Add BorgBase offsite backup repository #142

Merged

eblume merged 3 commits from feature/borgbase-offsite-backup into main 2026-02-10 12:47:03 -08:00

Conversation 0 Commits 3 Files changed 6 +42 -2

eblume commented 2026-02-10 11:24:37 -08:00

Owner

Copy link

Summary

• Adds BorgBase as a second borgmatic repository for offsite backups (US region, append-only)
• SSH key managed via 1Password, deployed to indri by Ansible
• Borgmatic ssh_command configured to use the dedicated BorgBase key
• BorgBase host key pinned in known_hosts via Ansible

Post-merge deployment steps

1. Provision borgmatic: mise run provision-indri -- --tags borgmatic
2. Initialize the BorgBase repo: ssh indri 'mise x -- borgmatic init --encryption repokey --repository borgbase-offsite'
3. Export and store the borg repokey: ssh indri 'borg key export ssh://k04ljcd7@k04ljcd7.repo.borgbase.com/./repo' → save to 1Password
4. Verify first backup: ssh indri 'mise x -- borgmatic create --repository borgbase-offsite --verbosity 1'

BorgBase setup (already done)

• Account created, API token in 1Password (borgbase item in blumeops vault)
• SSH keypair generated, stored in 1Password, public key uploaded to BorgBase (ID: 200815)
• Repository indri-borgmatic created (ID: k04ljcd7, US region, append-only, 2-day alert)

## Summary - Adds BorgBase as a second borgmatic repository for offsite backups (US region, append-only) - SSH key managed via 1Password, deployed to indri by Ansible - Borgmatic `ssh_command` configured to use the dedicated BorgBase key - BorgBase host key pinned in known_hosts via Ansible ## Post-merge deployment steps 1. Provision borgmatic: `mise run provision-indri -- --tags borgmatic` 2. Initialize the BorgBase repo: `ssh indri 'mise x -- borgmatic init --encryption repokey --repository borgbase-offsite'` 3. Export and store the borg repokey: `ssh indri 'borg key export ssh://k04ljcd7@k04ljcd7.repo.borgbase.com/./repo'` → save to 1Password 4. Verify first backup: `ssh indri 'mise x -- borgmatic create --repository borgbase-offsite --verbosity 1'` ## BorgBase setup (already done) - Account created, API token in 1Password (`borgbase` item in blumeops vault) - SSH keypair generated, stored in 1Password, public key uploaded to BorgBase (ID: 200815) - Repository `indri-borgmatic` created (ID: k04ljcd7, US region, append-only, 2-day alert)

eblume added 1 commit 2026-02-10 11:24:37 -08:00

Add BorgBase offsite backup repository ... 9a0bf9bd9b

Adds a second borgmatic repository targeting BorgBase (US region) for
offsite backups, completing a 3-2-1 backup strategy. SSH key is managed
via 1Password and deployed by Ansible.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

eblume added 1 commit 2026-02-10 11:28:01 -08:00

Fix SSH auth: use IdentitiesOnly to skip agent keys ... 40285134ac

The 1Password SSH agent offers many keys, causing "Too many
authentication failures" before the BorgBase key is tried.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

eblume added 1 commit 2026-02-10 12:31:47 -08:00

Disable RunAtLoad for borgmatic LaunchAgent ... 4cc41cb9b3

Prevents unintended backup runs when Ansible reloads the LaunchAgent.
The StartCalendarInterval (2 AM daily) handles scheduling.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

eblume merged commit d045a5d76a into main 2026-02-10 12:47:03 -08:00

eblume referenced this pull request from a commit 2026-02-10 12:47:05 -08:00

Add BorgBase offsite backup repository (#142)

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

eblume/blumeops!142

No description provided.