberry pi and is NOT a yunohost machine.
- then, after the borg operations all the backups are sent to my personal OVH cloud with https://rclone.org/
On Camille’s server:
- follow the instructions on https://github.com/YunoHost-Apps/borg_ynh/blob/master/README.md
Indicate the server where you want put your backups: sam.local
Indicate the ssh user to use to connect on this server: camille
Indicate a strong passphrase, that you will keep preciously if you want to be able to use your backups: N0tAW3akp4ssw0rdYoloMacN!guets
Would you like to backup your YunoHost configuration ? [0 | 1] (default: 1):
Would you like to backup mails and user home directory ? [0 | 1] (default: 1):
Which apps would you backup (list separated by comma or 'all') ? (default: all):
Indicate the backup frequency (see systemd OnCalendar format) (default: Daily):
- Print the Alice’s public key with
sudo cat /root/.ssh/id_borg_ed25519.pub
Then, on Sam’s server:
-
adduser camille --quiet --gecos ",,," --shell /bin/bash --disabled-password
. Of course, replacecamille
by the user set previously - Allow Camille to connect on Sam’s server
sudo mkdir /home/camille/.ssh
sudo touch /home/camille/.ssh/authorized_keys
sudo echo "command=\"borg serve --storage-quota <the_quota_you_want> --restrict-to-repository <the_path_you_want>",no-pty,no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-user-rc <camille's publickey>" >> /home/camille/.ssh/authorized_keys
And that’s all!
On camille server, you can test the system with the command sudo yunohost backup create -n test --methods borg_app --debug
Now, some tips which could help:
- if during the backup a password is requested to connect on Sam’s server, it means there is an issue with the
command
command in theauthorized_keys
file. In this case, you can edit the file withsudo nano /home/camille/.ssh/authorized_keys
, delete the line and simply put the Camille’s key.
I don’t know why it doesn’t work for me. Even the simplest command available everywhere on internet as an example likecommand=date [...]
fails… If you have an idea please tell me!
By removing thecommand
, you allow Camille to execute any command on Sam’s server, and not only a borg command. It’s safe if both machines are yours, otherwise you have to highly trust your mates - In my case the Camille’s home repository is located on the SD card of my raspberrypi. Because you can’t change the location of the setup when you install borg_ynh, you can do a
mount bind
in your/etc/fstab
or add a symlink on an external usb drive (example:sudo ln -s /media/usbdisk/data/YunohostBackup /home/camille/backup
.
In this case you have to be careful about the owner of the backup folder, it must be camille (and not root or someone else) or you will have a backtrace like
47820 ERROR Échec de l’exécution du script : /etc/yunohost/hooks.d/backup_method/05-borg_app
Traceback (most recent call last):
File "/usr/lib/moulinette/yunohost/hook.py", line 283, in hook_callback
no_trace=no_trace, raise_on_error=True)[1]
File "/usr/lib/moulinette/yunohost/hook.py", line 397, in hook_exec
raise YunohostError('hook_exec_failed', path=path)
YunohostError: Échec de l’exécution du script : /etc/yunohost/hooks.d/backup_method/05-borg_app
Polochon