Nicolas Cognaux - Gp2mv3

I share about development, productivity, open source and entrepreneurship.

Easy backups with Borg: Encrypted, deduplicated and fast

2020-02-11 Nicolas CognauxTech

Some days ago, I went to the FOSDEM and discovered Borg Backup, an open-source, deduplicating archiver with compression and encryption.

That tool is exactly what I’m looking for for my local backups. I have an old NAS (GoFlex home), rooted and running ArchLinux on which I was doing Rsync backups for some years. Rsync backups are OK but not space-efficient as there is no deduplication and not encrypted at rest (or complicated to configure).

Borg is the perfect replacement for my old home-made solution. This article explains Borg and I give my scripts to use it easily.

Deduplication?

Deduplication is a technique allowing to only store new chunks of files. Each file is split into several variable-length chunks and only chunks that have never been seen before are added to the repository.

This allows a great gain of space but also in transfer speed as we don’t send the full files but only signatures of chunks, and then the complete chunk if not present.

For example, here are the stats of my last backup (that only took 9 minutes):

------------------------------------------------------------------------------
                       Original size      Compressed size    Deduplicated size
This archive:               70.52 GB             41.39 GB            585.80 MB
All archives:              569.67 GB            321.16 GB             60.09 GB

                       Unique chunks         Total chunks
Chunk index:                  550699              6747062
------------------------------------------------------------------------------

An original backup of 70.52 GB is stored in 585.80 MB (Only 8% of the original!).

Encryption

Borg also provides Encryption at rest (AES-256) and the data authenticity is verified by HMAC-SHA256 or BLAKE2. The encryption mode is set at the initialization of the repo.

Compatibility

Borg is available as single-file binaries for Linux, Mac OS X and FreeBSD.

The complete list of distribution packages is available here: Borg Installation.

To be more efficient, it’s recommended to install Borg on the backup server too but it’s not mandatory. I installed the ArchLinux package on my NAS (armv5tel) and everything works fine and fast. I back up my home folder every afternoon in less than 10 minutes.

Let’s Go!

Borg is super easy to use. You first need to init the repository, backup your repository key (It’s highly recommended), then you are ready for your first backup. Here are the steps.

1) Initialize the repo

# Init the remote repo with a repokey and the blake2b hash function
borg init -e repokey-blake2 $REMOTE_USER@$REMOTE_IP:$REMOTE_FOLDER

# Exports the backup key (Store it in a safe place !)
borg key export $REMOTE_USER@$REMOTE_IP:$REMOTE_FOLDER ~/borg-key-bck

When your repository is initialized, you can directly create your first backup:

2) Create your first backup

borg create --progress --stats $REMOTE_USER@$REMOTE_IP:$REMOTE_FOLDER::$BCK_NAME $LOCAL_DIR

My scripts (Initialize and backup regularly)

To handle my backups, I created a script that runs every day when I’m connected to my local network (my NAS server pings). You can find my scripts on my Github: https://github.com/Gp2mv3/borg-script.

  • init-borg.sh: initializes the repo for you and generates a strong passphrase (Note it somewhere !).
  • backup-borg.sh: The backup script. I run it daily when home.

Give me feedback!

As always, don’t hesitate to give feedback! Reach me on Twitter or leave a comment.