Added dropping backups

2 files changed, 29 insertions, 5 deletions

diff --git a/topics/systems/backup-drops.gmi b/topics/systems/backup-drops.gmi
index 191b185..a4677f7 100644
--- a/topics/systems/backup-drops.gmi
+++ b/topics/systems/backup-drops.gmi
@@ -4,6 +4,10 @@ To make backups we use a combination of sheepdog, borg, sshfs, rsync. sheepdog i
 
 This system proves pretty resilient over time. Only on the synology server I can't get it to work because of some CRON permission issue.
 
+For doing the actual backups see
+
+=> ./backups-with-borg.gmi
+
 # Tags
 
 * assigned: pjotrp
@@ -13,7 +17,7 @@ This system proves pretty resilient over time. Only on the synology server I can
 
 ## Borg backups
 
-It is advised to use a backup password and not store that on the remote.
+Despite our precautions it is advised to use a backup password and *not* store that on the remote.
 
 ## Running sheepdog on rabbit
 
@@ -59,14 +63,14 @@ where remote can be an IP address.
 
 Warning: if you introduce this `AllowUsers` command all users should be listed or people may get locked out of the machine.
 
-Next create a special key on the backup machine's ibackup user (just hit enter):
+Next create a special password-less key on the backup machine's ibackup user (just hit enter):
 
 ```
 su ibackup
 ssh-keygen -t ecdsa -f $HOME/.ssh/id_ecdsa_backup
 ```
 
-and copy the public key into the remote /home/bacchus/.ssh/authorized_keys
+and copy the public key into the remote /home/bacchus/.ssh/authorized_keys.
 
 Now test it from the backup server with
 
@@ -82,13 +86,20 @@ On the drop server you can track messages by
 tail -40 /var/log/auth.log
 ```
 
+or on recent linux with systemd
+
+```
+journalctl -r
+```
+
 Next
 
 ```
 ssh -v -i ~/.ssh/id_ecdsa_backup bacchus@dropserver
 ```
 
-should give a Broken pipe(!). In auth.log you may see something like
+should give a Broken pipe(!) or it says `This service allows sftp connections only`.
+When running sshd with a verbose switch you may see something like
 
 fatal: bad ownership or modes for chroot directory component "/export/backup/"
 
@@ -171,3 +182,5 @@ sshfs -o reconnect,ServerAliveInterval=15,ServerAliveCountMax=3,IdentityFile=~/.
 The recent scripts can be found at
 
 => https://github.com/genenetwork/gn-deploy-servers/blob/master/scripts/tux01/backup_drop.sh
+
+# borg-borg
diff --git a/topics/systems/backups-with-borg.gmi b/topics/systems/backups-with-borg.gmi
index 0998f24..252e6a4 100644
--- a/topics/systems/backups-with-borg.gmi
+++ b/topics/systems/backups-with-borg.gmi
@@ -8,7 +8,12 @@ Sheepdog also includes a web server for output:
 
 => http://sheepdog.genenetwork.org/sheepdog/status.html
 
-## Install borg
+# Tags
+
+* assigned: pjotrp
+* keywords: systems, backup, sheepdog, database
+
+# Install borg
 
 Usually I use a version of borg from guix. This should really be done as the borg user (ibackup).
 
@@ -185,3 +190,9 @@ borg list genenetwork::borg-tux04-sql-20250209-01:43-Sun
 ```
 
 Make sure you not only see just a symlink.
+
+# Drop backups
+
+Once backups work it is useful to copy them to a remote server, so when the machine stops functioning we have another chance at recovery. See
+
+=> ./backup-drops.gmi