notes:backups
This is an old revision of the document!
Table of Contents
How I backup servers locally and in the cloud using rsync, restricted-rsync, rsnapshot, restic, backblaze b2.
Android phones have their photos backed up to a central backup server using syncthing, which is then backed up to the cloud using restic. Servers are backed up using rsync and restricted-rsync pulling from a centralized backup server.
Tools used
- restricted rsync
- ssh, and ssh authorized keys
- Backblaze B2 for remote cloud backups
restic
rsnapshot
create a new ed25519 key on the backup server, and copy the public Setup /root/.ssh/authorized_keys command=“/usr/bin/rrsync -ro /”,restrict,from=“192.0.2.2” ssh-ed25519 abc1234PublicKey
This will force the use of rrsync to the / directory as read-only, when logging in using the specified key, from 192.0.2.2 .
syncthing
OpenWRT backup
Prep backup server
create a user and limit it to a predefined sftp only chroot.
useradd -m -s /bin/false gatewaybackup
setup chroot
mkdir -p /chrootbackup/gatewaybackup/backups chown gatewaybackups /chrootbackup/gatewaybackup/backups
Setup openwrt box
nightly script using sysupgrade 1)
#!/bin/sh
backupFile=/tmp/backup-${HOSTNAME}-$(date +%F).tar.gz
sysupgrade -b $backupFile
echo "put $backupFile backups/" | sftp -i gatewaykey -b - gatewaybackup@<backupserver>
rm -f "${backupFile}"
edit the /etc/sysupgrade.conf file on the openwrt machine with a list of files to backup
create ssh key to login to backupserver
dropbearkey -t ed25519 -f gatewaykey
copy the public key to the backup server /home/gatewaybackups/.ssh/authorized_keys
dropbearkey -y -f gatewaykey
References
notes/backups.1633220232.txt.gz · Last modified: by david