On machine to be backed up (source machine):
- Ensure borg backup is installed
- Switch to root.
- Make a password-less SSH key
- Create
bin/backup/vars.sh
according to instructions inbin/backup/backup.sh
- Save passphrase somewhere safe and secure, e.g. LastPass
On target machine:
- Make sure borg backup is installed.
- Make sure there's a dedicated user for borg backup
- Add the following line to borg backup user's
.ssh/authorized_keys
command="/usr/local/bin/borg serve --restrict-to-path [repo_path]",no-pty,no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-user-rc [key]
Back on source machine:
- Source
bin/backup/vars.sh
and runborg init -e repokey-blake2
- Schedule
bin/backup.sh
hourly.