Built a Small Offsite backup machine! What to run on it?
(lemmy.world)
from mysbyxor@lemmy.world to selfhosted@lemmy.world on 26 Jul 2023 21:22
https://lemmy.world/post/2214136
from mysbyxor@lemmy.world to selfhosted@lemmy.world on 26 Jul 2023 21:22
https://lemmy.world/post/2214136
As the title says, i recently printed a nice case for my RPi3 and HDD that intend to run as an offsite backup machine.
Looking for recommendations on what backup service to run. I want to backup my Nextcloud and a “changes only” backup/cloning solution would be optimal but i have yet to find one.
threaded - newest
It’s basic, but rsync is a reliable changes-only solution. You can do push or pull on a cronjob.
Would rsync corrupt the backup if the main file gets corrupted (seeing as this would be a change) ?
Unless you have some form of versioning, yes.
Does this setup have some sort of versioning or snapshots?
Duplicity uses rsync internally for efficient transport. I have used that. I'm presently using rdiff-backup, driven by backupninja out of a cron job, to backup to a local hard drive and which does incremental backups (which would address @Nr97JcmjjiXZud's concern). That also uses rsync. There's also rsbackup, which also uses rsync and I have not used.
Two caveats I'd note that may or may not be a concern for one's specific use case (which apply to rdiff-backup, and I believe both also apply to the other two rsync-based solutions above, though it's been a while since I've looked at them, so don't quote me on that):
One property that a backup system can have is to make backups immutable -- so that only the backup system has the ability to purge old backups. That could be useful if, for example, the system with the data one is preserving is broken into -- you may not want someone compromising the backed up system to be able to wipe the old backups. Rdiff-backup expects to be able to connect to the backup system and write to it. Unless there's some additional layer of backups that the backup server is doing, that may be a concern for you.
Rdiff-backup doesn't do dedup of data. That is, if you have a 1GB file named "A" and one byte in that file changes, it will only send over a small delta and will efficiently store that delta. But if you have another 1GB file named "B" that is identical to "A" in content, rdiff-backup won't detect that and only use 1GB of storage -- it will require 2GB and store the identical files separately. That's not a huge concern for me, since I'm backing up a one-user system and I don't have a lot of duplicate data stored, but for someone else's use case, that may be important. Possibly more-importantly to OP, since this is offsite and bandwidth may be a constraining factor, the 1GB file will be retransferred. I think that this also applies to renames, though I could be wrong there (i.e. you'd get that for free with dedup; I don't think that it looks at inode numbers or something to specially try to detect renames).
Rsync has a bunch of downsides though. It only gives you one backup, any corrupted files will be mirrored in their corrupted state with no way to go back to an old version, and if the client system is hacked, the attacker can delete the remote backups. Not ideal.
Something like Borgbackup is much better. It dedupes blocks so storing months of daily backups isn’t an issue, and it has an “append-only” mode that prevents the client from deleting backups. Even if the client system is hacked, the attacker can’t delete the backups.
Rsync paired with ZFS is sufficient for a backup server imo. Configure ZFS to create daily snapshot and now you have versioned backup system. It’s basically what rsync.net sells to their customers.
Thanks! Sounds very solid!
I run Dietpi on 3 PIs, one is a remote backup that is wireguarded into my network and my server runs BorgBackup to it
Duplicacy is a great solution, well worth the cheap price. It can do changes only over many different protocols.
I also would recommend setting up something like Uptime-Kuma on it, and also an instance of it home. This way you have an external monitor for your own home network, but also a monitor for your backups! Both Duplicacy and Uptime-Kuma can run on docker.
I use rsnapshot
Check out borgbackup, it stores changes only, snapshots are created for every new backup, encrypts automatically and is pretty straightforward to use.
And if you’re looking for a way to simplify the setup process: borgmatic
I recommend Restic. It’s fast, it supports snapshots and compression, written in Go so it’s much quicker than most other solutions I’ve tested. It also supports multiple different backends for transporting and storing the files so you can use one you’ve already got or use the restic-server (which is pretty easy to setup).
not related to backup solution, but this is a great time to get some home monitoring sorted! put prometheus on it, run prometheus at home too, and have them monitor each other… great way to know why/when things aren’t working in general, but adds another level of confidence that your data are nice and safe
Duplicati docker container works pretty well
Same here, but some guys had corrupted data and unable to restore. Thats why Im using both duplicaty and kopia
not sure how long ago that was but duplicati can now validate backups via checksum every time after writing somewhere
Oh nice to hear that its so nice and simple GUI
For me it’s Borg backup for Nextcloud an all the other servers
My backup server is running borg server for automated backups from my main server as well as time machine for my macbook and an smb share for manual backup of bits and pieces.
Same server also functions as my vpn (wireguard) and dns (pihole)
Can it run crysis?
Syncthing! Although I don’t use it to create incremental backups, It just syncs folders between computers (and my phone).
+1 for syncthing
I’ve tried Nextcloud, OpenMediaVault, rsync over SSH and just keep coming back to syncthing.
Borgbackup is great. It uses block-level dedupe so you can store months of daily backups without using a lot of space, and don’t have to do full backups every so often like with Duplicity.
It has an “append-only” mode that prevents the client system from being able to delete the backups. This means that even if the client gets hacked, the attacker can’t delete the offsite backups. This is a common problem with other backup solutions - the client system has full write access to the backup, so an attacker (or ransomware) can wipe all your remote backups before locking/destroying the local files.
Can you share the link for that case?
I remixed it from another case, ill see if i can upload it somewhere tomorrow.
I’m interested to know why more people aren’t recommending kopia, it seemed like the obvious choice when I evaluated them but perhaps I was just wrong?