borgmatic-collective/borgmatic
11
70
Fork 40
Code Issues 49 Pull Requests 7 Actions 1 Packages Releases 152 Activity

Borgmatic commands are not working except for borgmatic config validate #1148

New Issue
Closed
opened 2025-09-18 13:44:14 +00:00 by elhananjair · 15 comments
elhananjair commented 2025-09-18 13:44:14 +00:00
Copy Link

What I'm trying to do and why

Hello there, it's been a while since I used Borgmatic last time, things have changed since I left 😀

I have installed borgmatic on both computers (production and backup), I have initialized and created a repository on the backup PC, and I configured config.yaml on the production computer, checked the configuration validity with borgmatic config validate, and it is good.

Eventually, I want to check if things are working fine with the borgmatic check command and other similar commands, but I am receiving an error.

Steps to reproduce

Install borgmatic on two computers, one running applications, the other set up for storing backups
Generate a configuration file on the application running computer and add SSH and PATH for the repo.
Run borgmatic config validate and execute borgmatic info or borgmatic check

Actual behavior

Showing an error

/etc/borgmatic/config.yaml /etc/borgmatic.d /home/liyuadmin/.config/borgmatic/config.yaml /home/liyuadmin/.config/borgmatic.d: No valid configuration files found

summary:
/etc/borgmatic/config.yaml /etc/borgmatic.d /home/liyuadmin/.config/borgmatic/config.yaml /home/liyuadmin/.config/borgmatic.d: No valid configuration files found

Expected behavior

Showing a summary of the repo, if any backups are there, or must show a message with no backups...

Other notes / implementation ideas

  • I haven't generated a configuration file for the backup server since it is not needed (that's how I would do it on older borgmatic versions when I was using it)

borgmatic version

2.0.6

borgmatic installation method

Official Fedora Repository

Borg version

1.4.1

Python version

3.13.7

Database version (if applicable)

No response

Operating system and version

Fedora Linux 42 (WSL) x86_64

### What I'm trying to do and why Hello there, it's been a while since I used Borgmatic last time, things have changed since I left 😀 I have installed borgmatic on both computers (production and backup), I have initialized and created a repository on the backup PC, and I configured `config.yaml` on the production computer, checked the configuration validity with `borgmatic config validate,` and it is good. Eventually, I want to check if things are working fine with the `borgmatic check` command and other similar commands, but I am receiving an error. ### Steps to reproduce Install borgmatic on two computers, one running applications, the other set up for storing backups Generate a configuration file on the application running computer and add SSH and PATH for the repo. Run `borgmatic config validate` and execute `borgmatic info` or `borgmatic check` ### Actual behavior Showing an error ``` /etc/borgmatic/config.yaml /etc/borgmatic.d /home/liyuadmin/.config/borgmatic/config.yaml /home/liyuadmin/.config/borgmatic.d: No valid configuration files found summary: /etc/borgmatic/config.yaml /etc/borgmatic.d /home/liyuadmin/.config/borgmatic/config.yaml /home/liyuadmin/.config/borgmatic.d: No valid configuration files found ``` ### Expected behavior Showing a summary of the repo, if any backups are there, or must show a message with no backups... ### Other notes / implementation ideas - I haven't generated a configuration file for the backup server since it is not needed (that's how I would do it on older borgmatic versions when I was using it) ### borgmatic version 2.0.6 ### borgmatic installation method Official Fedora Repository ### Borg version 1.4.1 ### Python version 3.13.7 ### Database version (if applicable) _No response_ ### Operating system and version Fedora Linux 42 (WSL) x86_64
explorer_ugQ8vP9yU1.png
41 KiB
explorer_ugQ8vP9yU1.png
witten commented 2025-09-18 18:00:18 +00:00
Owner
Copy Link

I haven't generated a configuration file for the backup server since it is not needed (that's how I would do it on older borgmatic versions when I was using it)

borgmatic definitely needs a configuration file in order to function on a given machine, so I think that explains why it's stubbornly refusing to work on the computer with your repository. However, let me ask you this: Is there a reason why you're installing borgmatic on your repository machine? You definitely need Borg there—so the "production" client machine can run Borg on the server side when it initiates a backup with borgmatic—but you don't actually need borgmatic on the repository machine unless you'd like to be able to run it there.

If you do want to be able to run borgmatic on the repository machine, then you'll need at least a minimal configuration file there. For instance, if you only want to be able to run lists and checks on that machine, you'll need a configuration file that specifies your repository and the checks you want to run on it. But you won't need, for instance, any source_directories since you presumably won't be initiating any backups from that machine.

Hope that helps!

> I haven't generated a configuration file for the backup server since it is not needed (that's how I would do it on older borgmatic versions when I was using it) borgmatic definitely needs a configuration file in order to function on a given machine, so I think that explains why it's stubbornly refusing to work on the computer with your repository. However, let me ask you this: Is there a reason why you're installing borgmatic on your repository machine? You definitely need Borg there—so the "production" client machine can run Borg on the server side when it initiates a backup with borgmatic—but you don't actually need borgmatic on the repository machine unless you'd like to be able to run it there. If you *do* want to be able to run borgmatic on the repository machine, then you'll need at least a minimal configuration file there. For instance, if you only want to be able to run `list`s and `check`s on that machine, you'll need a configuration file that specifies your repository and the checks you want to run on it. But you won't need, for instance, any `source_directories` since you presumably won't be initiating any backups from that machine. Hope that helps!
witten added the question / support label 2025-09-18 18:00:25 +00:00
elhananjair commented 2025-09-18 18:40:11 +00:00
Author
Copy Link

Hey @witten it's been a while,

why it's stubbornly refusing to work on the computer with your repository

Actually, I executed borgmatic list on the production computer, where I created config.yaml and specified the path to the repository and SSH. It is showing that error on the production computer, although borgmatic validate config shows success.

Is there a reason why you're installing borgmatic on your repository machine? You definitely need Borg there

I had no idea about that. I thought it was mandatory, so can I leave it as is for now, or should I remove Borgmatic from the repo machine?

If you do want to be able to run borgmatic on the repository machine, then you'll need at least a minimal configuration file there. For instance, if you only want to be able to run lists and checks on that machine, you'll need a configuration file that specifies your repository and the checks you want to run on it. But you won't need, for instance, any source_directories since you presumably won't be initiating any backups from that machine.

As I mentioned earlier, the issue is actually occurring on the production server, where I intend to run borgmatic to push backups to the repository computer.

Hey @witten it's been a while, > why it's stubbornly refusing to work on the computer with your repository Actually, I executed `borgmatic list` on the production computer, where I created **config.yaml** and specified the path to the repository and SSH. It is showing that error on the production computer, although `borgmatic validate config` shows success. > Is there a reason why you're installing borgmatic on your repository machine? You definitely need Borg there I had no idea about that. I thought it was mandatory, so can I leave it as is for now, or should I remove Borgmatic from the repo machine? > If you do want to be able to run borgmatic on the repository machine, then you'll need at least a minimal configuration file there. For instance, if you only want to be able to run lists and checks on that machine, you'll need a configuration file that specifies your repository and the checks you want to run on it. But you won't need, for instance, any source_directories since you presumably won't be initiating any backups from that machine. As I mentioned earlier, the issue is actually occurring on the production server, where I intend to run borgmatic to push backups to the repository computer.
witten commented 2025-09-18 19:35:20 +00:00
Owner
Copy Link

Oh, my misunderstanding then. When you created config.yaml, where did you put it? For instance, is it at /etc/borgmatic/config.yaml or one of the other locations borgmatic is probing? Does it work if you specify --config config.yaml or whatever the path is to the file?

Also, do you get any more details if you specify --verbosity 2?

Oh, my misunderstanding then. When you created `config.yaml`, where did you put it? For instance, is it at `/etc/borgmatic/config.yaml` or one of the other locations borgmatic is probing? Does it work if you specify `--config config.yaml` or whatever the path is to the file? Also, do you get any more details if you specify `--verbosity 2`?
elhananjair commented 2025-09-19 06:37:25 +00:00
Author
Copy Link

Yes, I have created/generated it in /etc/borgmatic/config.yaml, checking with borgmatic validate config it shows no error, but the error indicates that something is wrong in the config file...

This is what a sample of the config, maybe in case I have done it wrong

# List of source directories and files to back up. Globs and tildes
# are expanded. Do not backslash spaces in path names.
source_directories:
    - /var/cells
    - /etc/borgmatic/config.yaml

# A required list of local or remote repositories with paths and
# optional labels (which can be used with the --repository flag to
# select a repository). Tildes are expanded. Multiple repositories are
# backed up to in sequence. Borg placeholders can be used. See the
# output of "borg help placeholders" for details. See ssh_command for
# SSH options like identity file or port. If systemd service is used,
# then add local repository paths in the systemd service file to the
# ReadWritePaths list.
repositories:
    # The local path or Borg URL of the repository.
    - path: ssh://prod_admin@repobk.net/home/repo_admin/DRP

      # An optional label for the repository, used in logging
      # and to make selecting the repository easier on the
      # command-line.
      # label: backupserver

image.png

Yes, I have created/generated it in `/etc/borgmatic/config.yaml`, checking with `borgmatic validate config` it shows no error, but the error indicates that something is wrong in the config file... This is what a sample of the config, maybe in case I have done it wrong ``` # List of source directories and files to back up. Globs and tildes # are expanded. Do not backslash spaces in path names. source_directories: - /var/cells - /etc/borgmatic/config.yaml # A required list of local or remote repositories with paths and # optional labels (which can be used with the --repository flag to # select a repository). Tildes are expanded. Multiple repositories are # backed up to in sequence. Borg placeholders can be used. See the # output of "borg help placeholders" for details. See ssh_command for # SSH options like identity file or port. If systemd service is used, # then add local repository paths in the systemd service file to the # ReadWritePaths list. repositories: # The local path or Borg URL of the repository. - path: ssh://prod_admin@repobk.net/home/repo_admin/DRP # An optional label for the repository, used in logging # and to make selecting the repository easier on the # command-line. # label: backupserver ``` ![image.png](/attachments/b774f214-4ec6-42f4-8366-5a0b7fd5b875)
image.png
36 KiB
elhananjair commented 2025-09-19 12:57:49 +00:00
Author
Copy Link

Here is the contents of config.yaml

# Constants to use in the configuration file. Within option values,
# all occurrences of the constant name in curly braces will be
# replaced with the constant value. For example, if you have a
# constant named "app_name" with the value "myapp", then the string
# "{app_name}" will be replaced with "myapp" in the configuration
# file.
# constants:
    # app_name: myapp
    # user: myuser
 
# List of source directories and files to back up. Globs and tildes
# are expanded. Do not backslash spaces in path names.
source_directories:
   - /var/cells
    - /etc/borgmatic/config.yaml
 
# A required list of local or remote repositories with paths and
# optional labels (which can be used with the --repository flag to
# select a repository). Tildes are expanded. Multiple repositories are
# backed up to in sequence. Borg placeholders can be used. See the
# output of "borg help placeholders" for details. See ssh_command for
# SSH options like identity file or port. If systemd service is used,
# then add local repository paths in the systemd service file to the
# ReadWritePaths list.
repositories:
   # The local path or Borg URL of the repository.
    - path: ssh://prod_admin@repo.myorg/./home/liyu_admin/DRP
 
      # An optional label for the repository, used in logging
      # and to make selecting the repository easier on the
      # command-line.
      # label: backupserver
 
      # The encryption mode with which to create the repository,
      # only used for the repo-create action. To see the
      # available encryption modes, run "borg init --help" with
      # Borg 1 or "borg repo-create --help" with Borg 2.
      # encryption: repokey-blake2
 
      # Whether the repository should be created append-only,
      # only used for the repo-create action. Defaults to false.
      # append_only: true
 
      # The storage quota with which to create the repository,
      # only used for the repo-create action. Defaults to no
      # quota.
      # storage_quota: 5G
 
      # Whether any missing parent directories of the repository
      # path should be created, only used for the repo-create
      # action. Defaults to false.
      # make_parent_directories: true
 
# Working directory to use when running actions, useful for backing up
# using relative source directory paths. Does not currently apply to
# borgmatic configuration file paths or includes. Tildes are expanded.
# See http://borgbackup.readthedocs.io/en/stable/usage/create.html for
# details. Defaults to not set.
# working_directory: /path/to/working/directory
 
# Stay in same file system; do not cross mount points beyond the given
# source directories. Defaults to false.
# one_file_system: true
 
# Only store/extract numeric user and group identifiers. Defaults to
# false.
# numeric_ids: true
 
# Store atime into archive. Defaults to true in Borg < 1.2, false in
# Borg 1.2+.
# atime: false
 
# Store ctime into archive. Defaults to true.
# ctime: false
 
# Store birthtime (creation date) into archive. Defaults to true.
# birthtime: false
 
# Use Borg's --read-special flag to allow backup of block and other
# special devices. Use with caution, as it will lead to problems if
# used when backing up special devices such as /dev/zero. Defaults to
# false. But when a database hook is used, the setting here is ignored
# and read_special is considered true.
# read_special: true
 
# Record filesystem flags (e.g. NODUMP, IMMUTABLE) in archive.
# Defaults to true.
# flags: false
 
# Mode in which to operate the files cache. See
# http://borgbackup.readthedocs.io/en/stable/usage/create.html for
# details. Defaults to "ctime,size,inode".
# files_cache: ctime,size,inode
 
# Alternate Borg local executable. Defaults to "borg".
# local_path: borg1
 
# Alternate Borg remote executable. Defaults to "borg".
# remote_path: borg1
 
# Any paths matching these patterns are included/excluded from
# backups. Globs are expanded. (Tildes are not.) See the output of
# "borg help patterns" for more details. Quote any value if it
# contains leading punctuation, so it parses correctly.
# patterns:
    # - R /
    # - '- /home/*/.cache'
    # - + /home/susan
    # - '- /home/*'
 
# Read include/exclude patterns from one or more separate named files,
# one pattern per line. See the output of "borg help patterns" for
# more details.
# patterns_from:
    # - /etc/borgmatic/patterns
 
# Any paths matching these patterns are excluded from backups. Globs
# and tildes are expanded. Note that a glob pattern must either start
# with a glob or be an absolute path. Do not backslash spaces in path
# names. See the output of "borg help patterns" for more details.
# exclude_patterns:
    # - '*.pyc'
    # - /home/*/.cache
    # - '*/.vim*.tmp'
    # - /etc/ssl
    # - /home/user/path with spaces
 
# Read exclude patterns from one or more separate named files, one
# pattern per line. See the output of "borg help patterns" for more
# details.
# exclude_from:
    # - /etc/borgmatic/excludes
 
# Exclude directories that contain a CACHEDIR.TAG file. See
# http://www.brynosaurus.com/cachedir/spec.html for details. Defaults
# to false.
# exclude_caches: true
 
# Exclude directories that contain a file with the given filenames.
# Defaults to not set.
# exclude_if_present:
    # - .nobackup
 
# If true, the exclude_if_present filename is included in backups.
# Defaults to false, meaning that the exclude_if_present filename is
# omitted from backups.
# keep_exclude_tags: true
 
# Exclude files with the NODUMP flag. Defaults to false.
# exclude_nodump: true
 
# Deprecated. Only used for locating database dumps and bootstrap
# metadata within backup archives created prior to deprecation.
# Replaced by user_runtime_directory and user_state_directory.
# Defaults to ~/.borgmatic
# borgmatic_source_directory: /tmp/borgmatic
 
# Path for storing temporary runtime data like streaming database
# dumps and bootstrap metadata. borgmatic automatically creates and
# uses a "borgmatic" subdirectory here. Defaults to $XDG_RUNTIME_DIR
# or or $TMPDIR or $TEMP or /run/user/$UID.
# user_runtime_directory: /run/user/1001
 
# Path for storing borgmatic state files like records of when checks
# last ran. borgmatic automatically creates and uses a "borgmatic"
# subdirectory here. If you change this option, borgmatic must
# create the check records again (and therefore re-run checks).
# Defaults to $XDG_STATE_HOME or ~/.local/state.
# user_state_directory: /var/lib/borgmatic
 
# If true, then source directories (and root pattern paths) must
# exist. If they don't, an error is raised. Defaults to false.
# source_directories_must_exist: true
 
# The standard output of this command is used to unlock the encryption
# key. Only use on repositories that were initialized with
# passcommand/repokey/keyfile encryption. Note that if both
# encryption_passcommand and encryption_passphrase are set, then
# encryption_passphrase takes precedence. This can also be used to
# access encrypted systemd service credentials. Defaults to not set.
# For more details, see:
# https://torsion.org/borgmatic/docs/how-to/provide-your-passwords/
# encryption_passcommand: secret-tool lookup borg-repository repo-name
 
# Passphrase to unlock the encryption key with. Only use on
# repositories that were initialized with passphrase/repokey/keyfile
# encryption. Quote the value if it contains punctuation, so it parses
# correctly. And backslash any quote or backslash literals as well.
# Defaults to not set. Supports the "{credential ...}" syntax.
# encryption_passphrase: "!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~"
 
# Number of seconds between each checkpoint during a long-running
# backup. See https://borgbackup.readthedocs.io/en/stable/faq.html for
# details. Defaults to checkpoints every 1800 seconds (30 minutes).
# checkpoint_interval: 1800
 
# Number of backed up bytes between each checkpoint during a
# long-running backup. Only supported with Borg 2+. See
# https://borgbackup.readthedocs.io/en/stable/faq.html for details.
# Defaults to only time-based checkpointing (see
# "checkpoint_interval") instead of volume-based checkpointing.
# checkpoint_volume: 1048576
 
# Specify the parameters passed to the chunker (CHUNK_MIN_EXP,
# CHUNK_MAX_EXP, HASH_MASK_BITS, HASH_WINDOW_SIZE). See
# https://borgbackup.readthedocs.io/en/stable/internals.html for
# details. Defaults to "19,23,21,4095".
# chunker_params: 19,23,21,4095
 
# Type of compression to use when creating archives. (Compression
# level can be added separated with a comma, like "zstd,7".) See
# http://borgbackup.readthedocs.io/en/stable/usage/create.html for
# details. Defaults to "lz4".
# compression: lz4
 
# Mode for recompressing data chunks according to MODE.
# Possible modes are:
#  * "if-different": Recompress if the current compression
# is with a different compression algorithm.
#  * "always": Recompress even if the current compression
# is with the same compression algorithm. Use this to change
# the compression level.
#  * "never": Do not recompress. Use this option to explicitly
# prevent recompression.
# See https://borgbackup.readthedocs.io/en/stable/usage/recreate.html
# for details. Defaults to "never".
# recompress: if-different
 
# Remote network upload rate limit in kiBytes/second. Defaults to
# unlimited.
# upload_rate_limit: 100
 
# Size of network upload buffer in MiB. Defaults to no buffer.
# upload_buffer_size: 160
 
# Number of times to retry a failing backup before giving up. Defaults
# to 0 (i.e., does not attempt retry).
# retries: 3
 
# Wait time between retries (in seconds) to allow transient issues
# to pass. Increases after each retry by that same wait time as a
# form of backoff. Defaults to 0 (no wait).
# retry_wait: 10
 
# Directory where temporary Borg files are stored. Defaults to
# $TMPDIR. See "Resource Usage" at
# https://borgbackup.readthedocs.io/en/stable/usage/general.html for
# details.
# temporary_directory: /path/to/tmpdir
 
# Command to use instead of "ssh". This can be used to specify ssh
# options. Defaults to not set.
# ssh_command: ssh -i /path/to/private/key
 
# Base path used for various Borg directories. Defaults to $HOME,
# ~$USER, or ~.
# borg_base_directory: /path/to/base
 
# Path for Borg configuration files. Defaults to
# $borg_base_directory/.config/borg
# borg_config_directory: /path/to/base/config
 
# Path for Borg cache files. Defaults to
# $borg_base_directory/.cache/borg
# borg_cache_directory: /path/to/base/cache
 
# Enables or disables the use of chunks.archive.d for faster cache
# resyncs in Borg. If true, value is set to "yes" (default) else
# it's set to "no", reducing disk usage but slowing resyncs.
# use_chunks_archive: true
 
# Maximum time to live (ttl) for entries in the Borg files cache.
# borg_files_cache_ttl: 20
 
# Path for Borg security and encryption nonce files. Defaults to
# $borg_base_directory/.config/borg/security
# borg_security_directory: /path/to/base/config/security
 
# Path for Borg encryption key files. Defaults to
# $borg_base_directory/.config/borg/keys
# borg_keys_directory: /path/to/base/config/keys
 
# A list of Borg exit codes that should be elevated to errors or
# squashed to warnings as indicated. By default, Borg error exit codes
# (2 to 99) are treated as errors while warning exit codes (1 and
# 100+) are treated as warnings. Exit codes other than 1 and 2 are
# only present in Borg 1.4.0+.
# borg_exit_codes:
    # The exit code for an existing Borg warning or error.
    # - code: 100
 
      # Whether to consider the exit code as an error or as a
      # warning in borgmatic.
      # treat_as: error
 
# Umask used for when executing Borg or calling hooks. Defaults to
# 0077 for Borg or the umask that borgmatic is run with for hooks.
# umask: 77
 
# Maximum seconds to wait for acquiring a repository/cache lock.
# Defaults to 1.
# lock_wait: 5
 
# Name of the archive to create. Borg placeholders can be used. See
# the output of "borg help placeholders" for details. Defaults to
# "{hostname}-{now:%Y-%m-%dT%H:%M:%S.%f}" with Borg 1 and
# "{hostname}" with Borg 2, as Borg 2 does not require unique
# archive names; identical archive names form a common "series" that
# can be targeted together. When running actions like repo-list,
# info, or check, borgmatic automatically tries to match only
# archives created with this name format.
# archive_name_format: '{hostname}-documents-{now}'
 
# A Borg pattern for filtering down the archives used by borgmatic
# actions that operate on multiple archives. For Borg 1.x, use a shell
# pattern here and see the output of "borg help placeholders" for
# details. For Borg 2.x, see the output of "borg help match-archives".
# If match_archives is not specified, borgmatic defaults to deriving
# the match_archives value from archive_name_format.
# match_archives: sh:{hostname}-*
 
# Bypass Borg error about a repository that has been moved. Defaults
# to false.
# relocated_repo_access_is_ok: true
 
# Bypass Borg error about a previously unknown unencrypted repository.
# Defaults to false.
# unknown_unencrypted_repo_access_is_ok: true
 
# Bypass Borg confirmation about check with repair option. Defaults to
# false and an interactive prompt from Borg.
# check_i_know_what_i_am_doing: true
 
# Additional options to pass directly to particular Borg commands,
# handy for Borg options that borgmatic does not yet support natively.
# Note that borgmatic does not perform any validation on these
# options. Running borgmatic with "--verbosity 2" shows the exact Borg
# command-line invocation.
# extra_borg_options:
    # Extra command-line options to pass to "borg init".
    # init: --extra-option
 
    # Extra command-line options to pass to "borg create".
    # create: --extra-option
 
    # Extra command-line options to pass to "borg prune".
    # prune: --extra-option
 
    # Extra command-line options to pass to "borg compact".
    # compact: --extra-option
 
    # Extra command-line options to pass to "borg check".
    # check: --extra-option
 
# Keep all archives within this time interval. See "skip_actions" for
# disabling pruning altogether.
keep_within: 1d
 
# Number of secondly archives to keep.
# keep_secondly: 60
 
# Number of minutely archives to keep.
# keep_minutely: 60
 
# Number of hourly archives to keep.
# keep_hourly: 24
 
# Number of daily archives to keep.
keep_daily: 1
 
# Number of weekly archives to keep.
keep_weekly: 2
 
# Number of monthly archives to keep.
keep_monthly: 2
 
# Number of yearly archives to keep.
# keep_yearly: 1
 
# Number of quarterly archives to keep (13 week strategy).
# keep_13weekly: 13
 
# Number of quarterly archives to keep (3 month strategy).
# keep_3monthly: 3
 
# Deprecated. When pruning or checking archives, only consider archive
# names starting with this prefix. Borg placeholders can be used. See
# the output of "borg help placeholders" for details. If a prefix is
# not specified, borgmatic defaults to matching archives based on the
# archive_name_format (see above).
# prefix: sourcehostname
 
# Minimum saved space percentage threshold for compacting a segment,
# defaults to 10.
# compact_threshold: 20
 
# List of one or more consistency checks to run on a periodic basis
# (if "frequency" is set) or every time borgmatic runs checks (if
# "frequency" is omitted).
# checks:
    # Name of the consistency check to run:
    #  * "repository" checks the consistency of the
    # repository.
    #  * "archives" checks all of the archives.
    #  * "data" verifies the integrity of the data
    # within the archives and implies the "archives"
    # check as well.
    #  * "spot" checks that some percentage of source
    # files are found in the most recent archive (with
    # identical contents).
    #  * "extract" does an extraction dry-run of the
    # most recent archive.
    #  * See "skip_actions" for disabling checks
    # altogether.
    # - name: repository
 
      # How frequently to run this type of consistency
      # check (as a best effort). The value is a number
      # followed by a unit of time. E.g., "2 weeks" to
      # run this consistency check no more than every
      # two weeks for a given repository or "1 month" to
      # run it no more than monthly. Defaults to
      # "always": running this check every time checks
      # are run.
      # frequency: 2 weeks
 
      # After the "frequency" duration has elapsed, only
      # run this check if the current day of the week
      # matches one of these values (the name of a day of
      # the week in the current locale). "weekday" and
      # "weekend" are also accepted. Defaults to running
      # the check on any day of the week.
      # only_run_on:
          # - Saturday
          # - Sunday
 
      # How many seconds to check the repository before
      # interrupting the check. Useful for splitting a
      # long-running repository check into multiple
      # partial checks. Defaults to no interruption. Only
      # applies to the "repository" check, does not check
      # the repository index and is not compatible with
      # the "--repair" flag.
      # max_duration: 3600
 
      # The percentage delta between the source
      # directories file count and the most recent backup
      # archive file count that is allowed before the
      # entire consistency check fails. This can catch
      # problems like incorrect excludes, inadvertent
      # deletes, etc. Required (and only valid) for the
      # "spot" check.
      # count_tolerance_percentage: 10
 
      # The percentage of total files in the source
      # directories to randomly sample and compare to
      # their corresponding files in the most recent
      # backup archive. Required (and only valid) for the
      # "spot" check.
      # data_sample_percentage: 1
 
      # The percentage of total files in the source
      # directories that can fail a spot check comparison
      # without failing the entire consistency check. This
      # can catch problems like source files that have
      # been bulk-changed by malware, backups that have
      # been tampered with, etc. The value must be lower
      # than or equal to the "contents_sample_percentage".
      # Required (and only valid) for the "spot" check.
      # data_tolerance_percentage: 0.5
 
      # Command to use instead of "xxh64sum" to hash
      # source files, usually found in an OS package named
      # "xxhash". Do not substitute with a different hash
      # type (SHA, MD5, etc.) or the check will never
      # succeed. Only valid for the "spot" check.
      # xxh64sum_command: /usr/local/bin/xxh64sum
 
# Paths or labels for a subset of the configured "repositories" (see
# above) on which to run consistency checks. Handy in case some of
# your repositories are very large, and so running consistency checks
# on them would take too long. Defaults to running consistency checks
# on all configured repositories.
# check_repositories:
    # - user@backupserver:sourcehostname.borg
 
# Restrict the number of checked archives to the last n. Applies only
# to the "archives" check. Defaults to checking all archives.
# check_last: 3
 
# Apply color to console output. Defaults to true.
# color: false
 
# Display verbose output to the console: -2 (disabled), -1 (errors
# only), 0 (warnings and responses to actions, the default), 1 (info
# about steps borgmatic is taking), or 2 (debug).
# verbosity: 2
 
# Log verbose output to syslog: -2 (disabled, the default), -1 (errors
# only), 0 (warnings and responses to actions), 1 (info about steps
# borgmatic is taking), or 2 (debug).
# syslog_verbosity: 2
 
# Log verbose output to file: -2 (disabled), -1 (errors only), 0
# (warnings and responses to actions), 1 (info about steps borgmatic
# is taking, the default), or 2 (debug).
# log_file_verbosity: 2
 
# Write log messages to the file at this path.
# log_file: /var/log/borgmatic/logfile.txt
 
# Python format string used for log messages written to the log file.
# log_file_format: '[{asctime}] {levelname}: {prefix}{message}'
 
# When a monitoring integration supporting logging is configured, log
# verbose output to it: -2 (disabled), -1 (errors only), 0 (warnings
# and responses to actions), 1 (info about steps borgmatic is taking,
# the default), or 2 (debug).
# monitoring_verbosity: 2
 
# Write Borg log messages and console output as one JSON object per
# log line instead of formatted text. Defaults to false.
# log_json: true
 
# Display progress as each file or archive is processed when running
# supported actions. Corresponds to the "--progress" flag on those
# actions. Defaults to false.
# progress: true
 
# Display statistics for an archive when running supported actions.
# Corresponds to the "--stats" flag on those actions. Defaults to
# false.
# statistics: true
 
# Display details for each file or archive as it is processed when
# running supported actions. Corresponds to the "--list" flag on those
# actions. Defaults to false.
# list_details: true
 
# Whether to apply default actions (create, prune, compact and check)
# when no arguments are supplied to the borgmatic command. If set to
# false, borgmatic displays the help message instead.
# default_actions: true
 
# List of one or more actions to skip running for this configuration
# file, even if specified on the command-line (explicitly or
# implicitly). This is handy for append-only configurations where you
# never want to run "compact" or checkless configuration where you
# want to skip "check". Defaults to not skipping any actions.
# skip_actions:
    # - compact
 
# Deprecated. Use "commands:" instead. List of one or more shell
# commands or scripts to execute before all the actions for each
# repository.
# before_actions:
    # - echo Starting actions.
 
# Deprecated. Use "commands:" instead. List of one or more shell
# commands or scripts to execute before creating a backup, run once
# per repository.
# before_backup:
    # - echo Starting a backup.
 
# Deprecated. Use "commands:" instead. List of one or more shell
# commands or scripts to execute before pruning, run once per
# repository.
# before_prune:
    # - echo Starting pruning.
 
# Deprecated. Use "commands:" instead. List of one or more shell
# commands or scripts to execute before compaction, run once per
# repository.
# before_compact:
    # - echo Starting compaction.
 
# Deprecated. Use "commands:" instead. List of one or more shell
# commands or scripts to execute before consistency checks, run once
# per repository.
# before_check:
    # - echo Starting checks.
 
# Deprecated. Use "commands:" instead. List of one or more shell
# commands or scripts to execute before extracting a backup, run once
# per repository.
# before_extract:
    # - echo Starting extracting.
 
# Deprecated. Use "commands:" instead. List of one or more shell
# commands or scripts to execute after creating a backup, run once per
# repository.
# after_backup:
    # - echo Finished a backup.
 
# Deprecated. Use "commands:" instead. List of one or more shell
# commands or scripts to execute after compaction, run once per
# repository.
# after_compact:
    # - echo Finished compaction.
 
# Deprecated. Use "commands:" instead. List of one or more shell
# commands or scripts to execute after pruning, run once per
# repository.
# after_prune:
    # - echo Finished pruning.
 
# Deprecated. Use "commands:" instead. List of one or more shell
# commands or scripts to execute after consistency checks, run once
# per repository.
# after_check:
    # - echo Finished checks.
 
# Deprecated. Use "commands:" instead. List of one or more shell
# commands or scripts to execute after extracting a backup, run once
# per repository.
# after_extract:
    # - echo Finished extracting.
 
# Deprecated. Use "commands:" instead. List of one or more shell
# commands or scripts to execute after all actions for each
# repository.
# after_actions:
    # - echo Finished actions.
 
# Deprecated. Use "commands:" instead. List of one or more shell
# commands or scripts to execute when an exception occurs during a
# "create", "prune", "compact", or "check" action or an associated
# before/after hook.
# on_error:
    # - echo Error during create/prune/compact/check.
 
# Deprecated. Use "commands:" instead. List of one or more shell
# commands or scripts to execute before running all actions (if one of
# them is "create"). These are collected from all configuration files
# and then run once before all of them (prior to all actions).
# before_everything:
    # - echo Starting actions.
 
# Deprecated. Use "commands:" instead. List of one or more shell
# commands or scripts to execute after running all actions (if one of
# them is "create"). These are collected from all configuration files
# and then run once after all of them (after any action).
# after_everything:
    # - echo Completed actions.
 
# List of one or more command hooks to execute, triggered at
# particular points during borgmatic's execution. For each command
# hook, specify one of "before" or "after", not both.
commands:
   # Name for the point in borgmatic's execution that
    # the commands should be run before (required if
    # "after" isn't set):
    #  * "action" runs before each action for each
    # repository.
    #  * "repository" runs before all actions for each
    # repository.
    #  * "configuration" runs before all actions and
    # repositories in the current configuration file.
    #  * "everything" runs before all configuration
    # files.
    - before: action
 
      # Name for the point in borgmatic's execution that
      # the commands should be run after (required if
      # "before" isn't set):
      #  * "action" runs after each action for each
      # repository.
      #  * "repository" runs after all actions for each
      # repository.
      #  * "configuration" runs after all actions and
      # repositories in the current configuration file.
      #  * "everything" runs after all configuration
      # files.
      #  * "error" runs after an error occurs.
      # after: action
 
      # Only trigger the hook when borgmatic is run with
      # particular actions listed here. Defaults to
      # running for all actions.
      when:
         - create
          # - prune
          # - compact
          # - check
 
      # List of one or more shell commands or scripts to
      # run when this command hook is triggered. Required.
      run:
         - echo "Stoping DMS for backup..."
          - systemctl stop cells.service
 
      # Only trigger the hook if borgmatic encounters one
      # of the states (execution results) listed here,
      # where:
      #  * "finish": No errors occurred.
      #  * "fail": An error occurred.
      # This state is evaluated only for the scope of the
      # configured "action", "repository", etc., rather
      # than for the entire borgmatic run. Only available
      # for "after" hooks. Defaults to running the hook
      # for all states.
      # states:
          # - finish
    - after: action
      when:
         - create
      states:
         - finish
      run:
         - echo "Completed the backup."
          - systemctl start cells.service
# Support for the "borgmatic bootstrap" action, used to extract
# borgmatic configuration files from a backup archive.
# bootstrap:
    # Store configuration files used to create a backup inside the
    # backup itself. Defaults to true. Changing this to false
    # prevents "borgmatic bootstrap" from extracting configuration
    # files from the backup.
    # store_config_files: false
 
# List of one or more PostgreSQL databases to dump before creating a
# backup, run once per configuration file. The database dumps are
# added to your source directories at runtime and streamed directly
# to Borg. Requires pg_dump/pg_dumpall/pg_restore commands. See
# https://www.postgresql.org/docs/current/app-pgdump.html and
# https://www.postgresql.org/docs/current/libpq-ssl.html for
# details.
# postgresql_databases:
    # Database name (required if using this hook). Or "all" to
    # dump all databases on the host. (Also set the "format"
    # to dump each database to a separate file instead of one
    # combined file.) Note that using this database hook
    # implicitly enables read_special (see above) to support
    # dump and restore streaming.
    # - name: users
 
      # Database hostname to connect to. Defaults to connecting
      # via local Unix socket.
      # hostname: database.example.org
 
      # Database hostname to restore to. Defaults to the
      # "hostname" option.
      # restore_hostname: database.example.org
 
      # Port to connect to. Defaults to 5432.
      # port: 5433
 
      # Port to restore to. Defaults to the "port" option.
      # restore_port: 5433
 
      # Username with which to connect to the database. Defaults
      # to the username of the current user. You probably want
      # to specify the "postgres" superuser here when the
      # database name is "all". Supports the "{credential ...}"
      # syntax.
      # username: dbuser
 
      # Username with which to restore the database. Defaults to
      # the "username" option. Supports the "{credential ...}"
      # syntax.
      # restore_username: dbuser
 
      # Password with which to connect to the database. Omitting
      # a password will only work if PostgreSQL is configured to
      # trust the configured username without a password or you
      # create a ~/.pgpass file. Supports the "{credential ...}"
      # syntax.
      # password: trustsome1
 
      # Password with which to connect to the restore database.
      # Defaults to the "password" option. Supports the
      # "{credential ...}" syntax.
      # restore_password: trustsome1
 
      # Do not output commands to set ownership of objects to
      # match the original database. By default, pg_dump and
      # pg_restore issue ALTER OWNER or SET SESSION
      # AUTHORIZATION statements to set ownership of created
      # schema elements. These statements will fail unless the
      # initial connection to the database is made by a
      # superuser.
      # no_owner: true
 
      # Database dump output format. One of "plain", "custom",
      # "directory", or "tar". Defaults to "custom" (unlike raw
      # pg_dump) for a single database. Or, when database name
      # is "all" and format is blank, dumps all databases to a
      # single file. But if a format is specified with an "all"
      # database name, dumps each database to a separate file of
      # that format, allowing more convenient restores of
      # individual databases. See the pg_dump documentation for
      # more about formats.
      # format: directory
 
      # Database dump compression level (integer) or method
      # ("gzip", "lz4", "zstd", or "none") and optional
      # colon-separated detail. Defaults to moderate "gzip" for
      # "custom" and "directory" formats and no compression for
      # the "plain" format. Compression is not supported for the
      # "tar" format. Be aware that Borg does its own
      # compression as well, so you may not need it in both
      # places.
      # compression: none
 
      # SSL mode to use to connect to the database server. One
      # of "disable", "allow", "prefer", "require", "verify-ca"
      # or "verify-full". Defaults to "disable".
      # ssl_mode: require
 
      # Path to a client certificate.
      # ssl_cert: /root/.postgresql/postgresql.crt
 
      # Path to a private client key.
      # ssl_key: /root/.postgresql/postgresql.key
 
      # Path to a root certificate containing a list of trusted
      # certificate authorities.
      # ssl_root_cert: /root/.postgresql/root.crt
 
      # Path to a certificate revocation list.
      # ssl_crl: /root/.postgresql/root.crl
 
      # Command to use instead of "pg_dump" or "pg_dumpall".
      # This can be used to run a specific pg_dump version
      # (e.g., one inside a running container). If you run it
      # from within a container, make sure to mount the path in
      # the "user_runtime_directory" option from the host into
      # the container at the same location. Defaults to
      # "pg_dump" for single database dump or "pg_dumpall" to
      # dump all databases.
      # pg_dump_command: docker exec my_pg_container pg_dump
 
      # Command to use instead of "pg_restore". This can be used
      # to run a specific pg_restore version (e.g., one inside a
      # running container). Defaults to "pg_restore".
      # pg_restore_command: docker exec my_pg_container pg_restore
 
      # Command to use instead of "psql". This can be used to
      # run a specific psql version (e.g., one inside a running
      # container). Defaults to "psql".
      # psql_command: docker exec my_pg_container psql
 
      # Additional pg_dump/pg_dumpall options to pass directly
      # to the dump command, without performing any validation
      # on them. See pg_dump documentation for details.
      # options: --role=someone
 
      # Additional psql options to pass directly to the psql
      # command that lists available databases, without
      # performing any validation on them. See psql
      # documentation for details.
      # list_options: --role=someone
 
      # Additional pg_restore/psql options to pass directly to
      # the restore command, without performing any validation
      # on them. See pg_restore/psql documentation for details.
      # restore_options: --role=someone
 
      # Additional psql options to pass directly to the analyze
      # command run after a restore, without performing any
      # validation on them. See psql documentation for details.
      # analyze_options: --role=someone
 
# List of one or more MariaDB databases to dump before creating a
# backup, run once per configuration file. The database dumps are
# added to your source directories at runtime and streamed directly
# to Borg. Requires mariadb-dump/mariadb commands. See
# https://mariadb.com/kb/en/library/mysqldump/ for details.
mariadb_databases:
   # Database name (required if using this hook). Or "all" to
    # dump all databases on the host. Note that using this
    # database hook implicitly enables read_special (see
    # above) to support dump and restore streaming.
    - name: cells
 
      # Database hostname to connect to. Defaults to connecting
      # via local Unix socket.
      hostname: localhost
 
      # Database hostname to restore to. Defaults to the
      # "hostname" option.
      # restore_hostname: database.example.org
 
      # Port to connect to. Defaults to 3306.
      port: 3306
 
      # Port to restore to. Defaults to the "port" option.
      # restore_port: 5433
 
      # Username with which to connect to the database. Defaults
      # to the username of the current user. Supports the
      # "{credential ...}" syntax.
      username: pydio
 
      # Username with which to restore the database. Defaults to
      # the "username" option. Supports the "{credential ...}"
      # syntax.
      # restore_username: dbuser
 
      # Password with which to connect to the database. Omitting
      # a password will only work if MariaDB is configured to
      # trust the configured username without a password.
      # Supports the "{credential ...}" syntax.
      password: mypass
 
      # Password with which to connect to the restore database.
      # Defaults to the "password" option. Supports the
      # "{credential ...}" syntax.
      # restore_password: trustsome1
 
      # How to transmit database passwords from borgmatic to the
      # MariaDB client, one of:
      #  * "pipe": Securely transmit passwords via anonymous
      #    pipe. Only works if the database client is on the
      #    same host as borgmatic. (The server can be
      #    somewhere else.) This is the default value.
      #  * "environment": Transmit passwords via environment
      #    variable. Potentially less secure than a pipe, but
      #    necessary when the database client is elsewhere, e.g.
      #    when "mariadb_dump_command" is configured to "exec"
      #    into a container and run a client there.
      # password_transport:
 
      # Whether to TLS-encrypt data transmitted between the
      # client and server. The default varies based on the
      # MariaDB version.
      # tls: false
 
      # Whether to TLS-encrypt data transmitted between the
      # client and restore server. The default varies based on
      # the MariaDB version.
      # restore_tls: false
 
      # Command to use instead of "mariadb-dump". This can be
      # used to run a specific mariadb_dump version (e.g., one
      # inside a running container). If you run it from within a
      # container, make sure to mount the path in the
      # "user_runtime_directory" option from the host into the
      # container at the same location. Defaults to
      # "mariadb-dump".
      # mariadb_dump_command: docker exec mariadb_container mariadb-dump
 
      # Command to run instead of "mariadb". This can be used to
      # run a specific mariadb version (e.g., one inside a
      # running container). Defaults to "mariadb".
      # mariadb_command: docker exec mariadb_container mariadb
 
      # Database dump output format. Currently only "sql" is
      # supported. Defaults to "sql" for a single database. Or,
      # when database name is "all" and format is blank, dumps
      # all databases to a single file. But if a format is
      # specified with an "all" database name, dumps each
      # database to a separate file of that format, allowing
      # more convenient restores of individual databases.
      # format: directory
 
      # Use the "--add-drop-database" flag with mariadb-dump,
      # causing the database to be dropped right before restore.
      # Defaults to true.
      # add_drop_database: false
 
      # Additional mariadb-dump options to pass directly to the
      # dump command, without performing any validation on them.
      # See mariadb-dump documentation for details.
      # options: --skip-comments
 
      # Additional options to pass directly to the mariadb
      # command that lists available databases, without
      # performing any validation on them. See mariadb command
      # documentation for details.
      # list_options: --defaults-extra-file=mariadb.cnf
 
      # Additional options to pass directly to the mariadb
      # command that restores database dumps, without
      # performing any validation on them. See mariadb command
      # documentation for details.
      # restore_options: --defaults-extra-file=mariadb.cnf
 
# List of one or more MySQL databases to dump before creating a
# backup, run once per configuration file. The database dumps are
# added to your source directories at runtime and streamed directly
# to Borg. Requires mysqldump/mysql commands. See
# https://dev.mysql.com/doc/refman/8.0/en/mysqldump.html for
# details.
# mysql_databases:
    # Database name (required if using this hook). Or "all" to
    # dump all databases on the host. Note that using this
    # database hook implicitly enables read_special (see
    # above) to support dump and restore streaming.
    # - name: users
 
      # Database hostname to connect to. Defaults to connecting
      # via local Unix socket.
      # hostname: database.example.org
 
      # Database hostname to restore to. Defaults to the
      # "hostname" option.
      # restore_hostname: database.example.org
 
      # Port to connect to. Defaults to 3306.
      # port: 3307
 
      # Port to restore to. Defaults to the "port" option.
      # restore_port: 5433
 
      # Username with which to connect to the database. Defaults
      # to the username of the current user. Supports the
      # "{credential ...}" syntax.
      # username: dbuser
 
      # Username with which to restore the database. Defaults to
      # the "username" option. Supports the "{credential ...}"
      # syntax.
      # restore_username: dbuser
 
      # Password with which to connect to the database. Omitting
      # a password will only work if MySQL is configured to
      # trust the configured username without a password.
      # Supports the "{credential ...}" syntax.
      # password: trustsome1
 
      # Password with which to connect to the restore database.
      # Defaults to the "password" option. Supports the
      # "{credential ...}" syntax.
      # restore_password: trustsome1
 
      # How to transmit database passwords from borgmatic to the
      # MySQL client, one of:
      #  * "pipe": Securely transmit passwords via anonymous
      #    pipe. Only works if the database client is on the
      #    same host as borgmatic. (The server can be
      #    somewhere else.) This is the default value.
      #  * "environment": Transmit passwords via environment
      #    variable. Potentially less secure than a pipe, but
      #    necessary when the database client is elsewhere, e.g.
      #    when "mysql_dump_command" is configured to "exec"
      #    into a container and run a client there.
      # password_transport:
 
      # Whether to TLS-encrypt data transmitted between the
      # client and server. The default varies based on the
      # MySQL installation.
      # tls: false
 
      # Whether to TLS-encrypt data transmitted between the
      # client and restore server. The default varies based on
      # the MySQL installation.
      # restore_tls: false
 
      # Command to use instead of "mysqldump". This can be used
      # to run a specific mysql_dump version (e.g., one inside a
      # running container). If you run it from within a
      # container, make sure to mount the path in the
      # "user_runtime_directory" option from the host into the
      # container at the same location. Defaults to "mysqldump".
      # mysql_dump_command: docker exec mysql_container mysqldump
 
      # Command to run instead of "mysql". This can be used to
      # run a specific mysql version (e.g., one inside a running
      # container). Defaults to "mysql".
      # mysql_command: docker exec mysql_container mysql
 
      # Database dump output format. Currently only "sql" is
      # supported. Defaults to "sql" for a single database. Or,
      # when database name is "all" and format is blank, dumps
      # all databases to a single file. But if a format is
      # specified with an "all" database name, dumps each
      # database to a separate file of that format, allowing
      # more convenient restores of individual databases.
      # format: directory
 
      # Use the "--add-drop-database" flag with mysqldump,
      # causing the database to be dropped right before restore.
      # Defaults to true.
      # add_drop_database: false
 
      # Additional mysqldump options to pass directly to the
      # dump command, without performing any validation on them.
      # See mysqldump documentation for details.
      # options: --skip-comments
 
      # Additional options to pass directly to the mysql
      # command that lists available databases, without
      # performing any validation on them. See mysql command
      # documentation for details.
      # list_options: --defaults-extra-file=my.cnf
 
      # Additional options to pass directly to the mysql
      # command that restores database dumps, without
      # performing any validation on them. See mysql command
      # documentation for details.
      # restore_options: --defaults-extra-file=my.cnf
 
# List of one or more SQLite databases to dump before creating a
# backup, run once per configuration file. The database dumps are
# added to your source directories at runtime and streamed directly to
# Borg. Requires the sqlite3 command. See https://sqlite.org/cli.html
# for details.
# sqlite_databases:
    # This is used to tag the database dump file with a name.
    # It is not the path to the database file itself. The name
    # "all" has no special meaning for SQLite databases.
    # - name: users
 
      # Path to the SQLite database file to dump. If relative,
      # it is relative to the current working directory. Note
      # that using this database hook implicitly enables
      # read_special (see above) to support dump and restore
      # streaming.
      # path: /var/lib/sqlite/users.db
 
      # Path to the SQLite database file to restore to. Defaults
      # to the "path" option.
      # restore_path: /var/lib/sqlite/users.db
 
      # Command to use instead of "sqlite3". This can be used to
      # run a specific sqlite3 version (e.g., one inside a
      # running container). If you run it from within a
      # container, make sure to mount the path in the
      # "user_runtime_directory" option from the host into the
      # container at the same location. Defaults to "sqlite3".
      # sqlite_command: docker exec sqlite_container sqlite3
 
      # Command to run when restoring a database instead
      # of "sqlite3". This can be used to run a specific
      # sqlite3 version (e.g., one inside a running container).
      # Defaults to "sqlite3".
      # sqlite_restore_command: docker exec sqlite_container sqlite3
 
# List of one or more MongoDB databases to dump before creating a
# backup, run once per configuration file. The database dumps are
# added to your source directories at runtime and streamed directly
# to Borg. Requires mongodump/mongorestore commands. See
# https://docs.mongodb.com/database-tools/mongodump/ and
# https://docs.mongodb.com/database-tools/mongorestore/ for details.
# mongodb_databases:
    # Database name (required if using this hook). Or "all" to
    # dump all databases on the host. Note that using this
    # database hook implicitly enables read_special (see
    # above) to support dump and restore streaming.
    # - name: users
 
      # Database hostname to connect to. Defaults to connecting
      # to localhost.
      # hostname: database.example.org
 
      # Database hostname to restore to. Defaults to the
      # "hostname" option.
      # restore_hostname: database.example.org
 
      # Port to connect to. Defaults to 27017.
      # port: 27018
 
      # Port to restore to. Defaults to the "port" option.
      # restore_port: 5433
 
      # Username with which to connect to the database. Skip it
      # if no authentication is needed. Supports the
      # "{credential ...}" syntax.
      # username: dbuser
 
      # Username with which to restore the database. Defaults to
      # the "username" option. Supports the "{credential ...}"
      # syntax.
      # restore_username: dbuser
 
      # Password with which to connect to the database. Skip it
      # if no authentication is needed. Supports the
      # "{credential ...}" syntax.
      # password: trustsome1
 
      # Password with which to connect to the restore database.
      # Defaults to the "password" option. Supports the
      # "{credential ...}" syntax.
      # restore_password: trustsome1
 
      # Authentication database where the specified username
      # exists. If no authentication database is specified, the
      # database provided in "name" is used. If "name" is "all",
      # the "admin" database is used.
      # authentication_database: admin
 
      # Database dump output format. One of "archive", or
      # "directory". Defaults to "archive". See mongodump
      # documentation for details. Note that format is ignored
      # when the database name is "all".
      # format: directory
 
      # Additional mongodump options to pass directly to the
      # dump command, without performing any validation on them.
      # See mongodump documentation for details.
      # options: --dumpDbUsersAndRoles
 
      # Additional mongorestore options to pass directly to the
      # dump command, without performing any validation on them.
      # See mongorestore documentation for details.
      # restore_options: --restoreDbUsersAndRoles
 
      # Command to use instead of "mongodump". This can be used
      # to run a specific mongodump version (e.g., one inside a
      # running container). If you run it from within a
      # container, make sure to mount the path in the
      # "user_runtime_directory" option from the host into the
      # container at the same location.  Defaults to
      # "mongodump".
      # mongodump_command: docker exec mongodb_container mongodump
 
      # Command to run when restoring a database instead of
      # "mongorestore". This can be used to run a specific
      # mongorestore version (e.g., one inside a running
      # container). Defaults to "mongorestore".
      # mongorestore_command: docker exec mongodb_container mongorestore
 
# ntfy:
    # The topic to publish to. See https://ntfy.sh/docs/publish/
    # for details.
    # topic: topic
 
    # The address of your self-hosted ntfy.sh instance.
    # server: https://ntfy.your-domain.com
 
    # The username used for authentication. Supports the
    # "{credential ...}" syntax.
    # username: testuser
 
    # The password used for authentication. Supports the
    # "{credential ...}" syntax.
    # password: fakepassword
 
    # An ntfy access token to authenticate with instead of
    # username/password. Supports the "{credential ...}" syntax.
    # access_token: tk_AgQdq7mVBoFD37zQVN29RhuMzNIz2
 
    # start:
        # The title of the message.
        # title: Ping!
 
        # The message body to publish.
        # message: Your backups have failed.
 
        # The priority to set.
        # priority: urgent
 
        # Tags to attach to the message.
        # tags: incoming_envelope
 
    # finish:
        # The title of the message.
        # title: Ping!
 
        # The message body to publish.
        # message: Your backups have failed.
 
        # The priority to set.
        # priority: urgent
 
        # Tags to attach to the message.
        # tags: incoming_envelope
 
    # fail:
        # The title of the message.
        # title: Ping!
 
        # The message body to publish.
        # message: Your backups have failed.
 
        # The priority to set.
        # priority: urgent
 
        # Tags to attach to the message.
        # tags: incoming_envelope
 
    # List of one or more monitoring states to ping for: "start",
    # "finish", and/or "fail". Defaults to pinging for failure
    # only.
    # states:
        # - start
        # - finish
 
# pushover:
    # Your application's API token. Supports the "{credential
    # ...}" syntax.
    # token: 7ms6TXHpTokTou2P6x4SodDeentHRa
 
    # Your user/group key (or that of your target user), viewable
    # when logged into your dashboard: often referred to as
    # USER_KEY in Pushover documentation and code examples.
    # Supports the "{credential ...}" syntax.
    # user: hwRwoWsXMBWwgrSecfa9EfPey55WSN
 
    # start:
        # Message to be sent to the user or group. If omitted
        # the default is the name of the state.
        # message: A backup job has started.
 
        # A value of -2, -1, 0 (default), 1 or 2 that
        # indicates the message priority.
        # priority: 0
 
        # How many seconds your notification will continue
        # to be retried (every retry seconds). Defaults to
        # 600. This settings only applies to priority 2
        # notifications.
        # expire: 600
 
        # The retry parameter specifies how often
        # (in seconds) the Pushover servers will send the
        # same notification to the user. Defaults to 30. This
        # settings only applies to priority 2 notifications.
        # retry: 30
 
        # The name of one of your devices to send just to
        # that device instead of all devices.
        # device: pixel8
 
        # Set to True to enable HTML parsing of the message.
        # Set to false for plain text.
        # html: true
 
        # The name of a supported sound to override your
        # default sound choice. All options can be found
        # here: https://pushover.net/api#sounds
        # sound: bike
 
        # Your message's title, otherwise your app's name is
        # used.
        # title: A backup job has started.
 
        # The number of seconds that the message will live,
        # before being deleted automatically. The ttl
        # parameter is ignored for messages with a priority.
        # value of 2.
        # ttl: 3600
 
        # A supplementary URL to show with your message.
        # url: https://pushover.net/apps/xxxxx-borgbackup
 
        # A title for the URL specified as the url parameter,
        # otherwise just the URL is shown.
        # url_title: Pushover Link
 
    # finish:
        # Message to be sent to the user or group. If omitted
        # the default is the name of the state.
        # message: A backup job has finished.
 
        # A value of -2, -1, 0 (default), 1 or 2 that
        # indicates the message priority.
        # priority: 0
 
        # How many seconds your notification will continue
        # to be retried (every retry seconds). Defaults to
        # 600. This settings only applies to priority 2
        # notifications.
        # expire: 600
 
        # The retry parameter specifies how often
        # (in seconds) the Pushover servers will send the
        # same notification to the user. Defaults to 30. This
        # settings only applies to priority 2 notifications.
        # retry: 30
 
        # The name of one of your devices to send just to
        # that device instead of all devices.
        # device: pixel8
 
        # Set to True to enable HTML parsing of the message.
        # Set to false for plain text.
        # html: true
 
        # The name of a supported sound to override your
        # default sound choice. All options can be found
        # here: https://pushover.net/api#sounds
        # sound: bike
 
        # Your message's title, otherwise your app's name is
        # used.
        # title: A backup job has started.
 
        # The number of seconds that the message will live,
        # before being deleted automatically. The ttl
        # parameter is ignored for messages with a priority.
        # value of 2.
        # ttl: 3600
 
        # A supplementary URL to show with your message.
        # url: https://pushover.net/apps/xxxxx-borgbackup
 
        # A title for the URL specified as the url parameter,
        # otherwise just the URL is shown.
        # url_title: Pushover Link
 
    # fail:
        # Message to be sent to the user or group. If omitted
        # the default is the name of the state.
        # message: A backup job has failed.
 
        # A value of -2, -1, 0 (default), 1 or 2 that
        # indicates the message priority.
        # priority: 0
 
        # How many seconds your notification will continue
        # to be retried (every retry seconds). Defaults to
        # 600. This settings only applies to priority 2
        # notifications.
        # expire: 600
 
        # The retry parameter specifies how often
        # (in seconds) the Pushover servers will send the
        # same notification to the user. Defaults to 30. This
        # settings only applies to priority 2 notifications.
        # retry: 30
 
        # The name of one of your devices to send just to
        # that device instead of all devices.
        # device: pixel8
 
        # Set to True to enable HTML parsing of the message.
        # Set to false for plain text.
        # html: true
 
        # The name of a supported sound to override your
        # default sound choice. All options can be found
        # here: https://pushover.net/api#sounds
        # sound: bike
 
        # Your message's title, otherwise your app's name is
        # used.
        # title: A backup job has started.
 
        # The number of seconds that the message will live,
        # before being deleted automatically. The ttl
        # parameter is ignored for messages with a priority.
        # value of 2.
        # ttl: 3600
 
        # A supplementary URL to show with your message.
        # url: https://pushover.net/apps/xxxxx-borgbackup
 
        # A title for the URL specified as the url parameter,
        # otherwise just the URL is shown.
        # url_title: Pushover Link
 
    # List of one or more monitoring states to ping for: "start",
    # "finish", and/or "fail". Defaults to pinging for failure
    # only.
    # states:
        # - start
        # - finish
 
# zabbix:
    # The ID of the Zabbix item used for collecting data.
    # Unique across the entire Zabbix system.
    # itemid: 55105
 
    # Host name where the item is stored. Required if "itemid"
    # is not set.
    # host: borg-server
 
    # Key of the host where the item is stored. Required if
    # "itemid" is not set.
    # key: borg.status
 
    # The API endpoint URL of your Zabbix instance, usually ending
    # with "/api_jsonrpc.php". Required.
    # server: https://zabbix.your-domain.com
 
    # The username used for authentication. Not needed if using
    # an API key. Supports the "{credential ...}" syntax.
    # username: testuser
 
    # The password used for authentication. Not needed if using
    # an API key. Supports the "{credential ...}" syntax.
    # password: fakepassword
 
    # The API key used for authentication. Not needed if using an
    # username/password. Supports the "{credential ...}" syntax.
    # api_key: fakekey
 
    # start:
        # The value to set the item to on start.
        # value: STARTED
 
    # finish:
        # The value to set the item to on finish.
        # value: FINISH
 
    # fail:
        # The value to set the item to on fail.
        # value: ERROR
 
    # List of one or more monitoring states to ping for: "start",
    # "finish", and/or "fail". Defaults to pinging for failure
    # only.
    # states:
        # - start
        # - finish
 
# apprise:
    # A list of Apprise services to publish to with URLs and
    # labels. The labels are used for logging. A full list of
    # services and their configuration can be found at
    # https://github.com/caronc/apprise/wiki.
    # services:
        # URL of this Apprise service.
        # - url: gotify://hostname/token
 
          # Label used in borgmatic logs for this Apprise
          # service.
          # label: gotify
 
    # Send borgmatic logs to Apprise services as part of the
    # "finish", "fail", and "log" states. Defaults to true.
    # send_logs: false
 
    # Number of bytes of borgmatic logs to send to Apprise
    # services. Set to 0 to send all logs and disable this
    # truncation. Defaults to 1500.
    # logs_size_limit: 100000
 
    # start:
        # Specify the message title. If left unspecified, no
        # title is sent.
        # title: Ping!
 
        # Specify the message body.
        # body: Starting backup process.
 
    # finish:
        # Specify the message title. If left unspecified, no
        # title is sent.
        # title: Ping!
 
        # Specify the message body.
        # body: Backups successfully made.
 
    # fail:
        # Specify the message title. If left unspecified, no
        # title is sent.
        # title: Ping!
 
        # Specify the message body.
        # body: Your backups have failed.
 
    # log:
        # Specify the message title. If left unspecified, no
        # title is sent.
        # title: Ping!
 
        # Specify the message body.
        # body: Here is some info about your backups.
 
    # List of one or more monitoring states to ping for:
    # "start", "finish", "fail", and/or "log". Defaults to
    # pinging for failure only. For each selected state,
    # corresponding configuration for the message title and body
    # should be given. If any is left unspecified, a generic
    # message is emitted instead.
    # states:
        # - start
        # - finish
 
# Configuration for a monitoring integration with Healthchecks. Create
# an account at https://healthchecks.io (or self-host Healthchecks) if
# you'd like to use this service. See borgmatic monitoring
# documentation for details.
# healthchecks:
    # Healthchecks ping URL or UUID to notify when a backup
    # begins, ends, errors, or to send only logs.
    # ping_url: https://hc-ping.com/your-uuid-here
 
    # Verify the TLS certificate of the ping URL host. Defaults to
    # true.
    # verify_tls: false
 
    # Send borgmatic logs to Healthchecks as part of the "finish",
    # "fail", and "log" states. Defaults to true.
    # send_logs: false
 
    # Number of bytes of borgmatic logs to send to Healthchecks,
    # ideally the same as PING_BODY_LIMIT configured on the
    # Healthchecks server. Set to 0 to send all logs and disable
    # this truncation. Defaults to 100000.
    # ping_body_limit: 200000
 
    # List of one or more monitoring states to ping for: "start",
    # "finish", "fail", and/or "log". Defaults to pinging for all
    # states.
    # states:
        # - finish
 
    # Create the check if it does not exist. Only works with
    # the slug URL scheme (https://hc-ping.com/<ping-key>/<slug>
    # as opposed to https://hc-ping.com/<uuid>).
    # Defaults to false.
    # create_slug: true
 
# Configuration for a monitoring integration with Uptime Kuma using
# the Push monitor type.
# See more information here: https://uptime.kuma.pet
# uptime_kuma:
    # Uptime Kuma push URL without query string (do not include the
    # question mark or anything after it).
    # push_url: https://example.uptime.kuma/api/push/abcd1234
 
    # List of one or more monitoring states to push for: "start",
    # "finish", and/or "fail". Defaults to pushing for all
    # states.
    # states:
        # - start
        # - finish
        # - fail
 
    # Verify the TLS certificate of the push URL host. Defaults to
    # true.
    # verify_tls: false
 
# Configuration for a monitoring integration with Cronitor. Create an
# account at https://cronitor.io if you'd like to use this service.
# See borgmatic monitoring documentation for details.
# cronitor:
    # Cronitor ping URL to notify when a backup begins,
    # ends, or errors.
    # ping_url: https://cronitor.link/d3x0c1
 
# Configuration for a monitoring integration with PagerDuty. Create an
# account at https://www.pagerduty.com if you'd like to use this
# service. See borgmatic monitoring documentation for details.
# pagerduty:
    # PagerDuty integration key used to notify PagerDuty when a
    # backup errors. Supports the "{credential ...}" syntax.
    # integration_key: a177cad45bd374409f78906a810a3074
 
    # Send borgmatic logs to PagerDuty when a backup errors.
    # Defaults to true.
    # send_logs: false
 
# Configuration for a monitoring integration with Cronhub. Create an
# account at https://cronhub.io if you'd like to use this service. See
# borgmatic monitoring documentation for details.
# cronhub:
    # Cronhub ping URL to notify when a backup begins,
    # ends, or errors.
    # ping_url: https://cronhub.io/ping/1f5e3410-254c-5587
 
# Configuration for a monitoring integration with Grafana Loki. You
# can send the logs to a self-hosted instance or create an account at
# https://grafana.com/auth/sign-up/create-user. See borgmatic
# monitoring documentation for details.
# loki:
    # Grafana loki log URL to notify when a backup begins,
    # ends, or fails.
    # url: http://localhost:3100/loki/api/v1/push
 
    # Allows setting custom labels for the logging stream. At
    # least one label is required. "__hostname" gets replaced by
    # the machine hostname automatically. "__config" gets replaced
    # by the name of the configuration file. "__config_path" gets
    # replaced by the full path of the configuration file.
    # labels:
        # app: borgmatic
        # config: __config
        # hostname: __hostname
 
# Configuration for a monitoring integration with Sentry. You can use
# a self-hosted instance via https://develop.sentry.dev/self-hosted/
# or create a cloud-hosted account at https://sentry.io. See borgmatic
# monitoring documentation for details.
# sentry:
    # Sentry Data Source Name (DSN) URL, associated with a
    # particular Sentry project. Used to construct a cron URL,
    # notified when a backup begins, ends, or errors.
    # data_source_name_url: https://5f80ec@o294220.ingest.us.sentry.io/203069
 
    # Sentry monitor slug, associated with a particular Sentry
    # project monitor. Used along with the data source name URL to
    # construct a cron URL.
    # monitor_slug: mymonitor
 
    # List of one or more monitoring states to ping for: "start",
    # "finish", and/or "fail". Defaults to pinging for all states.
    # states:
        # - start
        # - finish
 
# Configuration for integration with the ZFS filesystem.
# zfs:
    # Command to use instead of "zfs".
    # zfs_command: /usr/local/bin/zfs
 
    # Command to use instead of "mount".
    # mount_command: /usr/local/bin/mount
 
    # Command to use instead of "umount".
    # umount_command: /usr/local/bin/umount
 
# Configuration for integration with the Btrfs filesystem.
# btrfs:
    # Command to use instead of "btrfs".
    # btrfs_command: /usr/local/bin/btrfs
 
    # Command to use instead of "findmnt".
    # findmnt_command: /usr/local/bin/findmnt
 
# Configuration for integration with Linux LVM (Logical Volume
# Manager).
# lvm:
    # Size to allocate for each snapshot taken, including the
    # units to use for that size. Defaults to "10%ORIGIN" (10%
    # of the size of logical volume being snapshotted). See the
    # lvcreate "--size" and "--extents" documentation for more
    # information:
    # https://www.man7.org/linux/man-pages/man8/lvcreate.8.html
    # snapshot_size: 5GB
 
    # Command to use instead of "lvcreate".
    # lvcreate_command: /usr/local/bin/lvcreate
 
    # Command to use instead of "lvremove".
    # lvremove_command: /usr/local/bin/lvremove
 
    # Command to use instead of "lvs".
    # lvs_command: /usr/local/bin/lvs
 
    # Command to use instead of "lsblk".
    # lsblk_command: /usr/local/bin/lsblk
 
    # Command to use instead of "mount".
    # mount_command: /usr/local/bin/mount
 
    # Command to use instead of "umount".
    # umount_command: /usr/local/bin/umount
 
# Configuration for integration with Docker or Podman secrets.
# container:
    # Secrets directory to use instead of "/run/secrets".
    # secrets_directory: /path/to/secrets
 
# Configuration for integration with the KeePassXC password manager.
# keepassxc:
    # Command to use instead of "keepassxc-cli".
    # keepassxc_cli_command: /usr/local/bin/keepassxc-cli
 
    # Path to a key file for unlocking the KeePassXC database.
    # key_file: /path/to/keyfile
 
    # YubiKey slot and optional serial number used to access the
    # KeePassXC database. The format is "<slot[:serial]>", where:
    #  * <slot> is the YubiKey slot number (e.g., `1` or `2`).
    #  * <serial> (optional) is the YubiKey's serial number (e.g.,
    #    `7370001`).
    # yubikey: 1:7370001
Here is the contents of config.yaml ```yaml # Constants to use in the configuration file. Within option values, # all occurrences of the constant name in curly braces will be # replaced with the constant value. For example, if you have a # constant named "app_name" with the value "myapp", then the string # "{app_name}" will be replaced with "myapp" in the configuration # file. # constants: # app_name: myapp # user: myuser # List of source directories and files to back up. Globs and tildes # are expanded. Do not backslash spaces in path names. source_directories: - /var/cells - /etc/borgmatic/config.yaml # A required list of local or remote repositories with paths and # optional labels (which can be used with the --repository flag to # select a repository). Tildes are expanded. Multiple repositories are # backed up to in sequence. Borg placeholders can be used. See the # output of "borg help placeholders" for details. See ssh_command for # SSH options like identity file or port. If systemd service is used, # then add local repository paths in the systemd service file to the # ReadWritePaths list. repositories: # The local path or Borg URL of the repository. - path: ssh://prod_admin@repo.myorg/./home/liyu_admin/DRP # An optional label for the repository, used in logging # and to make selecting the repository easier on the # command-line. # label: backupserver # The encryption mode with which to create the repository, # only used for the repo-create action. To see the # available encryption modes, run "borg init --help" with # Borg 1 or "borg repo-create --help" with Borg 2. # encryption: repokey-blake2 # Whether the repository should be created append-only, # only used for the repo-create action. Defaults to false. # append_only: true # The storage quota with which to create the repository, # only used for the repo-create action. Defaults to no # quota. # storage_quota: 5G # Whether any missing parent directories of the repository # path should be created, only used for the repo-create # action. Defaults to false. # make_parent_directories: true # Working directory to use when running actions, useful for backing up # using relative source directory paths. Does not currently apply to # borgmatic configuration file paths or includes. Tildes are expanded. # See http://borgbackup.readthedocs.io/en/stable/usage/create.html for # details. Defaults to not set. # working_directory: /path/to/working/directory # Stay in same file system; do not cross mount points beyond the given # source directories. Defaults to false. # one_file_system: true # Only store/extract numeric user and group identifiers. Defaults to # false. # numeric_ids: true # Store atime into archive. Defaults to true in Borg < 1.2, false in # Borg 1.2+. # atime: false # Store ctime into archive. Defaults to true. # ctime: false # Store birthtime (creation date) into archive. Defaults to true. # birthtime: false # Use Borg's --read-special flag to allow backup of block and other # special devices. Use with caution, as it will lead to problems if # used when backing up special devices such as /dev/zero. Defaults to # false. But when a database hook is used, the setting here is ignored # and read_special is considered true. # read_special: true # Record filesystem flags (e.g. NODUMP, IMMUTABLE) in archive. # Defaults to true. # flags: false # Mode in which to operate the files cache. See # http://borgbackup.readthedocs.io/en/stable/usage/create.html for # details. Defaults to "ctime,size,inode". # files_cache: ctime,size,inode # Alternate Borg local executable. Defaults to "borg". # local_path: borg1 # Alternate Borg remote executable. Defaults to "borg". # remote_path: borg1 # Any paths matching these patterns are included/excluded from # backups. Globs are expanded. (Tildes are not.) See the output of # "borg help patterns" for more details. Quote any value if it # contains leading punctuation, so it parses correctly. # patterns: # - R / # - '- /home/*/.cache' # - + /home/susan # - '- /home/*' # Read include/exclude patterns from one or more separate named files, # one pattern per line. See the output of "borg help patterns" for # more details. # patterns_from: # - /etc/borgmatic/patterns # Any paths matching these patterns are excluded from backups. Globs # and tildes are expanded. Note that a glob pattern must either start # with a glob or be an absolute path. Do not backslash spaces in path # names. See the output of "borg help patterns" for more details. # exclude_patterns: # - '*.pyc' # - /home/*/.cache # - '*/.vim*.tmp' # - /etc/ssl # - /home/user/path with spaces # Read exclude patterns from one or more separate named files, one # pattern per line. See the output of "borg help patterns" for more # details. # exclude_from: # - /etc/borgmatic/excludes # Exclude directories that contain a CACHEDIR.TAG file. See # http://www.brynosaurus.com/cachedir/spec.html for details. Defaults # to false. # exclude_caches: true # Exclude directories that contain a file with the given filenames. # Defaults to not set. # exclude_if_present: # - .nobackup # If true, the exclude_if_present filename is included in backups. # Defaults to false, meaning that the exclude_if_present filename is # omitted from backups. # keep_exclude_tags: true # Exclude files with the NODUMP flag. Defaults to false. # exclude_nodump: true # Deprecated. Only used for locating database dumps and bootstrap # metadata within backup archives created prior to deprecation. # Replaced by user_runtime_directory and user_state_directory. # Defaults to ~/.borgmatic # borgmatic_source_directory: /tmp/borgmatic # Path for storing temporary runtime data like streaming database # dumps and bootstrap metadata. borgmatic automatically creates and # uses a "borgmatic" subdirectory here. Defaults to $XDG_RUNTIME_DIR # or or $TMPDIR or $TEMP or /run/user/$UID. # user_runtime_directory: /run/user/1001 # Path for storing borgmatic state files like records of when checks # last ran. borgmatic automatically creates and uses a "borgmatic" # subdirectory here. If you change this option, borgmatic must # create the check records again (and therefore re-run checks). # Defaults to $XDG_STATE_HOME or ~/.local/state. # user_state_directory: /var/lib/borgmatic # If true, then source directories (and root pattern paths) must # exist. If they don't, an error is raised. Defaults to false. # source_directories_must_exist: true # The standard output of this command is used to unlock the encryption # key. Only use on repositories that were initialized with # passcommand/repokey/keyfile encryption. Note that if both # encryption_passcommand and encryption_passphrase are set, then # encryption_passphrase takes precedence. This can also be used to # access encrypted systemd service credentials. Defaults to not set. # For more details, see: # https://torsion.org/borgmatic/docs/how-to/provide-your-passwords/ # encryption_passcommand: secret-tool lookup borg-repository repo-name # Passphrase to unlock the encryption key with. Only use on # repositories that were initialized with passphrase/repokey/keyfile # encryption. Quote the value if it contains punctuation, so it parses # correctly. And backslash any quote or backslash literals as well. # Defaults to not set. Supports the "{credential ...}" syntax. # encryption_passphrase: "!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~" # Number of seconds between each checkpoint during a long-running # backup. See https://borgbackup.readthedocs.io/en/stable/faq.html for # details. Defaults to checkpoints every 1800 seconds (30 minutes). # checkpoint_interval: 1800 # Number of backed up bytes between each checkpoint during a # long-running backup. Only supported with Borg 2+. See # https://borgbackup.readthedocs.io/en/stable/faq.html for details. # Defaults to only time-based checkpointing (see # "checkpoint_interval") instead of volume-based checkpointing. # checkpoint_volume: 1048576 # Specify the parameters passed to the chunker (CHUNK_MIN_EXP, # CHUNK_MAX_EXP, HASH_MASK_BITS, HASH_WINDOW_SIZE). See # https://borgbackup.readthedocs.io/en/stable/internals.html for # details. Defaults to "19,23,21,4095". # chunker_params: 19,23,21,4095 # Type of compression to use when creating archives. (Compression # level can be added separated with a comma, like "zstd,7".) See # http://borgbackup.readthedocs.io/en/stable/usage/create.html for # details. Defaults to "lz4". # compression: lz4 # Mode for recompressing data chunks according to MODE. # Possible modes are: # * "if-different": Recompress if the current compression # is with a different compression algorithm. # * "always": Recompress even if the current compression # is with the same compression algorithm. Use this to change # the compression level. # * "never": Do not recompress. Use this option to explicitly # prevent recompression. # See https://borgbackup.readthedocs.io/en/stable/usage/recreate.html # for details. Defaults to "never". # recompress: if-different # Remote network upload rate limit in kiBytes/second. Defaults to # unlimited. # upload_rate_limit: 100 # Size of network upload buffer in MiB. Defaults to no buffer. # upload_buffer_size: 160 # Number of times to retry a failing backup before giving up. Defaults # to 0 (i.e., does not attempt retry). # retries: 3 # Wait time between retries (in seconds) to allow transient issues # to pass. Increases after each retry by that same wait time as a # form of backoff. Defaults to 0 (no wait). # retry_wait: 10 # Directory where temporary Borg files are stored. Defaults to # $TMPDIR. See "Resource Usage" at # https://borgbackup.readthedocs.io/en/stable/usage/general.html for # details. # temporary_directory: /path/to/tmpdir # Command to use instead of "ssh". This can be used to specify ssh # options. Defaults to not set. # ssh_command: ssh -i /path/to/private/key # Base path used for various Borg directories. Defaults to $HOME, # ~$USER, or ~. # borg_base_directory: /path/to/base # Path for Borg configuration files. Defaults to # $borg_base_directory/.config/borg # borg_config_directory: /path/to/base/config # Path for Borg cache files. Defaults to # $borg_base_directory/.cache/borg # borg_cache_directory: /path/to/base/cache # Enables or disables the use of chunks.archive.d for faster cache # resyncs in Borg. If true, value is set to "yes" (default) else # it's set to "no", reducing disk usage but slowing resyncs. # use_chunks_archive: true # Maximum time to live (ttl) for entries in the Borg files cache. # borg_files_cache_ttl: 20 # Path for Borg security and encryption nonce files. Defaults to # $borg_base_directory/.config/borg/security # borg_security_directory: /path/to/base/config/security # Path for Borg encryption key files. Defaults to # $borg_base_directory/.config/borg/keys # borg_keys_directory: /path/to/base/config/keys # A list of Borg exit codes that should be elevated to errors or # squashed to warnings as indicated. By default, Borg error exit codes # (2 to 99) are treated as errors while warning exit codes (1 and # 100+) are treated as warnings. Exit codes other than 1 and 2 are # only present in Borg 1.4.0+. # borg_exit_codes: # The exit code for an existing Borg warning or error. # - code: 100 # Whether to consider the exit code as an error or as a # warning in borgmatic. # treat_as: error # Umask used for when executing Borg or calling hooks. Defaults to # 0077 for Borg or the umask that borgmatic is run with for hooks. # umask: 77 # Maximum seconds to wait for acquiring a repository/cache lock. # Defaults to 1. # lock_wait: 5 # Name of the archive to create. Borg placeholders can be used. See # the output of "borg help placeholders" for details. Defaults to # "{hostname}-{now:%Y-%m-%dT%H:%M:%S.%f}" with Borg 1 and # "{hostname}" with Borg 2, as Borg 2 does not require unique # archive names; identical archive names form a common "series" that # can be targeted together. When running actions like repo-list, # info, or check, borgmatic automatically tries to match only # archives created with this name format. # archive_name_format: '{hostname}-documents-{now}' # A Borg pattern for filtering down the archives used by borgmatic # actions that operate on multiple archives. For Borg 1.x, use a shell # pattern here and see the output of "borg help placeholders" for # details. For Borg 2.x, see the output of "borg help match-archives". # If match_archives is not specified, borgmatic defaults to deriving # the match_archives value from archive_name_format. # match_archives: sh:{hostname}-* # Bypass Borg error about a repository that has been moved. Defaults # to false. # relocated_repo_access_is_ok: true # Bypass Borg error about a previously unknown unencrypted repository. # Defaults to false. # unknown_unencrypted_repo_access_is_ok: true # Bypass Borg confirmation about check with repair option. Defaults to # false and an interactive prompt from Borg. # check_i_know_what_i_am_doing: true # Additional options to pass directly to particular Borg commands, # handy for Borg options that borgmatic does not yet support natively. # Note that borgmatic does not perform any validation on these # options. Running borgmatic with "--verbosity 2" shows the exact Borg # command-line invocation. # extra_borg_options: # Extra command-line options to pass to "borg init". # init: --extra-option # Extra command-line options to pass to "borg create". # create: --extra-option # Extra command-line options to pass to "borg prune". # prune: --extra-option # Extra command-line options to pass to "borg compact". # compact: --extra-option # Extra command-line options to pass to "borg check". # check: --extra-option # Keep all archives within this time interval. See "skip_actions" for # disabling pruning altogether. keep_within: 1d # Number of secondly archives to keep. # keep_secondly: 60 # Number of minutely archives to keep. # keep_minutely: 60 # Number of hourly archives to keep. # keep_hourly: 24 # Number of daily archives to keep. keep_daily: 1 # Number of weekly archives to keep. keep_weekly: 2 # Number of monthly archives to keep. keep_monthly: 2 # Number of yearly archives to keep. # keep_yearly: 1 # Number of quarterly archives to keep (13 week strategy). # keep_13weekly: 13 # Number of quarterly archives to keep (3 month strategy). # keep_3monthly: 3 # Deprecated. When pruning or checking archives, only consider archive # names starting with this prefix. Borg placeholders can be used. See # the output of "borg help placeholders" for details. If a prefix is # not specified, borgmatic defaults to matching archives based on the # archive_name_format (see above). # prefix: sourcehostname # Minimum saved space percentage threshold for compacting a segment, # defaults to 10. # compact_threshold: 20 # List of one or more consistency checks to run on a periodic basis # (if "frequency" is set) or every time borgmatic runs checks (if # "frequency" is omitted). # checks: # Name of the consistency check to run: # * "repository" checks the consistency of the # repository. # * "archives" checks all of the archives. # * "data" verifies the integrity of the data # within the archives and implies the "archives" # check as well. # * "spot" checks that some percentage of source # files are found in the most recent archive (with # identical contents). # * "extract" does an extraction dry-run of the # most recent archive. # * See "skip_actions" for disabling checks # altogether. # - name: repository # How frequently to run this type of consistency # check (as a best effort). The value is a number # followed by a unit of time. E.g., "2 weeks" to # run this consistency check no more than every # two weeks for a given repository or "1 month" to # run it no more than monthly. Defaults to # "always": running this check every time checks # are run. # frequency: 2 weeks # After the "frequency" duration has elapsed, only # run this check if the current day of the week # matches one of these values (the name of a day of # the week in the current locale). "weekday" and # "weekend" are also accepted. Defaults to running # the check on any day of the week. # only_run_on: # - Saturday # - Sunday # How many seconds to check the repository before # interrupting the check. Useful for splitting a # long-running repository check into multiple # partial checks. Defaults to no interruption. Only # applies to the "repository" check, does not check # the repository index and is not compatible with # the "--repair" flag. # max_duration: 3600 # The percentage delta between the source # directories file count and the most recent backup # archive file count that is allowed before the # entire consistency check fails. This can catch # problems like incorrect excludes, inadvertent # deletes, etc. Required (and only valid) for the # "spot" check. # count_tolerance_percentage: 10 # The percentage of total files in the source # directories to randomly sample and compare to # their corresponding files in the most recent # backup archive. Required (and only valid) for the # "spot" check. # data_sample_percentage: 1 # The percentage of total files in the source # directories that can fail a spot check comparison # without failing the entire consistency check. This # can catch problems like source files that have # been bulk-changed by malware, backups that have # been tampered with, etc. The value must be lower # than or equal to the "contents_sample_percentage". # Required (and only valid) for the "spot" check. # data_tolerance_percentage: 0.5 # Command to use instead of "xxh64sum" to hash # source files, usually found in an OS package named # "xxhash". Do not substitute with a different hash # type (SHA, MD5, etc.) or the check will never # succeed. Only valid for the "spot" check. # xxh64sum_command: /usr/local/bin/xxh64sum # Paths or labels for a subset of the configured "repositories" (see # above) on which to run consistency checks. Handy in case some of # your repositories are very large, and so running consistency checks # on them would take too long. Defaults to running consistency checks # on all configured repositories. # check_repositories: # - user@backupserver:sourcehostname.borg # Restrict the number of checked archives to the last n. Applies only # to the "archives" check. Defaults to checking all archives. # check_last: 3 # Apply color to console output. Defaults to true. # color: false # Display verbose output to the console: -2 (disabled), -1 (errors # only), 0 (warnings and responses to actions, the default), 1 (info # about steps borgmatic is taking), or 2 (debug). # verbosity: 2 # Log verbose output to syslog: -2 (disabled, the default), -1 (errors # only), 0 (warnings and responses to actions), 1 (info about steps # borgmatic is taking), or 2 (debug). # syslog_verbosity: 2 # Log verbose output to file: -2 (disabled), -1 (errors only), 0 # (warnings and responses to actions), 1 (info about steps borgmatic # is taking, the default), or 2 (debug). # log_file_verbosity: 2 # Write log messages to the file at this path. # log_file: /var/log/borgmatic/logfile.txt # Python format string used for log messages written to the log file. # log_file_format: '[{asctime}] {levelname}: {prefix}{message}' # When a monitoring integration supporting logging is configured, log # verbose output to it: -2 (disabled), -1 (errors only), 0 (warnings # and responses to actions), 1 (info about steps borgmatic is taking, # the default), or 2 (debug). # monitoring_verbosity: 2 # Write Borg log messages and console output as one JSON object per # log line instead of formatted text. Defaults to false. # log_json: true # Display progress as each file or archive is processed when running # supported actions. Corresponds to the "--progress" flag on those # actions. Defaults to false. # progress: true # Display statistics for an archive when running supported actions. # Corresponds to the "--stats" flag on those actions. Defaults to # false. # statistics: true # Display details for each file or archive as it is processed when # running supported actions. Corresponds to the "--list" flag on those # actions. Defaults to false. # list_details: true # Whether to apply default actions (create, prune, compact and check) # when no arguments are supplied to the borgmatic command. If set to # false, borgmatic displays the help message instead. # default_actions: true # List of one or more actions to skip running for this configuration # file, even if specified on the command-line (explicitly or # implicitly). This is handy for append-only configurations where you # never want to run "compact" or checkless configuration where you # want to skip "check". Defaults to not skipping any actions. # skip_actions: # - compact # Deprecated. Use "commands:" instead. List of one or more shell # commands or scripts to execute before all the actions for each # repository. # before_actions: # - echo Starting actions. # Deprecated. Use "commands:" instead. List of one or more shell # commands or scripts to execute before creating a backup, run once # per repository. # before_backup: # - echo Starting a backup. # Deprecated. Use "commands:" instead. List of one or more shell # commands or scripts to execute before pruning, run once per # repository. # before_prune: # - echo Starting pruning. # Deprecated. Use "commands:" instead. List of one or more shell # commands or scripts to execute before compaction, run once per # repository. # before_compact: # - echo Starting compaction. # Deprecated. Use "commands:" instead. List of one or more shell # commands or scripts to execute before consistency checks, run once # per repository. # before_check: # - echo Starting checks. # Deprecated. Use "commands:" instead. List of one or more shell # commands or scripts to execute before extracting a backup, run once # per repository. # before_extract: # - echo Starting extracting. # Deprecated. Use "commands:" instead. List of one or more shell # commands or scripts to execute after creating a backup, run once per # repository. # after_backup: # - echo Finished a backup. # Deprecated. Use "commands:" instead. List of one or more shell # commands or scripts to execute after compaction, run once per # repository. # after_compact: # - echo Finished compaction. # Deprecated. Use "commands:" instead. List of one or more shell # commands or scripts to execute after pruning, run once per # repository. # after_prune: # - echo Finished pruning. # Deprecated. Use "commands:" instead. List of one or more shell # commands or scripts to execute after consistency checks, run once # per repository. # after_check: # - echo Finished checks. # Deprecated. Use "commands:" instead. List of one or more shell # commands or scripts to execute after extracting a backup, run once # per repository. # after_extract: # - echo Finished extracting. # Deprecated. Use "commands:" instead. List of one or more shell # commands or scripts to execute after all actions for each # repository. # after_actions: # - echo Finished actions. # Deprecated. Use "commands:" instead. List of one or more shell # commands or scripts to execute when an exception occurs during a # "create", "prune", "compact", or "check" action or an associated # before/after hook. # on_error: # - echo Error during create/prune/compact/check. # Deprecated. Use "commands:" instead. List of one or more shell # commands or scripts to execute before running all actions (if one of # them is "create"). These are collected from all configuration files # and then run once before all of them (prior to all actions). # before_everything: # - echo Starting actions. # Deprecated. Use "commands:" instead. List of one or more shell # commands or scripts to execute after running all actions (if one of # them is "create"). These are collected from all configuration files # and then run once after all of them (after any action). # after_everything: # - echo Completed actions. # List of one or more command hooks to execute, triggered at # particular points during borgmatic's execution. For each command # hook, specify one of "before" or "after", not both. commands: # Name for the point in borgmatic's execution that # the commands should be run before (required if # "after" isn't set): # * "action" runs before each action for each # repository. # * "repository" runs before all actions for each # repository. # * "configuration" runs before all actions and # repositories in the current configuration file. # * "everything" runs before all configuration # files. - before: action # Name for the point in borgmatic's execution that # the commands should be run after (required if # "before" isn't set): # * "action" runs after each action for each # repository. # * "repository" runs after all actions for each # repository. # * "configuration" runs after all actions and # repositories in the current configuration file. # * "everything" runs after all configuration # files. # * "error" runs after an error occurs. # after: action # Only trigger the hook when borgmatic is run with # particular actions listed here. Defaults to # running for all actions. when: - create # - prune # - compact # - check # List of one or more shell commands or scripts to # run when this command hook is triggered. Required. run: - echo "Stoping DMS for backup..." - systemctl stop cells.service # Only trigger the hook if borgmatic encounters one # of the states (execution results) listed here, # where: # * "finish": No errors occurred. # * "fail": An error occurred. # This state is evaluated only for the scope of the # configured "action", "repository", etc., rather # than for the entire borgmatic run. Only available # for "after" hooks. Defaults to running the hook # for all states. # states: # - finish - after: action when: - create states: - finish run: - echo "Completed the backup." - systemctl start cells.service # Support for the "borgmatic bootstrap" action, used to extract # borgmatic configuration files from a backup archive. # bootstrap: # Store configuration files used to create a backup inside the # backup itself. Defaults to true. Changing this to false # prevents "borgmatic bootstrap" from extracting configuration # files from the backup. # store_config_files: false # List of one or more PostgreSQL databases to dump before creating a # backup, run once per configuration file. The database dumps are # added to your source directories at runtime and streamed directly # to Borg. Requires pg_dump/pg_dumpall/pg_restore commands. See # https://www.postgresql.org/docs/current/app-pgdump.html and # https://www.postgresql.org/docs/current/libpq-ssl.html for # details. # postgresql_databases: # Database name (required if using this hook). Or "all" to # dump all databases on the host. (Also set the "format" # to dump each database to a separate file instead of one # combined file.) Note that using this database hook # implicitly enables read_special (see above) to support # dump and restore streaming. # - name: users # Database hostname to connect to. Defaults to connecting # via local Unix socket. # hostname: database.example.org # Database hostname to restore to. Defaults to the # "hostname" option. # restore_hostname: database.example.org # Port to connect to. Defaults to 5432. # port: 5433 # Port to restore to. Defaults to the "port" option. # restore_port: 5433 # Username with which to connect to the database. Defaults # to the username of the current user. You probably want # to specify the "postgres" superuser here when the # database name is "all". Supports the "{credential ...}" # syntax. # username: dbuser # Username with which to restore the database. Defaults to # the "username" option. Supports the "{credential ...}" # syntax. # restore_username: dbuser # Password with which to connect to the database. Omitting # a password will only work if PostgreSQL is configured to # trust the configured username without a password or you # create a ~/.pgpass file. Supports the "{credential ...}" # syntax. # password: trustsome1 # Password with which to connect to the restore database. # Defaults to the "password" option. Supports the # "{credential ...}" syntax. # restore_password: trustsome1 # Do not output commands to set ownership of objects to # match the original database. By default, pg_dump and # pg_restore issue ALTER OWNER or SET SESSION # AUTHORIZATION statements to set ownership of created # schema elements. These statements will fail unless the # initial connection to the database is made by a # superuser. # no_owner: true # Database dump output format. One of "plain", "custom", # "directory", or "tar". Defaults to "custom" (unlike raw # pg_dump) for a single database. Or, when database name # is "all" and format is blank, dumps all databases to a # single file. But if a format is specified with an "all" # database name, dumps each database to a separate file of # that format, allowing more convenient restores of # individual databases. See the pg_dump documentation for # more about formats. # format: directory # Database dump compression level (integer) or method # ("gzip", "lz4", "zstd", or "none") and optional # colon-separated detail. Defaults to moderate "gzip" for # "custom" and "directory" formats and no compression for # the "plain" format. Compression is not supported for the # "tar" format. Be aware that Borg does its own # compression as well, so you may not need it in both # places. # compression: none # SSL mode to use to connect to the database server. One # of "disable", "allow", "prefer", "require", "verify-ca" # or "verify-full". Defaults to "disable". # ssl_mode: require # Path to a client certificate. # ssl_cert: /root/.postgresql/postgresql.crt # Path to a private client key. # ssl_key: /root/.postgresql/postgresql.key # Path to a root certificate containing a list of trusted # certificate authorities. # ssl_root_cert: /root/.postgresql/root.crt # Path to a certificate revocation list. # ssl_crl: /root/.postgresql/root.crl # Command to use instead of "pg_dump" or "pg_dumpall". # This can be used to run a specific pg_dump version # (e.g., one inside a running container). If you run it # from within a container, make sure to mount the path in # the "user_runtime_directory" option from the host into # the container at the same location. Defaults to # "pg_dump" for single database dump or "pg_dumpall" to # dump all databases. # pg_dump_command: docker exec my_pg_container pg_dump # Command to use instead of "pg_restore". This can be used # to run a specific pg_restore version (e.g., one inside a # running container). Defaults to "pg_restore". # pg_restore_command: docker exec my_pg_container pg_restore # Command to use instead of "psql". This can be used to # run a specific psql version (e.g., one inside a running # container). Defaults to "psql". # psql_command: docker exec my_pg_container psql # Additional pg_dump/pg_dumpall options to pass directly # to the dump command, without performing any validation # on them. See pg_dump documentation for details. # options: --role=someone # Additional psql options to pass directly to the psql # command that lists available databases, without # performing any validation on them. See psql # documentation for details. # list_options: --role=someone # Additional pg_restore/psql options to pass directly to # the restore command, without performing any validation # on them. See pg_restore/psql documentation for details. # restore_options: --role=someone # Additional psql options to pass directly to the analyze # command run after a restore, without performing any # validation on them. See psql documentation for details. # analyze_options: --role=someone # List of one or more MariaDB databases to dump before creating a # backup, run once per configuration file. The database dumps are # added to your source directories at runtime and streamed directly # to Borg. Requires mariadb-dump/mariadb commands. See # https://mariadb.com/kb/en/library/mysqldump/ for details. mariadb_databases: # Database name (required if using this hook). Or "all" to # dump all databases on the host. Note that using this # database hook implicitly enables read_special (see # above) to support dump and restore streaming. - name: cells # Database hostname to connect to. Defaults to connecting # via local Unix socket. hostname: localhost # Database hostname to restore to. Defaults to the # "hostname" option. # restore_hostname: database.example.org # Port to connect to. Defaults to 3306. port: 3306 # Port to restore to. Defaults to the "port" option. # restore_port: 5433 # Username with which to connect to the database. Defaults # to the username of the current user. Supports the # "{credential ...}" syntax. username: pydio # Username with which to restore the database. Defaults to # the "username" option. Supports the "{credential ...}" # syntax. # restore_username: dbuser # Password with which to connect to the database. Omitting # a password will only work if MariaDB is configured to # trust the configured username without a password. # Supports the "{credential ...}" syntax. password: mypass # Password with which to connect to the restore database. # Defaults to the "password" option. Supports the # "{credential ...}" syntax. # restore_password: trustsome1 # How to transmit database passwords from borgmatic to the # MariaDB client, one of: # * "pipe": Securely transmit passwords via anonymous # pipe. Only works if the database client is on the # same host as borgmatic. (The server can be # somewhere else.) This is the default value. # * "environment": Transmit passwords via environment # variable. Potentially less secure than a pipe, but # necessary when the database client is elsewhere, e.g. # when "mariadb_dump_command" is configured to "exec" # into a container and run a client there. # password_transport: # Whether to TLS-encrypt data transmitted between the # client and server. The default varies based on the # MariaDB version. # tls: false # Whether to TLS-encrypt data transmitted between the # client and restore server. The default varies based on # the MariaDB version. # restore_tls: false # Command to use instead of "mariadb-dump". This can be # used to run a specific mariadb_dump version (e.g., one # inside a running container). If you run it from within a # container, make sure to mount the path in the # "user_runtime_directory" option from the host into the # container at the same location. Defaults to # "mariadb-dump". # mariadb_dump_command: docker exec mariadb_container mariadb-dump # Command to run instead of "mariadb". This can be used to # run a specific mariadb version (e.g., one inside a # running container). Defaults to "mariadb". # mariadb_command: docker exec mariadb_container mariadb # Database dump output format. Currently only "sql" is # supported. Defaults to "sql" for a single database. Or, # when database name is "all" and format is blank, dumps # all databases to a single file. But if a format is # specified with an "all" database name, dumps each # database to a separate file of that format, allowing # more convenient restores of individual databases. # format: directory # Use the "--add-drop-database" flag with mariadb-dump, # causing the database to be dropped right before restore. # Defaults to true. # add_drop_database: false # Additional mariadb-dump options to pass directly to the # dump command, without performing any validation on them. # See mariadb-dump documentation for details. # options: --skip-comments # Additional options to pass directly to the mariadb # command that lists available databases, without # performing any validation on them. See mariadb command # documentation for details. # list_options: --defaults-extra-file=mariadb.cnf # Additional options to pass directly to the mariadb # command that restores database dumps, without # performing any validation on them. See mariadb command # documentation for details. # restore_options: --defaults-extra-file=mariadb.cnf # List of one or more MySQL databases to dump before creating a # backup, run once per configuration file. The database dumps are # added to your source directories at runtime and streamed directly # to Borg. Requires mysqldump/mysql commands. See # https://dev.mysql.com/doc/refman/8.0/en/mysqldump.html for # details. # mysql_databases: # Database name (required if using this hook). Or "all" to # dump all databases on the host. Note that using this # database hook implicitly enables read_special (see # above) to support dump and restore streaming. # - name: users # Database hostname to connect to. Defaults to connecting # via local Unix socket. # hostname: database.example.org # Database hostname to restore to. Defaults to the # "hostname" option. # restore_hostname: database.example.org # Port to connect to. Defaults to 3306. # port: 3307 # Port to restore to. Defaults to the "port" option. # restore_port: 5433 # Username with which to connect to the database. Defaults # to the username of the current user. Supports the # "{credential ...}" syntax. # username: dbuser # Username with which to restore the database. Defaults to # the "username" option. Supports the "{credential ...}" # syntax. # restore_username: dbuser # Password with which to connect to the database. Omitting # a password will only work if MySQL is configured to # trust the configured username without a password. # Supports the "{credential ...}" syntax. # password: trustsome1 # Password with which to connect to the restore database. # Defaults to the "password" option. Supports the # "{credential ...}" syntax. # restore_password: trustsome1 # How to transmit database passwords from borgmatic to the # MySQL client, one of: # * "pipe": Securely transmit passwords via anonymous # pipe. Only works if the database client is on the # same host as borgmatic. (The server can be # somewhere else.) This is the default value. # * "environment": Transmit passwords via environment # variable. Potentially less secure than a pipe, but # necessary when the database client is elsewhere, e.g. # when "mysql_dump_command" is configured to "exec" # into a container and run a client there. # password_transport: # Whether to TLS-encrypt data transmitted between the # client and server. The default varies based on the # MySQL installation. # tls: false # Whether to TLS-encrypt data transmitted between the # client and restore server. The default varies based on # the MySQL installation. # restore_tls: false # Command to use instead of "mysqldump". This can be used # to run a specific mysql_dump version (e.g., one inside a # running container). If you run it from within a # container, make sure to mount the path in the # "user_runtime_directory" option from the host into the # container at the same location. Defaults to "mysqldump". # mysql_dump_command: docker exec mysql_container mysqldump # Command to run instead of "mysql". This can be used to # run a specific mysql version (e.g., one inside a running # container). Defaults to "mysql". # mysql_command: docker exec mysql_container mysql # Database dump output format. Currently only "sql" is # supported. Defaults to "sql" for a single database. Or, # when database name is "all" and format is blank, dumps # all databases to a single file. But if a format is # specified with an "all" database name, dumps each # database to a separate file of that format, allowing # more convenient restores of individual databases. # format: directory # Use the "--add-drop-database" flag with mysqldump, # causing the database to be dropped right before restore. # Defaults to true. # add_drop_database: false # Additional mysqldump options to pass directly to the # dump command, without performing any validation on them. # See mysqldump documentation for details. # options: --skip-comments # Additional options to pass directly to the mysql # command that lists available databases, without # performing any validation on them. See mysql command # documentation for details. # list_options: --defaults-extra-file=my.cnf # Additional options to pass directly to the mysql # command that restores database dumps, without # performing any validation on them. See mysql command # documentation for details. # restore_options: --defaults-extra-file=my.cnf # List of one or more SQLite databases to dump before creating a # backup, run once per configuration file. The database dumps are # added to your source directories at runtime and streamed directly to # Borg. Requires the sqlite3 command. See https://sqlite.org/cli.html # for details. # sqlite_databases: # This is used to tag the database dump file with a name. # It is not the path to the database file itself. The name # "all" has no special meaning for SQLite databases. # - name: users # Path to the SQLite database file to dump. If relative, # it is relative to the current working directory. Note # that using this database hook implicitly enables # read_special (see above) to support dump and restore # streaming. # path: /var/lib/sqlite/users.db # Path to the SQLite database file to restore to. Defaults # to the "path" option. # restore_path: /var/lib/sqlite/users.db # Command to use instead of "sqlite3". This can be used to # run a specific sqlite3 version (e.g., one inside a # running container). If you run it from within a # container, make sure to mount the path in the # "user_runtime_directory" option from the host into the # container at the same location. Defaults to "sqlite3". # sqlite_command: docker exec sqlite_container sqlite3 # Command to run when restoring a database instead # of "sqlite3". This can be used to run a specific # sqlite3 version (e.g., one inside a running container). # Defaults to "sqlite3". # sqlite_restore_command: docker exec sqlite_container sqlite3 # List of one or more MongoDB databases to dump before creating a # backup, run once per configuration file. The database dumps are # added to your source directories at runtime and streamed directly # to Borg. Requires mongodump/mongorestore commands. See # https://docs.mongodb.com/database-tools/mongodump/ and # https://docs.mongodb.com/database-tools/mongorestore/ for details. # mongodb_databases: # Database name (required if using this hook). Or "all" to # dump all databases on the host. Note that using this # database hook implicitly enables read_special (see # above) to support dump and restore streaming. # - name: users # Database hostname to connect to. Defaults to connecting # to localhost. # hostname: database.example.org # Database hostname to restore to. Defaults to the # "hostname" option. # restore_hostname: database.example.org # Port to connect to. Defaults to 27017. # port: 27018 # Port to restore to. Defaults to the "port" option. # restore_port: 5433 # Username with which to connect to the database. Skip it # if no authentication is needed. Supports the # "{credential ...}" syntax. # username: dbuser # Username with which to restore the database. Defaults to # the "username" option. Supports the "{credential ...}" # syntax. # restore_username: dbuser # Password with which to connect to the database. Skip it # if no authentication is needed. Supports the # "{credential ...}" syntax. # password: trustsome1 # Password with which to connect to the restore database. # Defaults to the "password" option. Supports the # "{credential ...}" syntax. # restore_password: trustsome1 # Authentication database where the specified username # exists. If no authentication database is specified, the # database provided in "name" is used. If "name" is "all", # the "admin" database is used. # authentication_database: admin # Database dump output format. One of "archive", or # "directory". Defaults to "archive". See mongodump # documentation for details. Note that format is ignored # when the database name is "all". # format: directory # Additional mongodump options to pass directly to the # dump command, without performing any validation on them. # See mongodump documentation for details. # options: --dumpDbUsersAndRoles # Additional mongorestore options to pass directly to the # dump command, without performing any validation on them. # See mongorestore documentation for details. # restore_options: --restoreDbUsersAndRoles # Command to use instead of "mongodump". This can be used # to run a specific mongodump version (e.g., one inside a # running container). If you run it from within a # container, make sure to mount the path in the # "user_runtime_directory" option from the host into the # container at the same location. Defaults to # "mongodump". # mongodump_command: docker exec mongodb_container mongodump # Command to run when restoring a database instead of # "mongorestore". This can be used to run a specific # mongorestore version (e.g., one inside a running # container). Defaults to "mongorestore". # mongorestore_command: docker exec mongodb_container mongorestore # ntfy: # The topic to publish to. See https://ntfy.sh/docs/publish/ # for details. # topic: topic # The address of your self-hosted ntfy.sh instance. # server: https://ntfy.your-domain.com # The username used for authentication. Supports the # "{credential ...}" syntax. # username: testuser # The password used for authentication. Supports the # "{credential ...}" syntax. # password: fakepassword # An ntfy access token to authenticate with instead of # username/password. Supports the "{credential ...}" syntax. # access_token: tk_AgQdq7mVBoFD37zQVN29RhuMzNIz2 # start: # The title of the message. # title: Ping! # The message body to publish. # message: Your backups have failed. # The priority to set. # priority: urgent # Tags to attach to the message. # tags: incoming_envelope # finish: # The title of the message. # title: Ping! # The message body to publish. # message: Your backups have failed. # The priority to set. # priority: urgent # Tags to attach to the message. # tags: incoming_envelope # fail: # The title of the message. # title: Ping! # The message body to publish. # message: Your backups have failed. # The priority to set. # priority: urgent # Tags to attach to the message. # tags: incoming_envelope # List of one or more monitoring states to ping for: "start", # "finish", and/or "fail". Defaults to pinging for failure # only. # states: # - start # - finish # pushover: # Your application's API token. Supports the "{credential # ...}" syntax. # token: 7ms6TXHpTokTou2P6x4SodDeentHRa # Your user/group key (or that of your target user), viewable # when logged into your dashboard: often referred to as # USER_KEY in Pushover documentation and code examples. # Supports the "{credential ...}" syntax. # user: hwRwoWsXMBWwgrSecfa9EfPey55WSN # start: # Message to be sent to the user or group. If omitted # the default is the name of the state. # message: A backup job has started. # A value of -2, -1, 0 (default), 1 or 2 that # indicates the message priority. # priority: 0 # How many seconds your notification will continue # to be retried (every retry seconds). Defaults to # 600. This settings only applies to priority 2 # notifications. # expire: 600 # The retry parameter specifies how often # (in seconds) the Pushover servers will send the # same notification to the user. Defaults to 30. This # settings only applies to priority 2 notifications. # retry: 30 # The name of one of your devices to send just to # that device instead of all devices. # device: pixel8 # Set to True to enable HTML parsing of the message. # Set to false for plain text. # html: true # The name of a supported sound to override your # default sound choice. All options can be found # here: https://pushover.net/api#sounds # sound: bike # Your message's title, otherwise your app's name is # used. # title: A backup job has started. # The number of seconds that the message will live, # before being deleted automatically. The ttl # parameter is ignored for messages with a priority. # value of 2. # ttl: 3600 # A supplementary URL to show with your message. # url: https://pushover.net/apps/xxxxx-borgbackup # A title for the URL specified as the url parameter, # otherwise just the URL is shown. # url_title: Pushover Link # finish: # Message to be sent to the user or group. If omitted # the default is the name of the state. # message: A backup job has finished. # A value of -2, -1, 0 (default), 1 or 2 that # indicates the message priority. # priority: 0 # How many seconds your notification will continue # to be retried (every retry seconds). Defaults to # 600. This settings only applies to priority 2 # notifications. # expire: 600 # The retry parameter specifies how often # (in seconds) the Pushover servers will send the # same notification to the user. Defaults to 30. This # settings only applies to priority 2 notifications. # retry: 30 # The name of one of your devices to send just to # that device instead of all devices. # device: pixel8 # Set to True to enable HTML parsing of the message. # Set to false for plain text. # html: true # The name of a supported sound to override your # default sound choice. All options can be found # here: https://pushover.net/api#sounds # sound: bike # Your message's title, otherwise your app's name is # used. # title: A backup job has started. # The number of seconds that the message will live, # before being deleted automatically. The ttl # parameter is ignored for messages with a priority. # value of 2. # ttl: 3600 # A supplementary URL to show with your message. # url: https://pushover.net/apps/xxxxx-borgbackup # A title for the URL specified as the url parameter, # otherwise just the URL is shown. # url_title: Pushover Link # fail: # Message to be sent to the user or group. If omitted # the default is the name of the state. # message: A backup job has failed. # A value of -2, -1, 0 (default), 1 or 2 that # indicates the message priority. # priority: 0 # How many seconds your notification will continue # to be retried (every retry seconds). Defaults to # 600. This settings only applies to priority 2 # notifications. # expire: 600 # The retry parameter specifies how often # (in seconds) the Pushover servers will send the # same notification to the user. Defaults to 30. This # settings only applies to priority 2 notifications. # retry: 30 # The name of one of your devices to send just to # that device instead of all devices. # device: pixel8 # Set to True to enable HTML parsing of the message. # Set to false for plain text. # html: true # The name of a supported sound to override your # default sound choice. All options can be found # here: https://pushover.net/api#sounds # sound: bike # Your message's title, otherwise your app's name is # used. # title: A backup job has started. # The number of seconds that the message will live, # before being deleted automatically. The ttl # parameter is ignored for messages with a priority. # value of 2. # ttl: 3600 # A supplementary URL to show with your message. # url: https://pushover.net/apps/xxxxx-borgbackup # A title for the URL specified as the url parameter, # otherwise just the URL is shown. # url_title: Pushover Link # List of one or more monitoring states to ping for: "start", # "finish", and/or "fail". Defaults to pinging for failure # only. # states: # - start # - finish # zabbix: # The ID of the Zabbix item used for collecting data. # Unique across the entire Zabbix system. # itemid: 55105 # Host name where the item is stored. Required if "itemid" # is not set. # host: borg-server # Key of the host where the item is stored. Required if # "itemid" is not set. # key: borg.status # The API endpoint URL of your Zabbix instance, usually ending # with "/api_jsonrpc.php". Required. # server: https://zabbix.your-domain.com # The username used for authentication. Not needed if using # an API key. Supports the "{credential ...}" syntax. # username: testuser # The password used for authentication. Not needed if using # an API key. Supports the "{credential ...}" syntax. # password: fakepassword # The API key used for authentication. Not needed if using an # username/password. Supports the "{credential ...}" syntax. # api_key: fakekey # start: # The value to set the item to on start. # value: STARTED # finish: # The value to set the item to on finish. # value: FINISH # fail: # The value to set the item to on fail. # value: ERROR # List of one or more monitoring states to ping for: "start", # "finish", and/or "fail". Defaults to pinging for failure # only. # states: # - start # - finish # apprise: # A list of Apprise services to publish to with URLs and # labels. The labels are used for logging. A full list of # services and their configuration can be found at # https://github.com/caronc/apprise/wiki. # services: # URL of this Apprise service. # - url: gotify://hostname/token # Label used in borgmatic logs for this Apprise # service. # label: gotify # Send borgmatic logs to Apprise services as part of the # "finish", "fail", and "log" states. Defaults to true. # send_logs: false # Number of bytes of borgmatic logs to send to Apprise # services. Set to 0 to send all logs and disable this # truncation. Defaults to 1500. # logs_size_limit: 100000 # start: # Specify the message title. If left unspecified, no # title is sent. # title: Ping! # Specify the message body. # body: Starting backup process. # finish: # Specify the message title. If left unspecified, no # title is sent. # title: Ping! # Specify the message body. # body: Backups successfully made. # fail: # Specify the message title. If left unspecified, no # title is sent. # title: Ping! # Specify the message body. # body: Your backups have failed. # log: # Specify the message title. If left unspecified, no # title is sent. # title: Ping! # Specify the message body. # body: Here is some info about your backups. # List of one or more monitoring states to ping for: # "start", "finish", "fail", and/or "log". Defaults to # pinging for failure only. For each selected state, # corresponding configuration for the message title and body # should be given. If any is left unspecified, a generic # message is emitted instead. # states: # - start # - finish # Configuration for a monitoring integration with Healthchecks. Create # an account at https://healthchecks.io (or self-host Healthchecks) if # you'd like to use this service. See borgmatic monitoring # documentation for details. # healthchecks: # Healthchecks ping URL or UUID to notify when a backup # begins, ends, errors, or to send only logs. # ping_url: https://hc-ping.com/your-uuid-here # Verify the TLS certificate of the ping URL host. Defaults to # true. # verify_tls: false # Send borgmatic logs to Healthchecks as part of the "finish", # "fail", and "log" states. Defaults to true. # send_logs: false # Number of bytes of borgmatic logs to send to Healthchecks, # ideally the same as PING_BODY_LIMIT configured on the # Healthchecks server. Set to 0 to send all logs and disable # this truncation. Defaults to 100000. # ping_body_limit: 200000 # List of one or more monitoring states to ping for: "start", # "finish", "fail", and/or "log". Defaults to pinging for all # states. # states: # - finish # Create the check if it does not exist. Only works with # the slug URL scheme (https://hc-ping.com/<ping-key>/<slug> # as opposed to https://hc-ping.com/<uuid>). # Defaults to false. # create_slug: true # Configuration for a monitoring integration with Uptime Kuma using # the Push monitor type. # See more information here: https://uptime.kuma.pet # uptime_kuma: # Uptime Kuma push URL without query string (do not include the # question mark or anything after it). # push_url: https://example.uptime.kuma/api/push/abcd1234 # List of one or more monitoring states to push for: "start", # "finish", and/or "fail". Defaults to pushing for all # states. # states: # - start # - finish # - fail # Verify the TLS certificate of the push URL host. Defaults to # true. # verify_tls: false # Configuration for a monitoring integration with Cronitor. Create an # account at https://cronitor.io if you'd like to use this service. # See borgmatic monitoring documentation for details. # cronitor: # Cronitor ping URL to notify when a backup begins, # ends, or errors. # ping_url: https://cronitor.link/d3x0c1 # Configuration for a monitoring integration with PagerDuty. Create an # account at https://www.pagerduty.com if you'd like to use this # service. See borgmatic monitoring documentation for details. # pagerduty: # PagerDuty integration key used to notify PagerDuty when a # backup errors. Supports the "{credential ...}" syntax. # integration_key: a177cad45bd374409f78906a810a3074 # Send borgmatic logs to PagerDuty when a backup errors. # Defaults to true. # send_logs: false # Configuration for a monitoring integration with Cronhub. Create an # account at https://cronhub.io if you'd like to use this service. See # borgmatic monitoring documentation for details. # cronhub: # Cronhub ping URL to notify when a backup begins, # ends, or errors. # ping_url: https://cronhub.io/ping/1f5e3410-254c-5587 # Configuration for a monitoring integration with Grafana Loki. You # can send the logs to a self-hosted instance or create an account at # https://grafana.com/auth/sign-up/create-user. See borgmatic # monitoring documentation for details. # loki: # Grafana loki log URL to notify when a backup begins, # ends, or fails. # url: http://localhost:3100/loki/api/v1/push # Allows setting custom labels for the logging stream. At # least one label is required. "__hostname" gets replaced by # the machine hostname automatically. "__config" gets replaced # by the name of the configuration file. "__config_path" gets # replaced by the full path of the configuration file. # labels: # app: borgmatic # config: __config # hostname: __hostname # Configuration for a monitoring integration with Sentry. You can use # a self-hosted instance via https://develop.sentry.dev/self-hosted/ # or create a cloud-hosted account at https://sentry.io. See borgmatic # monitoring documentation for details. # sentry: # Sentry Data Source Name (DSN) URL, associated with a # particular Sentry project. Used to construct a cron URL, # notified when a backup begins, ends, or errors. # data_source_name_url: https://5f80ec@o294220.ingest.us.sentry.io/203069 # Sentry monitor slug, associated with a particular Sentry # project monitor. Used along with the data source name URL to # construct a cron URL. # monitor_slug: mymonitor # List of one or more monitoring states to ping for: "start", # "finish", and/or "fail". Defaults to pinging for all states. # states: # - start # - finish # Configuration for integration with the ZFS filesystem. # zfs: # Command to use instead of "zfs". # zfs_command: /usr/local/bin/zfs # Command to use instead of "mount". # mount_command: /usr/local/bin/mount # Command to use instead of "umount". # umount_command: /usr/local/bin/umount # Configuration for integration with the Btrfs filesystem. # btrfs: # Command to use instead of "btrfs". # btrfs_command: /usr/local/bin/btrfs # Command to use instead of "findmnt". # findmnt_command: /usr/local/bin/findmnt # Configuration for integration with Linux LVM (Logical Volume # Manager). # lvm: # Size to allocate for each snapshot taken, including the # units to use for that size. Defaults to "10%ORIGIN" (10% # of the size of logical volume being snapshotted). See the # lvcreate "--size" and "--extents" documentation for more # information: # https://www.man7.org/linux/man-pages/man8/lvcreate.8.html # snapshot_size: 5GB # Command to use instead of "lvcreate". # lvcreate_command: /usr/local/bin/lvcreate # Command to use instead of "lvremove". # lvremove_command: /usr/local/bin/lvremove # Command to use instead of "lvs". # lvs_command: /usr/local/bin/lvs # Command to use instead of "lsblk". # lsblk_command: /usr/local/bin/lsblk # Command to use instead of "mount". # mount_command: /usr/local/bin/mount # Command to use instead of "umount". # umount_command: /usr/local/bin/umount # Configuration for integration with Docker or Podman secrets. # container: # Secrets directory to use instead of "/run/secrets". # secrets_directory: /path/to/secrets # Configuration for integration with the KeePassXC password manager. # keepassxc: # Command to use instead of "keepassxc-cli". # keepassxc_cli_command: /usr/local/bin/keepassxc-cli # Path to a key file for unlocking the KeePassXC database. # key_file: /path/to/keyfile # YubiKey slot and optional serial number used to access the # KeePassXC database. The format is "<slot[:serial]>", where: # * <slot> is the YubiKey slot number (e.g., `1` or `2`). # * <serial> (optional) is the YubiKey's serial number (e.g., # `7370001`). # yubikey: 1:7370001 ```
witten commented 2025-09-19 17:13:34 +00:00
Owner
Copy Link

Thanks for including your entire configuration. I'm honestly at a loss as to what might be going on here. Normally, if a configuration file is invalid, not only would validate catch that and complain, but even a borgmatic list would give errors or warnings if it can't read a configuration file.

I will note that you have inconsistent indentation in this portion of your config:

source_directories:
   - /var/cells
    - /etc/borgmatic/config.yaml

But that shouldn't be a problem, and in fact when I try it on my system, borgmatic deals with it just fine.

Some ideas on other things to try:

  • borgmatic config validate --config /etc/borgmatic/config.yaml --verbosity 2, just to make sure that your validate and list commands are working on the same config file. (They should be already.)
  • It looks like you're running this is as a non-root user. Can you try it as root? Just to rule out potential permissions issues.
  • Maybe try installing borgmatic via another means to see if there's maybe a problem with the Fedora borgmatic package? That would also allow you to try 2.0.7 instead of 2.0.6.
  • If you put the config file in a different location, does that change the behavior at all?
  • If you use a more minimal config file (like literally just repositories), does that change the behavior at all?
Thanks for including your entire configuration. I'm honestly at a loss as to what might be going on here. Normally, if a configuration file is invalid, not only would `validate` catch that and complain, but even a `borgmatic list` would give errors or warnings if it can't read a configuration file. I will note that you have inconsistent indentation in this portion of your config: ```yaml source_directories: - /var/cells - /etc/borgmatic/config.yaml ``` But that shouldn't be a problem, and in fact when I try it on my system, borgmatic deals with it just fine. Some ideas on other things to try: * `borgmatic config validate --config /etc/borgmatic/config.yaml --verbosity 2`, just to make sure that your `validate` and `list` commands are working on the same config file. (They should be already.) * It looks like you're running this is as a non-root user. Can you try it as root? Just to rule out potential permissions issues. * Maybe try installing borgmatic via another means to see if there's maybe a problem with the Fedora borgmatic package? That would also allow you to try 2.0.7 instead of 2.0.6. * If you put the config file in a different location, does that change the behavior at all? * If you use a more minimal config file (like literally just `repositories`), does that change the behavior at all?
elhananjair commented 2025-09-19 20:06:10 +00:00
Author
Copy Link

Hello there
I tried removing Borgmatic and Borg from both, and installed Borgmatic with pipx as root. But before that, I have tried running with root as you suggested, and indeed, the error is different this time. I just installed borg and borgmatic on Repo Machine nothing else, with the same config.yaml I tried borgmatic list and it is giving me the following error:

root@Prod-Server:~# borgmatic repo-create --encryption repokey-aes-ocb
Remote:repo_admin@remote.drp: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
Connection closed by remote host. Is borg working on the server?
ssh://repo_admin@remote.drp/home/repo_admin/DRP: Error running actions for repository
ssh://repo_admin@remote.drp/home/repo_admin/DRP: Command '('borg', 'info', '--json', 'ssh://repo_admin@remote.drp/home/repo_admin/DRP')' returned non-zero exit status 81.
/etc/borgmatic/config.yaml: Error running configuration
/etc/borgmatic/config.yaml: An error occurred

summary:
An error occurred
Error running actions for repository
Command '('borg', 'info', '--json', 'ssh://repo_admin@remote.drp/home/repo_admin/DRP')' returned non-zero exit status 81.
Error running configuration

Need some help? https://torsion.org/borgmatic/#issues

The funny part is that SSH is working fine since I configured passwordless and key-based authentication, it works fine, but in the Borgmatic case, it doesn't, couldn't understand why.

Hello there I tried removing Borgmatic and Borg from both, and installed Borgmatic with `pipx` as root. But before that, I have tried running with root as you suggested, and indeed, the error is different this time. I just installed borg and borgmatic on Repo Machine nothing else, with the same config.yaml I tried `borgmatic list` and it is giving me the following error: ``` root@Prod-Server:~# borgmatic repo-create --encryption repokey-aes-ocb Remote:repo_admin@remote.drp: Permission denied (publickey,gssapi-keyex,gssapi-with-mic). Connection closed by remote host. Is borg working on the server? ssh://repo_admin@remote.drp/home/repo_admin/DRP: Error running actions for repository ssh://repo_admin@remote.drp/home/repo_admin/DRP: Command '('borg', 'info', '--json', 'ssh://repo_admin@remote.drp/home/repo_admin/DRP')' returned non-zero exit status 81. /etc/borgmatic/config.yaml: Error running configuration /etc/borgmatic/config.yaml: An error occurred summary: An error occurred Error running actions for repository Command '('borg', 'info', '--json', 'ssh://repo_admin@remote.drp/home/repo_admin/DRP')' returned non-zero exit status 81. Error running configuration Need some help? https://torsion.org/borgmatic/#issues ``` The funny part is that SSH is working fine since I configured passwordless and key-based authentication, it works fine, but in the Borgmatic case, it doesn't, couldn't understand why.
witten commented 2025-09-19 22:17:52 +00:00
Owner
Copy Link

If that error is from borgmatic running on the repo machine, then does that mean you're expecting the repo machine to connect to itself via SSH? Would it make more sense to change the repositories: entry on that machine so that it can access the repository via a local path instead?

If that error is from borgmatic running on the repo machine, then does that mean you're expecting the repo machine to connect to _itself_ via SSH? Would it make more sense to change the `repositories:` entry on that machine so that it can access the repository via a local path instead?
elhananjair commented 2025-09-20 04:29:22 +00:00
Author
Copy Link

If that error is from borgmatic running on the repo machine, then does that mean you're expecting the repo machine to connect to itself via SSH? Would it make more sense to change the repositories: entry on that machine so that it can access the repository via a local path instead?

Nope still trying on production server and getting that error. ssh myrepomachine@drp.local (e.g.) just works fine without asking password it connects to the repo machine since I am using key based authentication.

> If that error is from borgmatic running on the repo machine, then does that mean you're expecting the repo machine to connect to _itself_ via SSH? Would it make more sense to change the `repositories:` entry on that machine so that it can access the repository via a local path instead? Nope still trying on production server and getting that error. ssh myrepomachine@drp.local (e.g.) just works fine without asking password it connects to the repo machine since I am using key based authentication.
witten commented 2025-09-20 05:12:35 +00:00
Owner
Copy Link

Ah gotcha. What about running the Borg command directly without borgmatic on the production server?

borg info --json ssh://repo_admin@remote.drp/home/repo_admin/DRP

And what about this one?

ssh repo_admin@remote.drp
Ah gotcha. What about running the Borg command directly without borgmatic on the production server? ```bash borg info --json ssh://repo_admin@remote.drp/home/repo_admin/DRP ``` And what about this one? ``` ssh repo_admin@remote.drp ```
elhananjair commented 2025-09-20 08:09:36 +00:00
Author
Copy Link

Well, I tried both, borg info --json ssh://repo_admin@remote.drp/home/repo_admin/DRP shows an error related to repo not found, since I started as a new user, I have not created a repo yet, since the ssh part is not working when I tried with sudo borgmatic repo-create --encryption repokey-aes-ocb

image.png

image.png

Well, I tried both, `borg info --json ssh://repo_admin@remote.drp/home/repo_admin/DRP` shows an error related to repo not found, since I started as a new user, I have not created a repo yet, since the ssh part is not working when I tried with `sudo borgmatic repo-create --encryption repokey-aes-ocb` ![image.png](/attachments/484bc1ef-3731-460f-ae50-7ac1d141454a) --- ![image.png](/attachments/135a8612-5bba-4c62-a124-7abd25af1465)
image.png
88 KiB
image.png
30 KiB
elhananjair commented 2025-09-20 08:50:17 +00:00
Author
Copy Link

Just installed borgmatic with dnf and created a repo on backup machine using borg borg init --encryption=repokey /path/to/repo and then I executed this as you suggested borg info --json ssh://repo_admin@remote.drp/home/repo_admin/DRP and it is working fine, the problem is I guess with borgmatic

image.png

Just installed borgmatic with dnf and created a repo on backup machine using borg ` borg init --encryption=repokey /path/to/repo` and then I executed this as you suggested `borg info --json ssh://repo_admin@remote.drp/home/repo_admin/DRP` and it is working fine, the problem is I guess with borgmatic ![image.png](/attachments/cd16980e-faa1-4a6c-8506-daee4a5a8360)
image.png
52 KiB
witten commented 2025-09-22 00:33:29 +00:00
Owner
Copy Link

Okay, here's one discrepancy that's likely causing this issue: When you run borgmatic as the root user or with sudo, you're using the root user's SSH keys. And when you run a command like borg or ssh as a non-root user without sudo, you're using that non-root user's SSH keys. And each one has potentially different access to the target server. In your case, it looks like your root user doesn't have SSH access to that target user@server.

So there are at least two solutions:

  1. Give your root user access to your SSH server. For instance, you could copy you root user's SSH public key into the authorized keys file on your server.
  2. Or run borgmatic as your non-root user without sudo. Note however that while this might fix the SSH issue, there are permissions implications in that borgmatic will no longer have permissions to read as many files. For example, I don't know if root access is needed to read /var/cells.
Okay, here's one discrepancy that's likely causing this issue: When you run borgmatic as the root user or with `sudo`, you're using the root user's SSH keys. And when you run a command like `borg` or `ssh` as a non-root user without `sudo`, you're using that non-root user's SSH keys. And each one has potentially different access to the target server. In your case, it looks like your root user doesn't have SSH access to that target user@server. So there are at least two solutions: 1. Give your root user access to your SSH server. For instance, you could copy you root user's SSH public key into the authorized keys file on your server. 2. *Or* run borgmatic as your non-root user without `sudo`. Note however that while this might fix the SSH issue, there are permissions implications in that borgmatic will no longer have permissions to read as many files. For example, I don't know if root access is needed to read `/var/cells`.
elhananjair commented 2025-09-25 18:30:20 +00:00
Author
Copy Link

Hello @witten
Thanks for taking the time and try finding out the issue. Your suggestion was actually very important and accurate, as you said, I couldn't log in to the backup server with the root user. Borgmatic needs to be executed with the root user when you install it with the package manager. As you said before, the issue was actually a permission issue to execute with borgmatic, therefore, after fixing ssh SSH-related issue with the root user, now it's working, I can see the result of borgmatic list...

Hello @witten Thanks for taking the time and try finding out the issue. Your suggestion was actually very important and accurate, as you said, I couldn't log in to the backup server with the root user. Borgmatic needs to be executed with the root user when you install it with the package manager. As you said before, the issue was actually a permission issue to execute with borgmatic, therefore, after fixing ssh SSH-related issue with the root user, now it's working, I can see the result of borgmatic list...
witten commented 2025-09-25 19:15:31 +00:00
Owner
Copy Link

Great, I'm glad to hear it's working now!

Great, I'm glad to hear it's working now!
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
blocked
breaking
bug
data loss
design finalized
good first issue
new feature area
question / support
security
waiting for response
No Label question / support
Milestone
No items
No Milestone
Assignees
Clear assignees
witten
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: borgmatic-collective/borgmatic#1148
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?