How to backup your YunoHost server on another server

Discuss Tutorials
,
22

Finally I came to avoid all the traps and found an (almost) clean and up to date solution to backup Camille’s server on Sam’s server (which is NOT a yunohost machine)

My home setup is:

  • a Yunohost server (Camille)
  • a borg backup server (Sam), which is in charge to backup everything on all my devices into encrypted borg repositories. This server is a raspberry pi and is NOT a yunohost machine.
  • then, after the borg operations all the backups are sent to my personal OVH cloud with https://rclone.org/

On Camille’s server:

Indicate the server where you want put your backups: sam.local
Indicate the ssh user to use to connect on this server: camille
Indicate a strong passphrase, that you will keep preciously if you want to be able to use your backups: N0tAW3akp4ssw0rdYoloMacN!guets
Would you like to backup your YunoHost configuration ? [0 | 1] (default: 1):
Would you like to backup mails and user home directory ? [0 | 1] (default: 1):
Which apps would you backup (list separated by comma or 'all') ? (default: all):
Indicate the backup frequency (see systemd OnCalendar format) (default: Daily):
  • Print the Alice’s public key with sudo cat /root/.ssh/id_borg_ed25519.pub

Then, on Sam’s server:

  • adduser camille --quiet --gecos ",,," --shell /bin/bash --disabled-password. Of course, replace camille by the user set previously :wink:
  • Allow Camille to connect on Sam’s server
sudo mkdir /home/camille/.ssh
sudo touch /home/camille/.ssh/authorized_keys
sudo echo "command=\"borg serve --storage-quota <the_quota_you_want> --restrict-to-repository <the_path_you_want>",no-pty,no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-user-rc <camille's publickey>" >> /home/camille/.ssh/authorized_keys

And that’s all!
On camille server, you can test the system with the command sudo yunohost backup create -n test --methods borg_app --debug

Now, some tips which could help:

  • if during the backup a password is requested to connect on Sam’s server, it means there is an issue with the command command in the authorized_keys file. In this case, you can edit the file with sudo nano /home/camille/.ssh/authorized_keys, delete the line and simply put the Camille’s key.
    I don’t know why it doesn’t work for me. Even the simplest command available everywhere on internet as an example like command=date [...] fails…:frowning: If you have an idea please tell me! :pray:
    :warning: By removing the command, you allow Camille to execute any command on Sam’s server, and not only a borg command. It’s safe if both machines are yours, otherwise you have to highly trust your mates :wink: :warning:
  • In my case the Camille’s home repository is located on the SD card of my raspberrypi. Because you can’t change the location of the setup when you install borg_ynh, you can do a mount bind in your /etc/fstab or add a symlink on an external usb drive (example: sudo ln -s /media/usbdisk/data/YunohostBackup /home/camille/backup.
    :warning: In this case you have to be careful about the owner of the backup folder, it must be camille (and not root or someone else) or you will have a backtrace like :warning: 
47820 ERROR Échec de l’exécution du script : /etc/yunohost/hooks.d/backup_method/05-borg_app
Traceback (most recent call last):
  File "/usr/lib/moulinette/yunohost/hook.py", line 283, in hook_callback
    no_trace=no_trace, raise_on_error=True)[1]
  File "/usr/lib/moulinette/yunohost/hook.py", line 397, in hook_exec
    raise YunohostError('hook_exec_failed', path=path)
YunohostError: Échec de l’exécution du script : /etc/yunohost/hooks.d/backup_method/05-borg_app

Polochon :tropical_fish:

3 Likes