Backups for local systems#

Backups are performed using borgbackup

The warehouse is located on voile

NixOS#

A nixos module exists under modules/nixos/borg.

Darwin#

The darwin module was custom built and is under modules/darwin/borg.

Adding a host#

  1. In this repo, run just borg-generate-secrets <hostname>
  2. This will create a repo key and passphrase in secrets.yaml via sops
  3. Commit and push the secrets
  4. Run just sops-update-hosts to re-encrypt for all keys
  5. Add the host to borgwarehouse
  6. Configure the host
...
tsunaminoai.borg = {
  enable = true;
  repo = "8a95a28d";
};
...
  1. Deploy

Schedule#

Darwin hosts run the backup at 03:00 local time via launchd (StartCalendarInterval with Hour = 3, Minute = 0). NixOS hosts run daily via the borgmatic systemd timer (upstream OnCalendar=daily with RandomizedDelaySec=3h), firing at a randomized time between midnight and 03:00.

Status and storage-usage checks are pushed to borgwarehouse every 2 hours via cron (enabled per-host with tsunaminoai.borg.enableCron; currently only ereshkigal). BorgWarehouse handles backup-failure and low-storage alerting.

Restoring from Backup#

See Restoring a Host from Backup for the full procedure, including how to handle sops key rotation after a machine wipe.

Backups for MS365#

Backups for all of the sc2.in domain are performed daily by the Active Backup MS365 package running on voile.

The portal for backups is located at Active Backup for Microsoft 365 Portal

Backup Schedule