Skip to content

borgbackup

Efficient, deduplicating backup program with optional compression and secure encryption.

System

Usage

inventory.instances = {
  borgbackup = {
    module = {
      name = "borgbackup";
      input = "clan";
    };
    roles.client.machines."jon".settings = {
      destinations."storagebox" = {
        repo = "username@$hostname:/./borgbackup";
        rsh = ''ssh -oPort=23 -i /run/secrets/vars/borgbackup/borgbackup.ssh'';
      };
    };
    roles.server.machines = { };
  };
};

The input should be named according to your flake input. Jon is configured as a client machine with a destination pointing to a Hetzner Storage Box.

Overview

This guide explains how to set up and manage BorgBackup for secure, efficient backups in a clan network. BorgBackup provides:

  • Space efficient storage of backups with deduplication
  • Secure, authenticated encryption
  • Compression: lz4, zstd, zlib, lzma or none
  • Mountable backups with FUSE
  • Easy installation on multiple platforms: Linux, macOS, BSD, …
  • Free software (BSD license).
  • Backed by a large and active open-source community.

Roles

1. Client

Clients are machines that create and send backups to various destinations. Each client can have multiple backup destinations configured.

2. Server

Servers act as backup repositories, receiving and storing backups from client machines. They can be dedicated backup servers within your clan network.

Backup destinations

This service allows you to perform backups to multiple destinations. Destinations can be:

  • Local: Local disk storage
  • Server: Your own borgbackup server (using the server role)
  • Third-party services: Such as Hetzner's Storage Box

For a more comprehensive guide on backups look into the guide section.


Roles

The borgbackup module has the following roles:

  • client
  • server

Options for the client role

destinations

external destinations where the machine should be backuped to

Type: attribute set of (submodule)

Default:

{ }

Declared in: clanServices/borgbackup/default.nix

destinations.<name>.name

the name of the backup job

Type: string matching the pattern ^[a-zA-Z0-9._-]+$

Default:

"‹name›"

Declared in: clanServices/borgbackup/default.nix

destinations.<name>.repo

the borgbackup repository to backup to

Type: string

Declared in: clanServices/borgbackup/default.nix

destinations.<name>.rsh

the rsh to use for the backup

Type: string

Default:

"ssh -i \${config.clan.core.vars.generators.borgbackup.files.\"borgbackup.ssh\".path} -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"

Declared in: clanServices/borgbackup/default.nix

exclude

Directories/Files to exclude from the backup. Use * as a wildcard.

Type: list of string

Default:

[ ]
Example
[
  "*.pyc"
]

Declared in: clanServices/borgbackup/default.nix

Options for the server role

directory

The directory where the borgbackup repositories are stored.

Type: string

Default:

"/var/lib/borgbackup"

Declared in: clanServices/borgbackup/default.nix