Archives mensuelles : octobre 2024

Kopia Backup memo

My quick notes about configuring Kopia on several Debian, to a single repository.

Warning  : this is my personal setup, customized to my needs. Storing all data from different servers in a single repository and without user management can be considered as a security flaw (since it is). Your backup startegy very important, if you don’t understand what you’re doing, dont copy/paste this setup.

Installation

# curl -s https://kopia.io/signing-key | sudo gpg --dearmor -o /etc/apt/keyrings/kopia-keyring.gpg
# echo "deb [signed-by=/etc/apt/keyrings/kopia-keyring.gpg] http://packages.kopia.io/apt/ stable main" | sudo tee /etc/apt/sources.list.d/kopia.list
# apt update
# apt install kopia

Systemd service

Create /etc/systemd/system/kopia.service :

[Unit]
Description=Kopia Server
Wants=network-online.target
After=syslog.target time-sync.target network.target network-online.target

[Service]
Environment="HOME=/root"
Type=simple
RemainAfterExit=yes
ExecStart=/usr/bin/kopia server start --insecure --without-password --log-dir=/var/log/kopia
ExecStop=/usr/bin/kopia server shutdown

[Install]
WantedBy=multi-user.target

Reload and enable :

# systemctl daemon-reload
# systemctl enable kopia

Init file (alternative to systemd)

In case you don’t use Systemd (inside a chroot for exemple), create /etc/init.d/kopia :

#! /bin/sh
### BEGIN INIT INFO
# Provides: kopia
# Required-Start: $syslog $time $remote_fs
# Required-Stop: $syslog $time $remote_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Deferred execution scheduler
# Description: Debian init script for kopia
### END INIT INFO

PATH=/bin:/usr/bin:/sbin:/usr/sbin
DAEMON=/usr/bin/kopia
PIDFILE=/var/run/kopia.pid
test -x $DAEMON || exit 0

. /lib/lsb/init-functions

case "$1" in
start)
log_daemon_msg "Starting kopia" "kopia"
start-stop-daemon --start --make-pidfile --pidfile $PIDFILE -b --exec /usr/bin/kopia server start -- --config-file=/root/.config/kopia/repository.config --insecure --address http://0.0.0.0:51515 --without-password --log-dir=/var/log/kopia
log_end_msg $?
;;
stop)
log_daemon_msg "Stopping kopia" "kopia"
killproc -p $PIDFILE $DAEMON
log_end_msg $?
;;
force-reload|restart)
$0 stop
$0 start
;;
status)
status_of_proc -p $PIDFILE $DAEMON kopia && exit 0 || exit $?
;;
*)
echo "Usage: /etc/init.d/kopia {start|stop|restart|force-reload|status}"
exit 1
;;
esac

exit 0

Repository

Export repository configuration from an existing installation :

# kopia repository status -t -s

Since I’m using a ssh repository, I need to connect once with ssh to store the server’s fingerprint in known_hosts.

Import repo configuration on the newly installed server :

# kopia repository connect from-config --token ..........
# service kopia restart

Dont forget to clear your bash history since it contains sensitive data :

# history -d -2

Initial configuration

Setup a different « default » snapshot time on this host :

# kopia policy set --snapshot-time="04:00" @hostname
# kopia server refresh

Email reporting

Create an email reporting profile :

# kopia notification profile configure email \
--profile-name=email \
--smtp-server=mysmtpserver \
--smtp-port=25 \
--mail-from=user@domain.tld \
--mail-to=user@domain.tld \
--format=html \
--min-severity=warning

Send test email :

# kopia notification profile test --profile-name=email