Backup with Borg, Borgmatic and Borgbase

1. Set up keys so that the servers can talk to each other

Log inn with root:

- ssh-keygen -t ed25519 -a 100

- copy to Borgbase (backupserver authorized_keys file)

2. Install Borg

apt install borgbackup see also

3. Install Borgmatic

The package install apt install borgmatic is outdated, so according to install pipx as the root user (with sudo) to make installing borgmatic easy without impacting other Python applications on your system

sudo apt install pipx


sudo pipx ensurepath

sudo pipx install borgmatic

and check

borgmatic --version

4. Create standard config

borgmatic config generate

5. Set up encryption and password

borg init -e repokey-blake2 ssh://

6. Edit config.yml

The sample configuration file is located at /etc/borgmatic/config.yaml


sudo nano /etc/borgmatic/config.yaml

Working config with databases

# List of source directories and files to back up. Globs and tildes
# are expanded. Do not backslash spaces in path names.
    - /home
    - /var/www

# A required list of local or remote repositories with paths and
# optional labels (which can be used with the --repository flag to
# select a repository). Tildes are expanded. Multiple repositories are
# backed up to in sequence. 

    - path: ssh://
      label: backupserver
#    - path: /mnt/backup
#      label: local

# Retention policy for how many backups to keep.
keep_daily: 7
keep_weekly: 4
keep_monthly: 6

# Databases to dump and include in backups.
    - name: all
      format: sql

# Docker database example - make sure to install mariadb-client first - see also

     - name: bookstackapp
       port: 3306
       username: bookstack
       password: long_obscure_password

#Passphrase to unlock the encryption key with. Only use on repositories that were
# initialized with passphrase/repokey encryption. Quote the value if it contains
# punctuation, so it parses correctly. And backslash any quote or backslash
# literals as well. Defaults to not set.
encryption_passphrase: something_long_and_obscure

doublecheck config:

borgmatic config validate

7. Start backup

borgmatic create --verbosity 1 --list --stats

8. Check the backups

borgmatic list

borgmatic info

Check databases

borgmatic list --archive latest --find .borgmatic/*_databases

Search for a file

borgmatic list --find security.txt

9. Set up cron

crontab -e

Let Borgmatic run every night at 1

0 1 * * * /root/.local/bin/borgmatic --verbosity 2 >/root/borg.log 2>&1

(The default cron here does not work for me: )

10. Restore files and databases

Multiple repositories

Category: Linux