From 9606bc45e9a871cbea3dcf488236641a030bf8f1 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin <4533074+alexAubin@users.noreply.github.com> Date: Wed, 10 Jul 2024 20:40:37 +0200 Subject: [PATCH] Create ADMIN.md --- doc/ADMIN.md | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 doc/ADMIN.md diff --git a/doc/ADMIN.md b/doc/ADMIN.md new file mode 100644 index 0000000..dbe81a0 --- /dev/null +++ b/doc/ADMIN.md @@ -0,0 +1,68 @@ +### Configuring the user on the target server + +You should now authorize the public key on the target server using something like: + +``` +mkdir ~/.ssh -p +touch ~/.ssh/authorized_keys +chmod u=rw,go= ~/.ssh/authorized_keys +cat << EOPKEY >> ~/.ssh/authorized_keys + +EOPKEY +``` + +Optional: to improve security, make sure the user can only connect through SFTP and can only access its home directory on the target server. +On Debian/Ubuntu, this is done using the following snippet. Otherwise refer to your distribution manual (don't forget to replace `servera` with the real username) + +``` +cat << EOF>> /etc/ssh/sshd_config +Match User servera + ChrootDirectory %h + ForceCommand internal-sftp + AllowTcpForwarding no + X11Forwarding no +EOF +systemctl restart ssh +``` + +### Test + +At this step your backup should schedule. + +If you want to be sure, you can test it by running on server A: +``` +systemctl start restic.service +``` + +Next you can verify the backup contents by running on server A +``` +restic -r sftp:serverb.domain.tld:servera.domain.tld/auto_conf snapshots +``` + +Replace `auto_conf` with `auto_` if you did not choose to backup configuration but only applications. + +If you want to check the backups consistency: +``` +systemctl start restic_check.service +``` + +If you want to make a complete check of the backups - keep in mind that this reads all the backed up data, it can take some time depending on your target server upload speed (more on this topic in [the Restic documentation](https://restic.readthedocs.io/en/latest/045_working_with_repos.html#checking-integrity-and-consistency)): +``` +systemctl start restic_check_read_data.service +``` + +### Misc helpful commands + +- Display the apps list to backup: `yunohost app setting restic apps` +- Edit the apps list to backup: `yunohost app setting restic apps -v "nextcloud,wordpress"` +- Launch a backup: `systemctl start restic` +- Launch a backup check: `systemctl start restic_check.service` + +##### Launch a complete backup check + +WARNING: this will read data from your backups destination server. +It may take a quite long time depending on the target server's internet upload speed and hardware performance. + +``` +systemctl start restic_check_read_data.service +```