AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Auto usb backup4/8/2023 ![]() ![]() Standing right next to your computer can attempt a lot of attacks, most of whichĪre easier to do than e.g. Possibly user space services and Borg itself). Mounting file systems and reading repositoryĭata exposes additional attack surfaces (kernel file system drivers, Mechanism to keep the script from blowing up whenever a random USB thumb drive is connected. The UUID check is a safety / annoyance-reduction The script as shown above will mount any file system with an UUID listed in The last part is to actually enable the udev rules and services: You can also add an option to power down instead.Ĭreate an empty /etc/backups/backup.disks file, you’ll register your backup drives Don’t forget to physically disconnect the device before resuming, When you want to do something with the drive after creating backups (e.g running check).Ĭreate the /etc/backups/backup-suspend file if the machine should suspend after completing If then umount $MOUNTPOINT hdparm -Y $drive fi if then systemctl suspend fiĬreate the /etc/backups/autoeject file to have the script automatically eject the driveĪfter creating the backup. # Even if it isn't (add -exclude /home above), it probably makes sense # to have /home in a separate archive.īorg create $BORG_OPTS \ -exclude 'sh:home/*/.cache' \ $TARGET:: $DATE- $$-home \ /home/Įcho "Completed backup for $DATE " # Just to be completely paranoid # /home is often a separate partition / file system. export BORG_RELOCATED_REPO_ACCESS_IS_OK =noĮxport BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK =noĮcho "Starting backup for $DATE " # This is just an example, change it however you see fitīorg create $BORG_OPTS \ -exclude root/.cache \ -exclude var/lib/docker/devicemapper \ $TARGET:: $DATE- $$-system \ / /boot # No one can answer if Borg asks these questions, it is better to just fail quickly # instead of hanging. (mount | grep $MOUNTPOINT ) || mount $partition_path $MOUNTPOINT drive = $(lsblk -inverse -noheadings -list -paths -output name $partition_path | head -lines 1 ) echo "Drive path: $drive " # Create backups # Options for borg create BORG_OPTS = "-stats -one-file-system -compression lz4 -checkpoint-interval 86400" # Set BORG_PASSPHRASE or BORG_PASSCOMMAND somewhere around here, using export, # if encryption is used. ![]() It won't find the drive if # it was mounted somewhere else. This assumes that if something is already # mounted at $MOUNTPOINT, it is the backup drive. # Find whether the connected block device is a backup drive for uuid in $(lsblk -noheadings -list -output uuid ) do if grep -quiet -fixed-strings $uuid $DISKS then break fi uuid = done if then echo "No backup disk found, exiting" exit 0 fi echo "Disk $uuid is a backup disk" partition_path =/dev/disk/by-uuid/ $uuid # Mount file system if not already done. # Archive name schema DATE = $(date -iso-8601 )- $(hostname ) # This is the file that will later contain UUIDs of registered backup drives DISKS =/etc/backups/backup.disks # This is the location of the Borg repository TARGET = $MOUNTPOINT/borg-backups/backup.borg Sleep 5 # Script configuration # The backup partition is mounted there MOUNTPOINT =/mnt/backup matching # a specific hardware path and partition. # This can be avoided by using a more precise udev rule, e.g. Sleep for a bit to ensure # the kernel is done. #!/bin/bash -ue # The udev rule is not terribly accurate and may trigger our service before # the kernel has finished probing partitions. Launch the “automatic-backup” service, which we will create next, as the The “systemd” tag in conjunction with the SYSTEMD_WANTS environment variable has systemd Or need to insert additional stars for matching the path. In these cases you cannot use a more accurate rule, Reboot a few times to ensure that the hardware path does not change: on some motherboardsĬomponents of it can be random. ![]() block/ part in the path with a star (*). Use the event’s device path and replace sdX/sdXY after the Pick the event whose device path ends in something similar to a device file name, ![]() You should see a flurry of events, find those regarding the block subsystem. the sameĮSATA port, then you can make a more precise udev rule.Įxecute udevadm monitor and connect a drive to the port you intend to use. If you always connect the drive(s) to the same physical hardware path, e.g. ![]()
0 Comments
Read More
Leave a Reply. |