diff --git a/borg/bin/backup b/borg/bin/backup index dc98207..4762c2e 100755 --- a/borg/bin/backup +++ b/borg/bin/backup @@ -19,10 +19,11 @@ ## ################################################################################# - +ERRORLOG='/var/log/borg/error.log' +LOGGING=error # Check if running as root if [ "$EUID" -ne 0 ]; then - printf "Error: This script must be run as root (or via sudo).\n" + printf "Error: This script must be run as root (or via sudo).\n" | tee -a $ERRORLOG exit 1 fi @@ -34,7 +35,7 @@ if [ -f /opt/borg/etc/borg_environment ]; then # Ensure the variables sourced from the file are exported to child processes export BORG_REPO BORG_PASSPHRASE else - printf "Error: /opt/borg/etc/borg_environment not found.\n" + printf "Error: /opt/borg/etc/borg_environment not found.\n" | tee -a $ERRORLOG exit 1 fi @@ -54,34 +55,39 @@ borg create \ --compression lz4 \ --exclude-caches \ --exclude 'home/*/.cache/*' \ + --exclude 'var/log/journal' \ + --exclude 'var/log/borg' \ --exclude 'var/tmp/*' \ --exclude 'var/games' \ + --exclude 'home/*/.var/app' \ --exclude 'home/*/Media' \ - --progress \ ::'{hostname}-{now}' \ /etc \ /home \ /root \ /var \ - /opt + /opt \ + 2> >(tee -a $ERRORLOG >&2) backup_exit=$? # 2. Prune old backups info "Pruning repository" borg prune \ + --verbose \ --list \ --glob-archives '{hostname}-*' \ --show-rc \ --keep-daily 7 \ --keep-weekly 4 \ - --keep-monthly 6 + --keep-monthly 6 \ + 2> >(tee -a $ERRORLOG) prune_exit=$? # 3. Compact repository info "Compacting repository" -borg compact +borg compact --$LOGGING 2> >(tee -a $ERRORLOG >&2) compact_exit=$? @@ -90,11 +96,11 @@ global_exit=$(( backup_exit > prune_exit ? backup_exit : prune_exit )) global_exit=$(( compact_exit > global_exit ? compact_exit : global_exit )) if [ "${global_exit}" -eq 0 ]; then - info "Backup, Prune, and Compact finished successfully" + info "Backup, Prune, and Compact finished successfully" | tee -a $ERRORLOG elif [ "${global_exit}" -eq 1 ]; then - info "Backup, Prune, and/or Compact finished with warnings" + info "Backup, Prune, and/or Compact finished with warnings" | tee -a $ERRORLOG else - info "Backup, Prune, and/or Compact finished with errors" + info "Backup, Prune, and/or Compact finished with errors" | tee -a $ERRORLOG fi exit "${global_exit}" diff --git a/borg/etc/borg_environment b/borg/etc/borg_environment index 26c0de4..a5bf459 100644 --- a/borg/etc/borg_environment +++ b/borg/etc/borg_environment @@ -4,3 +4,6 @@ export BORG_REPO=REPOPATH # See the section "Passphrase notes" for more infos. export BORG_PASSPHRASE='REPOPASSPHRASE' +export BORG_BASE_DIR='/opt/borg/home' + +export BORG_LOGGING_CONF='/opt/borg/etc/logging.conf' diff --git a/borg/systemd/backup.service b/borg/systemd/backup.service index 94c53dd..bed6a73 100644 --- a/borg/systemd/backup.service +++ b/borg/systemd/backup.service @@ -5,4 +5,5 @@ Type=oneshot [Service] ExecStart=/opt/borg/bin/backup Wants=multi-user.target - +User=root +ProtectHome=no diff --git a/install.sh b/install.sh index 71ad01d..b64b399 100755 --- a/install.sh +++ b/install.sh @@ -59,8 +59,14 @@ setup_backup () { sudo cp -r borg /opt/ sudo chown -R "root:root" /opt/borg - sudo chmod -R 755 /opt/borg + find /opt/borg -type d -exec sudo chmod 755 {} \; + find /opt/borg -type f -exec sudo chmod 644 {} \; + sudo chmod -R 755 /opt/borg/bin sudo chmod 700 /opt/borg/etc + sudo chmod 700 /opt/borg/ssh + sudo ln -s /opt/borg/systemd/backup.service /etc/systemd/system/backup.service + sudo ln -s /opt/borg/systemd/backup.timer /etc/systemd/system/backup.timer + sudo systemctl daemon-reload local escaped_path=$(escape_sed "$repopath") local escaped_pass=$(escape_sed "$raw_passphrase") @@ -74,7 +80,7 @@ EOF printf "Installation complete.\n" generate_recovery_file "$repopath" "$raw_passphrase" - + sudo systemctl enable --now backup.timer } setup_encrypted_backup () {