How I backup servers locally and in the cloud using rsync, restricted-rsync, rsnapshot, restic, backblaze b2.
Android phones have their photos backed up to a central backup server using syncthing, which is then backed up to the cloud using restic.
Servers are backed up using rsync and restricted-rsync pulling from a centralized backup server.
Tools used
* [[https://rsync.samba.org/|rsync]]
* restricted rsync
* ssh, and ssh authorized keys
* [[ https://restic.net | restic ]]
* [[ https://syncthing.net/ |syncthing ]]
* [[ https://www.backblaze.com/b2/cloud-storage.html | Backblaze B2 ]] for remote cloud backups
====== restic ======
====== rsnapshot ======
create a new ed25519 key on the backup server, and copy the public
Setup /root/.ssh/authorized_keys
command="/usr/bin/rrsync -ro /",restrict,from="192.0.2.2" ssh-ed25519 abc1234PublicKey
This will force the use of rrsync to the / directory as read-only, when logging in using the specified key, from 192.0.2.2 .
make sure to use the "--inplace" option for rsync when using the setup for btrfs, from the rsync man page
"it can also help keep a copy-on-write filesystem snapshot from diverging the entire contents of a file that only has minor changes"
===== rsnapshot and btrfs =====
In order to take advantage of btrfs subvolumes with rsnapshot the following options in the rsnapshot configuration will need to be modified according to (( https://web.archive.org/web/20140409045559/http://wwerther.de/2011/10/migrate-rsnapshot-based-backup-to-btrfs-snapshots/ ))
cmd_cp /root/bin/rsnapshot_plug_cp_btrfs
cmd_rm /root/bin/rsnapshot_plug_rm_btrfs
snapshot_plug_cp_btrfs ((https://gist.githubusercontent.com/wwerther/1306185/raw/rsnapshot_plug_cp_btrfs))
#!/bin/sh
# Arg 1: -al
# Arg 2: /testbtrfs/backups/hourly.0
# Arg 3: /testbtrfs/backups/hourly.1
btrfs subvolume snapshot $2 $3
rsnapshot_plug_rm_btrfs
((https://gist.githubusercontent.com/wwerther/1306189/raw/rsnapshot_plug_rm_btrfs))
#!/bin/sh
# Arg 1: -rf
# Arg 2: /testbtrfs/backups/hourly.4/
# echo 1: $1 2: $@
# Try to delete the given path with btrfs subvolume delete first
# if this fails fall back to normal rm
if [ "$1" = "-rf" -a "$3" = "" ]; then
# "trying to delete with btrfs"
btrfs subvolume delete $2
error=$?
if [ $error -eq 13 ]; then
# EC 13 => The directory specified is no subvolume
rm $@
elif [ $error -ne 0 ]; then
echo Error while deleting with btrfs $?
fi
else
rm $@
fi
https://web.archive.org/web/20140409045559/http://wwerther.de/2011/10/migrate-rsnapshot-based-backup-to-btrfs-snapshots/
====== syncthing ======
====== OpenWRT backup ======
===== Prep backup server =====
create a user and limit it to a predefined sftp only chroot.
useradd -m -s /bin/false gatewaybackup
setup chroot
mkdir -p /chrootbackup/gatewaybackup/backups
chown gatewaybackup /chrootbackup/gatewaybackup/backups
===== Setup openwrt box =====
nightly script using sysupgrade ((https://openwrt.org/docs/guide-user/troubleshooting/backup_restore))
#!/bin/sh
backupFile=/tmp/backup-${HOSTNAME}-$(date +%F).tar.gz
sysupgrade -b $backupFile
echo "put $backupFile backups/" | sftp -i gatewaykey -b - gatewaybackup@
rm -f "${backupFile}"
edit the /etc/sysupgrade.conf file on the openwrt machine with a list of files to backup
update cron to run it nightly
/etc/crontabs/root
54 1 * * * /root/backup.sh
create ssh key to login to backupserver
dropbearkey -t ed25519 -f gatewaykey
copy the public key to the backup server /home/gatewaybackups/.ssh/authorized_keys
dropbearkey -y -f gatewaykey
====== References ======
https://wiki.archlinux.org/title/SFTP_chroot
https://passingcuriosity.com/2014/openssh-restrict-to-sftp-chroot/
https://web.archive.org/web/20140409045559/http://wwerther.de/2011/10/migrate-rsnapshot-based-backup-to-btrfs-snapshots/