This is how to setup a backup client on a server. For a how-to to backup your personal desktop computer or notebook see desktop backup.


The Borg insignia, by Rick Sternbach from Star Trek: The Next Generation.

BorgBackup (short: Borg) is a deduplicating backup program. Optionally, it supports compression and authenticated encryption.

The main goal of Borg is to provide an efficient and secure way to backup data. The data deduplication technique used makes Borg suitable for daily backups since only changes are stored. The authenticated encryption technique makes it suitable for backups to not fully trusted targets.


borgmatic logo

borgmatic is a simple, configuration-driven frontend to automate borg backup on servers and workstations. Protect your files with client-side encryption. Backup your databases too. Monitor it all with integrated third-party services.


Files and Directories

The following :

  • /etc - System configuration

  • /home - Users home directories

  • /root - Systemd administrators home directory

  • /usr/local - Locally installed software and scripts

  • /var - Data

  • All MariaDB (MySQL) Databases.

  • A list of installed packages and software.

Excluded Files and Directories

The following files and directories are excluded from backups:

  • **/.aMule

  • **/.beagle

  • **/.cache

  • **/Trash

  • **/.thumbnails

  • **/.Trash

  • **/downloads

  • **/Downloads

  • **/gtk-gnutella-downloads

  • **/cache

  • /var/lib/bitcoind

  • /var/lib/deluge/downloads

  • /var/lib/lxcfs

  • /var/lib/mysql

  • /var/lib/sks

  • /var/lib/sks*

  • /var/lib/transmission-daemon

  • /var/www/mirrors

  • /var/lib/clamav

MariaDB Database Backups

For database servers like MariaDB, its not possible to just copy the files out of the data directory of the database sever.

MariaDB physical backups are created in the /var/backups/mariadb/ directory, as described in Database Backup.

So here we make sure that the /var/backups/mariadb/ directory is included and the /var/lib/mysql/ directory is excluded in our Borgmatic configuration.

We then let borgmatic run a mariabackup full backup as pre-backup task, and let it empty the directory afterwards.

Installed Packages

  • apt software package sources.

  • List of installed packages.

  • List of pip installed Python packages.


Backups are made every six hours (four times a day).

Scheduling is done by systemd-timers, which has more flexiblity then classic cron-jobs.


For how long is are backup archives stored?

  • All backups of the last 24 hours

  • Last backup of the day for 7 days

  • Last backup of the week for 4 weeks

  • Last backup of the month for 6 months

  • Last backup of the year for 2 years


Backup data is client-side encrypted and uses two-factor authentication.

This ensures that …

  • Backup data can be moved and stored anywhere (i.e on untrusted cloud storage);

  • In order to access the backup data, a user must know the password AND needs to have the key-file in his possession;

On modern 64-bit CPUs BLAKE2b-256 is recommended over SHA-256.



Ubuntu 20.04 (focal) or later

As of the time of this writing (May 2020), Ubuntu 20.04 LTS has both packages in fairly up-to-date versions:

  • Borgbackup version 1.1.11 (latest)

  • Borgmatic version 1.5.1 (latest is 1.5.4)

To install using Ubuntu package manager:

$ sudo apt install borgbackup borgmatic

Ubuntu 19.10 (eoan) or earlier

Older versions of Ubuntu either don’t have these packages in their repository, or they are hopelessly outdated.

  • Borgbackup (xenial 1.0.2, 1.0.12), (bionic 1.1.5), (eoan 1.1.10)

  • Borgmatic (since Ubuntu 19.10, version 1.2.11)

You can use this also on newer systems if you want to make sure to have the latest and greatest version. But remember that with this method, updates will not be installed automatically.

Use Python PIP:

$ sudo pip3 install --upgrade borgbackup borgmatic

This installs as a systemwide usable software in to /usr/local/bin/, usable by the system (root, systemd, cron etc.) and users alike.

To install updates just repeat the installation command above.