Background

A good backup is not one single backup, but rather a system of making sure backups are working over time.

Threats

List of primary threats to your data:

• Hardware failures
• Ransomware

Threat mitigation

What can be done about the primary threats?

Tools

Borg & borgmatic are the tools.

Destinations

It is always good to have multiple destinations for your backups:

• One can be local for fast restores
• One should be remote to protect from physical local accidents
• One could be write once-protected
• One could be cloud based

Cloud storage providers

You could use quite a few different destinations to ensure data is available during a crisis situation.

Recommended providers:

• Hetzner storage box

Technical solution

Prepare sources

MacOS

brew install borgbackup
brew install borgmatic

Debian based Linux (incl. Ubuntu)

apt update && apt upgrade -y
apt install python3-pip -y
pip install borgbackup
pip install borgmatic

Prepare destinations

Hetzner storagebox

• Create storagebox
• Create sub-user
• Create authenticated_keys with public key in .ssh

Borg repository

On source system, as the user that are to run the backups

borg init -e repokey ssh://[email protected]:23/home/hostname.borg

Borgmatic config

Create empty config file from template:

generate-borgmatic-config

Edit the file /etc/borgmagic/config.yaml.

Important config variables

• the source section
• the destination section
• encryption_passphrase
• the storage section with retention parameters.

First backup

Run:

borgmatic -v 1

Verify that no error messages occur during the backup.

Schedule automatic backup

Setup a cron job i crontab.