diff --git a/ansible/roles/borgmatic/defaults/main.yml b/ansible/roles/borgmatic/defaults/main.yml index c7a9793..e1622e6 100644 --- a/ansible/roles/borgmatic/defaults/main.yml +++ b/ansible/roles/borgmatic/defaults/main.yml @@ -61,7 +61,9 @@ borgmatic_keep_yearly: 1000 # pg_dump_command must be full path since LaunchAgent doesn't have homebrew in PATH # --- Immich photo library backup (BorgBase offsite only) --- borgmatic_photos_config: /Users/erichblume/.config/borgmatic/photos.yaml -borgmatic_photos_source_dir: /Volumes/photos +borgmatic_photos_source_directories: + - /Volumes/photos/library + - /Volumes/photos/upload borgmatic_photos_borgbase_repo: ssh://xcrtl5tg@xcrtl5tg.repo.borgbase.com/./repo # Schedule: runs daily at 4:00 AM (offset from main backup at 2:00 AM) borgmatic_photos_schedule_hour: 4 diff --git a/ansible/roles/borgmatic/templates/photos.yaml.j2 b/ansible/roles/borgmatic/templates/photos.yaml.j2 index 1c118df..2bd0a4f 100644 --- a/ansible/roles/borgmatic/templates/photos.yaml.j2 +++ b/ansible/roles/borgmatic/templates/photos.yaml.j2 @@ -1,7 +1,10 @@ # {{ ansible_managed }} # # Borgmatic config for immich photo library backup. -# Backs up /Volumes/photos (sifaka SMB mount) to BorgBase offsite ONLY. +# Backs up library/ and upload/ from /Volumes/photos (sifaka SMB mount) +# to BorgBase offsite ONLY. Excludes encoded-video/, thumbs/, backups/ +# since those are regenerable from originals. +# # Separate from the main borgmatic config to keep concerns isolated: # - main config: indri data → sifaka + borgbase # - this config: sifaka photos → borgbase (different repo) @@ -9,7 +12,9 @@ local_path: {{ borgmatic_local_path }} source_directories: - - {{ borgmatic_photos_source_dir }} +{% for dir in borgmatic_photos_source_directories %} + - {{ dir }} +{% endfor %} source_directories_must_exist: true @@ -21,7 +26,10 @@ repositories: encryption_passcommand: {{ borgmatic_encryption_passcommand }} -ssh_command: ssh -o IdentitiesOnly=yes -i {{ borgmatic_borgbase_ssh_key_path }} +ssh_command: ssh -o IdentitiesOnly=yes -o ServerAliveInterval=30 -o ServerAliveCountMax=5 -i {{ borgmatic_borgbase_ssh_key_path }} + +# Save checkpoints every 10 minutes so interrupted backups don't lose all progress +checkpoint_interval: 600 # Retention policy — photos are precious, keep more history keep_daily: {{ borgmatic_photos_keep_daily }} diff --git a/docs/changelog.d/+borgmatic-photos-hardening.infra.md b/docs/changelog.d/+borgmatic-photos-hardening.infra.md new file mode 100644 index 0000000..c68580a --- /dev/null +++ b/docs/changelog.d/+borgmatic-photos-hardening.infra.md @@ -0,0 +1 @@ +Borgmatic photos backup: restrict to library/ and upload/ (skip regenerable dirs), add SSH keepalives and checkpoint interval to prevent broken pipe failures on large initial syncs.