Charles, it's a long term topic that i'm finally taking up.

How do you want to proceed? Is there a documentation? Discussion for our weekly meeting?

Let's discuss face to face some convenient time TBD

As discussed, can you please send me OpenVPN certs and your ssh key?

For the OpenVPN certs, what is the client's FQDN? My ssh key emailed to you.

Starting with the DB server: gisdb.csr.av (csr.av being handled by a local bind server)

Certs file mailed to you, Phil. Installation procedure: [[Aurinoco Systems:OpenVPN_24_operations#Debian]]

Looks OK: 172.16.9.1 @ tun0.

Just a small note on openvpn management by systemd: i prefer to have the config in /etc/openvpn/client, and the service at openvpn-client@gisdb.csr.av.ICITI.service. It makes it more explicit to differentiate between server and client. Ref: https://unix.stackexchange.com/questions/409665/starting-openvpn-client-as-daemon-in-debian

Back to you to log in and proceed, the database dumps are in:

root@gisdb:/var/log# ll /var/lib/autopostgresqlbackup/daily/avgis
total 162512
drwxr-xr-x 2 root postgres     4096 Dec 11 06:25 ./
drwxr-xr-x 7 root postgres     4096 Nov 21 17:58 ../
-rw------- 1 root root     27573587 Nov 25 06:25 avgis_2018-11-25_06h25m.Sunday.sql.gz
-rw------- 1 root root     27715338 Dec  3 06:25 avgis_2018-12-03_06h25m.Monday.sql.gz
-rw------- 1 root root     27749682 Dec  5 06:25 avgis_2018-12-05_06h25m.Wednesday.sql.gz
-rw------- 1 root root     27761994 Dec  6 06:25 avgis_2018-12-06_06h25m.Thursday.sql.gz
-rw------- 1 root root     27773790 Dec  7 06:25 avgis_2018-12-07_06h25m.Friday.sql.gz
-rw------- 1 root root     27822839 Dec 11 06:25 avgis_2018-12-11_06h25m.Tuesday.sql.gz

We'll see how it goes with this directory first.

Regards having the config in /etc/openvpn/client, from the linked page (dated 8 Dec 2017):

Note that newer versions of OpenVPN have split the configuration files directory into /etc/openvpn/client and /etc/openvpn/server. This has not (yet) percolated down into a stable version of Debian

When designing the current implementation I considered introducing /etc/openvpn/{client,server} but they would break the Stretch systemd OpenVPN generator which only works with /etc/openvpn/*.conf files.

Sorry -- somehow I have disabled ssh access:

c@CW10:~$ ssh -A root@172.16.9.1
root@172.16.9.1's password: 

I installed bung.

I think that we now need to set up the backup target. I checked https://redmine.auroville.org.in/projects/backup-service , but it doesn't have information, maybe a Wiki page would be nice there.

How would you like to proceed now? You create the target destination, give permissions, and give me the URL for rsync?

The required size of backup space would be less than 1GB (less than 30 MB per day, 1 month retention).

The remote server should be backup-rsync.iciti.av (currently resolves to backup3.iciti.av). Conventionally the ssh host used to access it and the comment in the ssh keys would be gisdb.csr_to_backup-rsync.iciti

The remote path should be /srv/remote_backup/gisdb.csr.av.

If you send me the public key, I will install it in backup3.iciti.av:/root/.ssh/authorized_keys2 with the command= restriction normally used with bung.

Here's the private public key:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3Yv7i/yXDFy1gZzW4tagHWzWkUDEeTqinKncmhOiPpfTDpQG9Ug4RIZRVBPq9yirDXhXWfSWzxfgsthwLToaiIL0mSj8qyPJuBFS/apOHrMok2jkAqzqsqB/7CeGMLN28RvM0AC1/aj8emsuNHmhD0iU5scObgjqxMuXwNezyXMmXVUcwmNnM//ariY53MbepybxhxLa0ft43uzmnZ5wodtZHGgYdRj+ncK9saz1tLoB2qNdn/zmU4E/RrpPHsSj0SH3V3nFLoLu57loyGjZ92yq06Iln3VLNZe8TGylBt3EMmSxlVX5zbLc4uOmc74EfVwSYF66Pu1Dyev5Cz1FT root@gisdb

Installed it in backup3.iciti.av:/root/.ssh/authorized_keys2 with the command= restriction normally used with bung.