Borgomatic is a wrapper for borg for simplifying the backup process.

Client side

Install borgmatic:

yay -Syu borgmatic

Configure:

sudo generate-borgmatic-config
sudo nvim /etc/borgmatic/config.yaml

Minimale configuration example:

location:
    source_directories:
        - /home
        - /etc
    repositories:
        - backup@backup.slaanesh.org:/home/backup/repos/edemaruh
    patterns:
        - '- /home/*/.cache'
storage:
    encryption_passphrase: "azerty"
retention:
    keep_daily: 7
    keep_weekly: 4
    keep_monthly: 1
    keep_yearly: 1

Create a ssh key for connecting to the backup server

$ sudo ssh-keygen
$ sudo cat /root/.ssh/id_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDNTY8aCs9ZuynjWxzUcxwBa/9BFUoVIjslR9A4Hf74LiY+c6RfoKUbXeHwZ2lsoVtglGHXW307ZGxB42eVEQmEYlmOwLkqATVzqMWD1aVME6wT1tHj/gMtix5Ss+TVfjoXxn9gxwoo3dZW54UutqmcIBv57TvpDRwBrVXAO7fwv6EflPyf2EmvxqRi8GgbhVEb0h3OGk1IfVD1JMIEZuSHZiPv09F7JJaBzgN5NYwa/w+FSYiHtGOPsvspQkjKkOhDNcU7WGT8jwctur6dUenVpiORwHzU5vylACPdjvrxOImzQq+G3/x0OKOYKR3WMJz1/16dseb1MYo6ZflUol+udjdx3HjJ2M7M3sXfMa0Ql+91WU5ynX9VN1Ku+VKPIdXZ4gx+v6i3EMB07NSH83wsU/m0DUaVkrxdgA9d94n5htUZ737efkBal41iCBrzYQhhDRCEGNMMoh7ChLxZeAYCKvdjs9lmG2MqC+pZSbQc2H0avRCEvqDA5sOGSbPBdFE= root@edemaruh.slaanesh.org

Server side

Install borg:

yay -Suy borg

Create a dedicated user account:

sudo useradd -m backup

Restrict autorized commands and paths:

$ sudo cat /home/backup/.ssh/autorized_keys
command="cd /home/backup/repos/edemaruh; borg serve --restrict-to-path /home/backup/repos/edemaruh",no-port-forwarding,no-X11-forwarding,no-pty,no-agent-forwarding,no-user-rc ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDNTY8aCs9ZuynjWxzUcxwBa/9BFUoVIjslR9A4Hf74LiY+c6RfoKUbXeHwZ2lsoVtglGHXW307ZGxB42eVEQmEYlmOwLkqATVzqMWD1aVME6wT1tHj/gMtix5Ss+TVfjoXxn9gxwoo3dZW54UutqmcIBv57TvpDRwBrVXAO7fwv6EflPyf2EmvxqRi8GgbhVEb0h3OGk1IfVD1JMIEZuSHZiPv09F7JJaBzgN5NYwa/w+FSYiHtGOPsvspQkjKkOhDNcU7WGT8jwctur6dUenVpiORwHzU5vylACPdjvrxOImzQq+G3/x0OKOYKR3WMJz1/16dseb1MYo6ZflUol+udjdx3HjJ2M7M3sXfMa0Ql+91WU5ynX9VN1Ku+VKPIdXZ4gx+v6i3EMB07NSH83wsU/m0DUaVkrxdgA9d94n5htUZ737efkBal41iCBrzYQhhDRCEGNMMoh7ChLxZeAYCKvdjs9lmG2MqC+pZSbQc2H0avRCEvqDA5sOGSbPBdFE= root@edemaruh.slaanesh.org

Test and run (client side)

Create the repository:

sudo borgmatic init --encryption repokey

Dry run:

sudo borgmatic -n

If it is all ok, enable the timer service:

sudo systemctl enable borgmatic.timer