first commit

README.prerequisites

@@ -0,0 +1,136 @@
+# ==========
+# Preparation / Prerequisites
+# ==========
+
+BORG_HOST="o26.oopen.de"
+BORG_REPO="/backup/cl-fm"
+BORG_PASSPHRASE='wweK/m.xV-g3oI-7WM/pejTP'
+
+SSH_USER="borg"
+SSH_PORT=22
+SSH_IDENTITY_FILE="/root/.ssh/id_ed25519-borg-backup"
+
+export BORG_RSH='ssh -i /root/.ssh/id_ed25519-borg-backup'
+export SSH_USER
+export BORG_PASSPHRASE
+
+# --- 
+# see:
+#
+#     https://www.c-rieger.de/nextcloud-borg-backup-zur-hetzner-storage-box
+#     https://borgbackup.readthedocs.io/en/stable/quickstart.html
+# ---
+
+
+# ==========
+# Preparations Server
+# ==========
+
+# preparation on the backup server (o26.oopen.de)
+# ===============================================
+#
+# 1. On Backup Server create a user which is used to push the backups to the server
+#  
+#     backup-user:   borg
+#     backup-group:  borg
+#
+#
+# 2 Create a backup repository:
+#
+#  client-identifier: cl-fm
+#
+#     mkdir -p /backup/<client-identifier>
+#
+#
+# 3. Backup user must have full write permissions to the backup repostitories
+#
+#     chown <backup-user>:<backup-group> /data/backup/<client-identifier>
+#
+# 4. Prevent repository directory from being deleted
+#
+#     chattr +i /data/backup/<client-identifier>
+#
+mkdir -p "${BORG_REPO}"
+chown ${SSH_USER}:${SSH_USER} "${BORG_REPO}"
+chattr +i "$(dirname "${BORG_REPO}")"
+
+
+
+# ==========
+# Preparations Client
+# ==========
+
+
+# preparation on the backup client (cl-fm.oopen.de
+# ================================================
+#
+# 1. Install Borg Backup (on the client) using 'apt install'
+#
+#     apt install -y -t stable-backports borgbackup python3-llfuse
+#
+#
+# 2. Generate a SSH Key (as root without passphrase) to connect to the backup server:
+#
+#     ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519-borg-backup
+#
+#     Note: 
+#        Dont't forget pusching the key to the servers authorized_key file of
+#        the remote backup user
+#
+#  
+# 3. create file /root/.ssh/config ti store ssh connection parameters
+#  
+#     BORG_HOST="o26.oopen.de"
+#     SSH_USER="borg"
+#     SSH_IDENTITY_FILE="/root/.ssh/id_ed25519-borg-backup"
+#  
+#     cat << EOF > /root/.ssh/config
+#     host ${BORG_HOST}
+#        User ${SSH_USER}
+#        IdentityFile ${SSH_IDENTITY_FILE}
+#        StrictHostKeyChecking no
+#        LogLevel FATAL
+#     EOF
+#
+apt install -y -t stable-backports borgbackup python3-llfuse
+ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519-borg-backup
+cat << EOF > /root/.ssh/config
+host ${BORG_HOST}
+   User ${SSH_USER}
+   IdentityFile ${SSH_IDENTITY_FILE}
+   StrictHostKeyChecking no
+   LogLevel FATAL
+EOF
+
+
+
+# Initialize backup
+# =================
+#
+#     export SSH_USER="borg"
+#     export BORG_HOST="o26.oopen.de"
+#     export SSH_PORT="22"
+#     export BORG_PASSPHRASE="wweK/m.xV-g3oI-7WM/pejTP"
+#     
+#     export BORG_REPO="/data/backup/cl-fm"
+#
+#     borg init --encryption=repokey ssh://${SSH_USER}@${BORG_HOST}:${SSH_PORT}${BACKUP_REPOSITORY}
+#
+#  Outpu of of borg initializing was:
+#
+#     By default repositories initialized with this version will produce security
+#     errors if written to with an older version (up to and including Borg 1.0.8).
+#
+#     If you want to use these older versions, you can disable the check by running:
+#      borg upgrade --disable-tam ssh://borg@o26.oopen.de:22//data/backup/cl-fm
+#
+#     See https://borgbackup.readthedocs.io/en/stable/changes.html#pre-1-0-9-manifest-spoofing-vulnerability 
+#     for details about the security implications.
+#
+#     IMPORTANT: you will need both KEY AND PASSPHRASE to access this repo!
+#     If you used a repokey mode, the key is stored in the repo, but you should back it up separately.
+#     Use "borg key export" to export the key, optionally in printable format.
+#     Write down the passphrase. Store both at safe place(s).
+#     
+borg init --encryption=repokey ssh://${SSH_USER}@${BORG_HOST}:${SSH_PORT}${BORG_REPO}
+