How to backup your YunoHost server on another server

,

Finally I came to avoid all the traps and found an (almost) clean and up to date solution to backup Camille’s server on Sam’s server (which is NOT a yunohost machine)

My home setup is:

  • a Yunohost server (Camille)
  • a borg backup server (Sam), which is in charge to backup everything on all my devices into encrypted borg repositories. This server is a raspberry pi and is NOT a yunohost machine.
  • then, after the borg operations all the backups are sent to my personal OVH cloud with https://rclone.org/

On Camille’s server:

Indicate the server where you want put your backups: sam.local
Indicate the ssh user to use to connect on this server: camille
Indicate a strong passphrase, that you will keep preciously if you want to be able to use your backups: N0tAW3akp4ssw0rdYoloMacN!guets
Would you like to backup your YunoHost configuration ? [0 | 1] (default: 1):
Would you like to backup mails and user home directory ? [0 | 1] (default: 1):
Which apps would you backup (list separated by comma or 'all') ? (default: all):
Indicate the backup frequency (see systemd OnCalendar format) (default: Daily):
  • Print the Alice’s public key with sudo cat /root/.ssh/id_borg_ed25519.pub

Then, on Sam’s server:

  • adduser camille --quiet --gecos ",,," --shell /bin/bash --disabled-password. Of course, replace camille by the user set previously :wink:
  • Allow Camille to connect on Sam’s server
sudo mkdir /home/camille/.ssh
sudo touch /home/camille/.ssh/authorized_keys
sudo echo "command=\"borg serve --storage-quota <the_quota_you_want> --restrict-to-repository <the_path_you_want>",no-pty,no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-user-rc <camille's publickey>" >> /home/camille/.ssh/authorized_keys

And that’s all!
On camille server, you can test the system with the command sudo yunohost backup create -n test --methods borg_app --debug

Now, some tips which could help:

  • if during the backup a password is requested to connect on Sam’s server, it means there is an issue with the command command in the authorized_keys file. In this case, you can edit the file with sudo nano /home/camille/.ssh/authorized_keys, delete the line and simply put the Camille’s key.
    I don’t know why it doesn’t work for me. Even the simplest command available everywhere on internet as an example like command=date [...] fails…:frowning: If you have an idea please tell me! :pray:
    :warning: By removing the command, you allow Camille to execute any command on Sam’s server, and not only a borg command. It’s safe if both machines are yours, otherwise you have to highly trust your mates :wink: :warning:
  • In my case the Camille’s home repository is located on the SD card of my raspberrypi. Because you can’t change the location of the setup when you install borg_ynh, you can do a mount bind in your /etc/fstab or add a symlink on an external usb drive (example: sudo ln -s /media/usbdisk/data/YunohostBackup /home/camille/backup.
    :warning: In this case you have to be careful about the owner of the backup folder, it must be camille (and not root or someone else) or you will have a backtrace like :warning:
47820 ERROR Échec de l’exécution du script : /etc/yunohost/hooks.d/backup_method/05-borg_app
Traceback (most recent call last):
  File "/usr/lib/moulinette/yunohost/hook.py", line 283, in hook_callback
    no_trace=no_trace, raise_on_error=True)[1]
  File "/usr/lib/moulinette/yunohost/hook.py", line 397, in hook_exec
    raise YunohostError('hook_exec_failed', path=path)
YunohostError: Échec de l’exécution du script : /etc/yunohost/hooks.d/backup_method/05-borg_app

Polochon :tropical_fish:

3 Likes

Hi all,

It seems that the .nobackup file trick (to avoid a directory from being backed up by ynh) does not work anymore (on my 3.8 raspian). Any clue from the team ?

I can provide logs as needed.

Hello all,
thank you for this tutorial and apps which look amazing.

I’m considering following that path but before I’d love to understand how does it compare to scheduling a regular copy of latest local backup to a remote storage (s3) please :slight_smile:

Bonjour, si j’ai bien compris, je peux sauvegarder avec ce tuttoriel les backups d’un serveur Yunohost hébergé sur un serveur dédié sur un serveur Yunohost hébergé chez moi, les deux serveurs ayant chacun des configurations différentes, c’est bien ça ?

oui, mais il est fortement recommandé d’utiliser les apps borg et borgserver.