Before pruning a repo, we must ensure that the client machine backing-up to this repo has not been compromised.
TODO: a script that would close and prevent any ssh connection but ours (root) and start borg prune.
For now there is a cron that checks for free space and will email tech@ when 90% is used.
Prune the repo
- On spica:
- Remove
--append-onlyin the corresponding client line in /home/borgy/.ssh/authorized_keys - Change
append-only = 1toappend-only = 0in repo/config
- Remove
- On the client:
- Comment out the
prefix:entry in/etc/borgmatic/config.yaml - Run
borgmatic prune
- Comment out the
- Wait till it's finished
- On the client:
- Uncomment the
prefix:entry in borgmatic's config
- Uncomment the
- On spica:
- Add
--append-onlyin theborg servepart of the client's line in/home/borgy/.ssh/authorized_keys - Change back
append-only =from 0 to 1 in repo/config
- Add