• Backups
• Cox home network facts
• Dotfiles
  • Neovim's Lazy.vim
  • Zsh
    • OS Detection
    • Parsing options
    • Startup performance
• Email
  • Running sieve locally
  • Sieve
• Fun Holidays
• Gaming
  • Mobile Games
• Gaming PC Hardware
• Gitlab
  • Automatically adding UptimeRobot to Gitlab's monitoring whitelist with ansible
  • Caching CI stuff with Minio
  • Fixing SAML association for a Gitlab user
  • Having a little fun with Gitlab's join date
• Good RFC
• Homelab
  • AUR Repo
  • Bootstrap
    • (NAS) Garage S3
    • Dedicated Server
    • IOFlood (Netherite)
    • Soft Serve
    • Synology NAS
    • ntfy.sh
  • Step-CA
  • Tech Stack
  • VLANs
• IPv6
• Kubernetes
  • Get Root CA
  • New SSH Fingerprints to Flux
  • Talos OIDC setup
• Linux
  • Backups
  • Desktop Customization
  • Disabling WiFi
  • Getting disk serial number
  • Monitoring
  • Non-root users can ping
  • Pacman hooks
  • PowerDNS administration
  • Reboot Criteria
  • Systemd version via DBus
  • Text-to-speech locally
• MacOS
  • Local backups
• Meta - Digital Garden
• Meta - Test Page
• OpenID Connect
• Packing List
• Ruby
  • Fixing Fakeweb & Coveralls conflict
  • Generating a webpage screenshot
• SQLite Booleans
• Security
  • Password reset via HMAC
• Smarthome
• Web Design
  • Icon Libraries
  • SVG Icons
  • Various Ideas

• What do I include in my generic Linux system backups?

  • etckeeper is used to track the changes of /etc over time
  • hostname and system timezone
    • retrieved using systemd’s hostnamectl --json=pretty & timedatectl show --all
  • Arch-specific stuff:
    • list of pacman packages installed
      • TODO: Build a script that runs the various dependency list generators (explicit vs dependency install, foreign packages) on pacman hook
    • as well as the local pacman package database
    • /var/log/pacman.log to help with some forms of database restoration
  • list of systemd units & timers
  • dkms modules installed
  • dump of partition scheme (using sfdisk -d /dev/foo)
  • kernel cmdline boot arguments
  • /usr/local and /srv generally
  • /var/spool/cron since sometimes those get added, but they really should be systemd timers
  • /var/local and /var/opt for other crap I’ve added to the system

• There are other applications that I commonly install on my systems that also need to be backed up:

  • etckeeper (mentioned above) can produce a git bundle of /etc: GIT_DIR=/etc/.git git bundle create foo.bundle HEAD
  • tailscale is connecting all of my nodes together, so copy /var/lib/tailscale/tailscaled.state
  • A list of containers from the Docker, a CSV file consisting of the name of the container, the name of the OCI image it’s running, and the exact digest of the image
    • I have a Ruby script on etherium to build this, at /home/colin/code/homelab/scripts/docker-image-save.rb

Setting up borg & borgmatic on Arch Linux storing on Synology NAS

Major pages that helped me a lot in getting my backups done were the Arch Linux Wiki and Borg FAQ.

Inspiration for my Ansible role came from some open source code on Github:

• imp1sh/ansible_managemynetwork roles/ansible_borgmatic/tasks/5ssh.yml
• joshkreud/ansible-role-borgmatic tasks/main.yml
• maxhoesel-ansible/ansible-collection-borgbackup roles/borgmatic/tasks/config_ssh_known_hosts.yml

Using borg means having it installed both on the client and on the server you’re backing up to.
There’s a bunch of documentation on installing borg & borgmatic on a Synology NAS.

• borgbase has a gudie
• @nuxx has two blog posts, for DSM 6.2
  and DSM 7.0
• And Hersh has an awesome blog post about using Borgmatic with Arch Linux

Running borgmatic commands outside of systemd

I schedule borgmatic to run automatically via a systemd timer.
Need to be able to run borgmatic commands occasionally.
You can override a setting via command-line parameters to get around not having access to systemd credentials:

sudo borgmatic --override 'encryption_passcommand=systemd-creds decrypt /etc/credstore.encrypted/borg_passphrase' list

Backlinks

• Backups