Finally I came to avoid all the traps and found an (almost) clean and up to date solution to backup Camille’s server on Sam’s server (which is NOT a yunohost machine)
My home setup is:
- a Yunohost server (Camille)
- a borg backup server (Sam), which is in charge to backup everything on all my devices into encrypted borg repositories. This server is a raspberry pi and is NOT a yunohost machine.
- then, after the borg operations all the backups are sent to my personal OVH cloud with https://rclone.org/
On Camille’s server:
- follow the instructions on https://github.com/YunoHost-Apps/borg_ynh/blob/master/README.md
Indicate the server where you want put your backups: sam.local Indicate the ssh user to use to connect on this server: camille Indicate a strong passphrase, that you will keep preciously if you want to be able to use your backups: N0tAW3akp4ssw0rdYoloMacN!guets Would you like to backup your YunoHost configuration ? [0 | 1] (default: 1): Would you like to backup mails and user home directory ? [0 | 1] (default: 1): Which apps would you backup (list separated by comma or 'all') ? (default: all): Indicate the backup frequency (see systemd OnCalendar format) (default: Daily):
- Print the Alice’s public key with
sudo cat /root/.ssh/id_borg_ed25519.pub
Then, on Sam’s server:
adduser camille --quiet --gecos ",,," --shell /bin/bash --disabled-password. Of course, replace
camilleby the user set previously
- Allow Camille to connect on Sam’s server
sudo mkdir /home/camille/.ssh sudo touch /home/camille/.ssh/authorized_keys sudo echo "command=\"borg serve --storage-quota <the_quota_you_want> --restrict-to-repository <the_path_you_want>",no-pty,no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-user-rc <camille's publickey>" >> /home/camille/.ssh/authorized_keys
And that’s all!
On camille server, you can test the system with the command
sudo yunohost backup create -n test --methods borg_app --debug
Now, some tips which could help:
- if during the backup a password is requested to connect on Sam’s server, it means there is an issue with the
commandcommand in the
authorized_keysfile. In this case, you can edit the file with
sudo nano /home/camille/.ssh/authorized_keys, delete the line and simply put the Camille’s key.
I don’t know why it doesn’t work for me. Even the simplest command available everywhere on internet as an example like
command=date [...]fails… If you have an idea please tell me!
By removing the
command, you allow Camille to execute any command on Sam’s server, and not only a borg command. It’s safe if both machines are yours, otherwise you have to highly trust your mates
- In my case the Camille’s home repository is located on the SD card of my raspberrypi. Because you can’t change the location of the setup when you install borg_ynh, you can do a
mount bindin your
/etc/fstabor add a symlink on an external usb drive (example:
sudo ln -s /media/usbdisk/data/YunohostBackup /home/camille/backup.
In this case you have to be careful about the owner of the backup folder, it must be camille (and not root or someone else) or you will have a backtrace like
47820 ERROR Échec de l’exécution du script : /etc/yunohost/hooks.d/backup_method/05-borg_app Traceback (most recent call last): File "/usr/lib/moulinette/yunohost/hook.py", line 283, in hook_callback no_trace=no_trace, raise_on_error=True) File "/usr/lib/moulinette/yunohost/hook.py", line 397, in hook_exec raise YunohostError('hook_exec_failed', path=path) YunohostError: Échec de l’exécution du script : /etc/yunohost/hooks.d/backup_method/05-borg_app