Backups with Borg#
System and user data are backed up once a day at 5am. CLUB1’s backups are based on Borg and Borgmatic. They are thus stored in a deduplicated and encrypted manner in several places including an off-site repository offered by Etienne Le Louët (self-hosted Debian server in Paris).
These are incremental backups with the following retention policy:
7 daily backups
4 weekly backups
The oldest backup kept is therefore about 1 month old and each day of the last week is accessible. In case of hardware failure, a maximum of 24 hours of data will be lost. The successful completion of backups is verified using the Healthchecks.io service
Backups are divided into four groups:
System for server configuration and application files.
MariaDB for MariaDB databases.
Postgres for PostgreSQL databases.
Userdata for the data of the personal space (
homefolder).
See also
The journal article: Sauvegardes (in French)
Restoration process#
This section describes the total restoration of the system by reinstalling all software from zero.
1. Installation du système#
Language : English
Location : Europe/France
Locale : en-US
Hostname : club1.fr
Root password :
First user : Any username/password
Partitionning : Guided (All files in one partition) + 16Go Swap
Mirrors : deb.debian.org
Popcon : yes
Software : SSH server, Standard system utilities
2. Étapes préparatoires#
This phase must be done with the user root.
2.1. General preparations#
dpkg-reconfigure locales
Then select locals en-GB, en-US and fr-FR in UTF-8. Mainly for not having error messages in the following steps.
apt install vim borgbackup screen
mkdir ~/.ssh
echo "nas.jeanpierre.moe ecdsa-sha2-nistp256 \
AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIdzQyGgLl9YgPVGey\
CxRnOdswraNagx6xSFROaxjTjrM2WwXlFhxLXOxounGKUYBA2l5McCgNh8cneJjKOunmQ=" \
>> ~/.ssh/known_hosts
2.2. Pre-restauration of specific files#
borg list club1@nas.jeanpierre.moe:backups/system
Then replace ARCHIVE with the desired archive identifier from the above list. The most recent one is at the bottom left.
cd / && borg extract club1@nas.jeanpierre.moe:backups/system::ARCHIVE \
etc/shadow etc/passwd etc/group etc/gshadow root/apt-packages.txt \
etc/borgmatic.d/system.yaml root/.ssh
Two passwords will be requested: that of SSH then that of the archive.
3. Installation des paquets#
This phase must be done with the user root.
mkdir /etc/systemd/system-preset
echo 'disable *' > /etc/systemd/system-preset/disable-all.preset
apt install extrepo
extrepo enable grafana
extrepo enable jellyfin
extrepo enable matrix
extrepo enable element.io
apt update
# screen (~= 20min)
cat /root/apt-packages.txt | DEBIAN_FRONTEND=noninteractive xargs apt install --no-install-recommends -y
4. Restauration totale#
This phase must be done with the user root.
4.1. system archive and etc folder#
cp /etc/fstab /root
# screen (~= 40min)
borgmatic extract --archive latest --repository=club1@nas.jeanpierre.moe:backups/system --destination /
cd /etc
git add . && git reset --hard master
etckeeper init
cp /root/fstab /etc
git add -p && git commit
systemctl daemon-reload
4.2. Base de données LDAP#
systemctl stop slapd
slapadd -l /root/ldap_data.ldif && chown -R openldap:openldap /var/lib/ldap
systemctl restart slapd nslcd
4.3. Base de données des alias email#
newaliases
postmap hash:/etc/aliases_senders
chmod g+w /etc/aliases*.db
4.4. Bases de données MariaDB#
systemctl start mariadb
# screen (~= 20min)
borgmatic restore --archive latest --repository=club1@nas.jeanpierre.moe:backups/mariadb
mariadb < /root/mariadb-users.sql
4.5. Bases de données Postgres#
systemctl start postgresql
sudo -u postgres psql -c 'create role root with superuser login;'
sudo -u postgres psql -c 'create database root with owner root;'
# screen (~= 6h)
borgmatic restore --archive latest --repository=club1@nas.jeanpierre.moe:backups/postgres
4.6. Finalisation#
rm -rf /home/*
reboot