Off-site Backup Solution

Quite a while ago I set up a backup solution that works for me but isn’t ideal. I have an external hard drive that I plug into my workstation, run my usual backup command using restic, and disconnect it again.
This works, but it’s not handy. Getting the drive, connecting it, running the command, waiting for it to finish, ejecting the drive, and unplugging it is tedious and so I only do this about once a month.

Add to this that the backup lives essentially right next to the workstation, so it only protects me from malware or oopsies on my end. If my workstation ends up in flames, the house collapses, a thief breaks in, or similar, the backup is of no use.
As a “soft backup”, a lot of my important files are on my Nextcloud instance. I call it a “soft backup” because this is live data, not a backup, but it can act as one; although this is not recommended.

A few days ago, I set up a backup solution that uses off-site storage to store my backups. Precisely, it’s the Storage Box BX11 from Hetzner, which gives me 1TB of storage for a little less than 4€ a month. Crucially, it supports SFTP, a protocol that restic can use as a backend to interact with a repository.
After a long first backup I now feel like my data is safe. It’s not perfect, but it’s good enough.

What I still have to figure out, though, is how I guarantee that a backup is made daily, because that is what I want. I can’t just create a cronjob for 3am because I shut my workstation down if I don’t use it to not waste any power. But I also don’t use my workstation at the same time each day, so I really can’t ensure that a backup is run daily with cron.
Alternatively, as I am using Arch Linux which comes with systemd, I could set up a systemd service that fires when my workstation boots, but since I don’t want to use systemd and it could be that I start the system more than once a day, this doesn’t seem like a good option.

Again, I still have to figure out how to automatically run the backup, but for now, just running my script is fine:

#!/bin/sh -eu

exec >> /var/log/backup/remote.log 2>&1
date

# backup home directory to external server using restic.
# steps:
#   1. backup
#   2. keep last x snapshots

. "${XDG_CONFIG_HOME:-${HOME}/.config}/backup/remote/config.rc"

backup() {
	printf "Backing up ${BACKUP_DIRECTORY} to remote ${REMOTE_HOSTNAME}\n"

	restic "${RESTIC_OPTIONS}" \
		backup \
		--exclude-file "${EXCLUDE_FILE_PATH}" \
		--files-from "${FILES_FROM_PATH}" \
		"${BACKUP_DIRECTORY}"
}

forget() {
	printf "Running forget, keeping last ${REMOTE_FORGET_KEEP} snapshots\n"

	restic "${RESTIC_OPTIONS}" \
		forget \
		--keep-last="${REMOTE_FORGET_KEEP}"
}

backup
forget

My configuration file looks like this:

REMOTE_PROTOCOL="sftp"
REMOTE_USERNAME="user"
REMOTE_HOSTNAME="backup.example.org"
REMOTE_URL="${REMOTE_PROTOCOL}:${REMOTE_USERNAME}@${REMOTE_HOSTNAME}"
REMOTE_REPOSITORY_PATH="./workstation/backup"
REMOTE_FORGET_KEEP="30"

CONFIG_HOME="${XDG_CONFIG_HOME:-${HOME}/.config}"
CONFIG_PATH="${CONFIG_HOME}/backup/remote"

REPOSITORY_PASSWORD="supersecretpassword"
EXCLUDE_FILE_PATH="${CONFIG_PATH}/excludes.txt"
FILES_FROM_PATH="${CONFIG_PATH}/files_from.txt"
BACKUP_DIRECTORY="${HOME}"

RESTIC_OPTIONS="--quiet"

export RESTIC_REPOSITORY="${REMOTE_URL}:${REMOTE_REPOSITORY_PATH}"
export RESTIC_PASSWORD="${REPOSITORY_PASSWORD}"

Feel free to use both if you have any use for them.

Update 2023-02-06

I have now successfully set up daily automatic backups with anacron(8), which works like cron(8) but doesn’t assume that the machine it is running on is running continuously.
Thanks to rkta for mentioning this!

Do you have a comment on one of my posts? Feel free to send me an E-Mail: witcher@wiredspace.de
To participate in a public discussion, use my public inbox: ~witcher/public-inbox@lists.sr.ht
Please review the mail etiquette.

Posted on: February 05, 2023

Articles from blogs I read

OpenSSH introduces options to penalize undesirable behavior

In a recent commit, Damien Miller (djm@) introduced the new sshd(8) configurations options, PerSourcePenalties and PerSourcePenaltyExemptList, to provide a built in facility in sshd(8) itself to penalize undesirable behavior, and to shield specific client…

via OpenBSD Journal June 7, 2024

Your Node is Leaking Memory? setTimeout Could be the Reason

This is mostly an FYI for node developers. The issue being discussed in this post has caused us quite a bit of pain. It has to do with how node deals with timeouts. In short: you can very easily create memory leaks [1] with the setTimeout API in node. You…

via Armin Ronacher's Thoughts and Writings June 5, 2024

The state of SourceHut and our plans for the future

Good morning! It’s been a tough year for SourceHut and I know many of our users are waiting to hear from us. Our last update was the post-mortem following the DDoS attack we sustained in January, and we have some additional news following this update as well…

via Blogs on Sourcehut June 4, 2024

Generated by openring