Il existe plusieurs techniques pour réaliser des sauvegardes d'un serveur comme par exemple avec un outil comme Restic, le choix d'utiliser Duplicity comme logiciel de sauvegarde et backupninja comme meta-script pour le piloter est conditionné par le fait que le serveur de sauvegarde proposé chez Dedibox n'est accessible qu'en FTP port 21, c'est un peu vintage et pas supporté par tous les systèmes actuels (Restic, Borg) as far as I know.

Duplicity permet de faire des sauvegardes incrémentales chiffrées vers une diversité de serveurs de sauvegarde, backupninja facilite sa configuration fine.

sudo apt-get install duplicity ncftp backupninja rsync

On commence par la configuration des dumps de bases de données

Pour MySQL,

cp /usr/share/doc/backupninja/examples/example.mysql /etc/backup.d/10-alldb.mysql
nano /etc/backup.d/10-alldb.mysql

A adapter

10-alldb.mysql

databases   = all
backupdir   = /var/backups/mysql
hotcopy     = no
sqldump     = yes
compress    = yes
configfile = /etc/mysql/debian.cnf

Le nom 10-alldb.mysql va permettre d'executer le dump des db avant la sauvegarde

Configuration du backup en lui même avec Duplicity

cp /usr/share/doc/backupninja/examples/example.dup /etc/backup.d/20-files.dup
nano /etc/backup.d/20-files.dup

Adapter la valeurs

20-files.dup

## Default:
testconnect = no
 
tmpdir = /data/backups/backup-duplicity/tmp
 
options = --volsize 1000 --archive-dir=/data/backups/backup-duplicity/ --name backup-duplicity-cache --tempdir=/data/backups/backup-duplicity/tmp
 
[gpg]
# Using symetric encryption for archive files
# Note that an encryption method is mandaory, either with symetric or private keys
# Don't forget to note that password somewhere !
#sign = no
encryptkey = yourkeygivenby;gpg --list-keys
password = ************
#signkey = yourkeygivenby;gpg --list-keys
#signpassword = *********
sign = no
signkey = dummy_key
signpassword = dummy_password
 
 
[source]
## files to include in the backup
include = /etc
include = /home/
include = /var/lib/lxc
include = /data/backups/backup-duplicity/mysql
 
# files to exclude from the backup
##exclude = /home/*/.gnupg

[dest]
 
## perform an incremental backup? (default = yes)
## if incremental = no, perform a full backup in order to start a new backup set
##
## Default: 
# incremental = yes

## how many days of incremental backups before doing a full backup again ;
## default is 30 days (one can also use the time format of duplicity).
## if increments = keep, never automatically perform a new full backup ; 
## only perform incremental backups.
##
## Default:
# increments = 30

## how many days of data to keep ; default is 60 days.
## (you can also use the time format of duplicity)
## 'keep = yes' means : do not delete old data, the remote host will take care of this
##
## Default:
# keep = 60

# for how many full backups do we keep their later increments ;
# default is all (keep all increments).
# increments for older full backups will be deleted : only the more
# recent ones (count provided) will be kept
#
## Default:
# keepincroffulls = all

# Adjust these to your own taste: ici un seul full backup glissant sur 30 jours
incremental = yes
increments = 30
keep = 32
keepincroffulls = 1
 
## full destination URL, in duplicity format; if set, desturl overrides
desturl = ftp://login@serveurftp.net/mesbackups
ftp_password = *********
 
## bandwith limit, in KB/s ; default is 0, i.e. no limit
## if using 'desturl' above, 'bandwidthlimit' must not be set
## an example setting of 128 KB/s would be:
## bandwidthlimit = 128
##
## Default:
bandwidthlimit = 0
 
destuser = monuser
 

Il y a un bug dans backupninja pour la version ubuntu 18.04 “The signpassword option must be set because signkey is different from encryptkey.” pour le contourner, il faut utiliser une public key encryption mais ne pas signer en mettant comme ci-dessus :

sign = no
signkey = dummy_key
signpassword = dummy_password

backupninja -d -n

backupninja a gentiment créé un cronjob dans /etc/cron.d/backupninja pour régler la fréquence des backups, éditer

nano /etc/cron.d/backupninja
when = everyday at 01:00

Backup status :

duplicity collection-status ftp://login:password@serveurftp.net/mesbackups

Lister les fichiers dans les archives ;

duplicity list-current-files  ftp://login:password@serveurftp.net/mesbackups

Restaurer le dernier backup dans un répertoire spécifique

duplicity restore  ftp://login:password@serveurftp.net/mesbackups/etc /home/user/test-restore/ 

• Plus de commandes de restoration ici http://futurile.net/resources/duplicity/#list-files-in-backup

• Set up an incremental backup with duplicity, rsync, and backupninja
• https://wiki.herzbube.ch/index.php/Backupninja
• Script duplicity https://community.hetzner.com/tutorials/duplicity-script