commit 4b41ed11732e9a2e102b9044d8f0e7fb9f4615e0
parent 0b02230cc865b1ba320d57cfaf4138c169bdf903
Author: Andreas Gruhler <agruhl@gmx.ch>
Date: Fri, 28 Feb 2025 20:35:05 +0100
feat(lxc-backup): replace borg with restic
Diffstat:
4 files changed, 95 insertions(+), 143 deletions(-)
diff --git a/borg-backup-lxc.pkr.hcl b/borg-backup-lxc.pkr.hcl
@@ -1,51 +0,0 @@
-variable "manifest" {
- type = string
- default = "manifest.json"
-}
-
-variable "borg_repo" {
- type = string
- default = "rclone:pcloud:borg-backup"
-}
-
-variable "borg_passphrase" {
- type = string
- sensitive = true
-}
-
-variable "patternsfile" {
- type = string
- default = "/root/.config/borg/patterns.lst"
-}
-
-source "lxc" "borg-backup-build" {
- config_file = "config/lxc-config"
- template_name = "download"
- template_parameters = ["--dist", "Debian", "--release", "Bookworm", "--arch", "armv7l"]
-}
-
-build {
- sources = ["source.lxc.borg-backup-build"]
-
- provisioner "shell" {
- script = "scripts/timezone.sh"
- }
-
- provisioner "shell" {
- environment_vars = [
- "BORG_REPO=${var.borg_repo}",
- "BORG_PASSPHRASE=${var.borg_passphrase}",
- "PATTERNSFILE=${var.patternsfile}",
- ]
- script = "scripts/borg-backup.sh"
- }
-}
-
-packer {
- required_plugins {
- lxc = {
- version = ">= 1.0.2"
- source = "github.com/hashicorp/lxc"
- }
- }
-}
diff --git a/restic-lxc.pkr.hcl b/restic-lxc.pkr.hcl
@@ -0,0 +1,45 @@
+variable "manifest" {
+ type = string
+ default = "manifest.json"
+}
+
+variable "restic_repository" {
+ type = string
+ default = "rclone:pcloud:/Backup/restic-turris"
+}
+
+variable "restic_password" {
+ type = string
+ sensitive = true
+}
+
+source "lxc" "restic-build" {
+ config_file = "config/lxc-config"
+ template_name = "download"
+ template_parameters = ["--dist", "Debian", "--release", "Bookworm", "--arch", "armv7l"]
+}
+
+build {
+ sources = ["source.lxc.restic-build"]
+
+ provisioner "shell" {
+ script = "scripts/timezone.sh"
+ }
+
+ provisioner "shell" {
+ environment_vars = [
+ "RESTIC_REPOSITORY=${var.restic_repository}",
+ "RESTIC_PASSWORD=${var.restic_password}"
+ ]
+ script = "scripts/restic.sh"
+ }
+}
+
+packer {
+ required_plugins {
+ lxc = {
+ version = ">= 1.0.2"
+ source = "github.com/hashicorp/lxc"
+ }
+ }
+}
diff --git a/scripts/borg-backup.sh b/scripts/borg-backup.sh
@@ -1,92 +0,0 @@
-#!/usr/bin/env bash
-
-set -o errexit
-set -o nounset
-set -o xtrace
-
-cd /root/
-
-# Install borg backup prerequisites
-# https://borgbackup.readthedocs.io/en/master/installation.html#debian-ubuntu
-apt-get install -y python3 python3-dev python3-pip python3-virtualenv \
- libacl1-dev libacl1 \
- libssl-dev \
- liblz4-dev libzstd-dev libxxhash-dev \
- libffi-dev \
- build-essential \
- pkg-config python3-pkgconfig
-
-# Install latest borg2 with pip
-# https://borgbackup.readthedocs.io/en/master/installation.html#using-pip
-virtualenv --python=python3 borg-env
-source borg-env/bin/activate
-pip install -U pip setuptools wheel
-pip install pkgconfig
-pip install borgbackup==2.0.0b14
-
-# Symlink borg from venv to global path
-ln -s /root/borg-env/bin/borg /usr/local/bin/borg
-
-# Ensure the borg binary is in the path
-cat <<'EOF' >> /root/.bashrc
-
-PATH=$PATH:/usr/local/bin
-EOF
-
-# Configure borg repo on pcloud
-mkdir -p /root/.config/borg
-
-cat <<EOF > /root/.config/borg/config
-BORG_REPO='$BORG_REPO'
-BORG_PASSPHRASE='$BORG_PASSPHRASE'
-PATTERNSFILE='$PATTERNSFILE'
-EOF
-
-# Check the encryption/hash bench with `borg benchmark cpu`
-# You have to initialize the borg repo and rclone before first use
-# borg repo-create --encryption=repokey-chacha20-poly1305
-# rclone config
-
-cat <<EOF > "$PATTERNSFILE"
-# https://borgbackup.readthedocs.io/en/stable/usage/help.html#borg-patterns
-# "sh:" pattern style, patternfiles use sh: by default
-P sh
-# A root path starts with the prefix R, followed by a path
-R /host-nfs
-EOF
-
-# Install systemd service unit
-cat <<'EOF' > /etc/systemd/system/borg-backup.service
-[Unit]
-Description=Create a backup with borg
-
-[Service]
-Type=oneshot
-EnvironmentFile=/root/.config/borg/config
-# prevent file modifications during backup
-# borg error "file changed while we read it!: backup error"
-ExecStart=/usr/bin/chattr -R +i /host-nfs
-ExecStart=/usr/local/bin/borg create -v --stats --compression lz4 {hostname}-{now:%%Y%%m%%dT%%H%%M} --patterns-from "$PATTERNSFILE" --exclude-caches --chunker-params fixed,4096
-ExecStart=/usr/local/bin/borg prune -v --list --match-archives '{hostname}-*' --keep-daily=7 --keep-weekly=4 --keep-monthly=12
-# unlock
-ExecStart=/usr/bin/chattr -R -i /host-nfs
-
-[Install]
-WantedBy=default.target
-EOF
-
-# Install systemd timer
-cat <<'EOF' > /etc/systemd/system/borg-backup.timer
-[Unit]
-Description=Create a backup with borg
-
-[Timer]
-Unit=borg-backup.service
-OnCalendar=*-*-* 01:03:00
-
-[Install]
-WantedBy=timers.target
-EOF
-
-systemctl enable borg-backup.timer
-systemctl start borg-backup.timer
diff --git a/scripts/restic.sh b/scripts/restic.sh
@@ -0,0 +1,50 @@
+#!/usr/bin/env bash
+
+set -o errexit
+set -o nounset
+set -o xtrace
+
+apt-get install -y restic
+
+# Configure restic repo
+mkdir -p /root/.config/restic
+
+cat <<EOF > /root/.config/restic/env
+# https://restic.readthedocs.io/en/latest/040_backup.html#environment-variables
+RESTIC_REPOSITORY="$RESTIC_REPOSITORY"
+RESTIC_PASSWORD="$RESTIC_PASSWORD"
+EOF
+
+
+# Install systemd service unit
+cat <<'EOF' > /etc/systemd/system/restic.service
+[Unit]
+Description=Create a backup with restic
+
+[Service]
+Type=oneshot
+EnvironmentFile=/root/.config/restic/env
+ExecStart=-/usr/bin/restic init
+ExecStart=-/usr/bin/restic backup /host-nfs
+ExecStart=-/usr/bin/restic forget --keep-daily 7 --keep-weekly 4 --keep-monthly 12
+ExecStart=-/usr/bin/restic prune
+
+[Install]
+WantedBy=default.target
+EOF
+
+# Install systemd timer
+cat <<'EOF' > /etc/systemd/system/restic.timer
+[Unit]
+Description=Create a backup with restic
+
+[Timer]
+Unit=restic.service
+OnCalendar=*-*-* 01:03:00
+
+[Install]
+WantedBy=timers.target
+EOF
+
+systemctl enable restic.timer
+systemctl start restic.timer
