2 minute read

One of the docker containers I’ve been using is the wonderful BackupPC for agentless backups. This thing works quite well, allowing me to backup laptops around the house without too much hassle. It’s a bit work to set it up properly, but it works and is fast.

If you want to backup BackupPC to a 3rd system, for instance a cloud provider, you need to backup the entire pool of files it creates. This also means that if your local BackupPC instance is broken, and you need to restore one file, you need to re-download the entire BackupPC repository.

Most cloud providers are fairly cheap to put data in, but they charge you (more) to download the data.

Not great.

To solve this, I converted the machines that need backups to ZFS, and started to use ZFS snapshots together with zfs send and zfs receive to put them on the Proxmox NAS. I first testing this with just the base commands, but quickly moved over to Jim Salter’s sanoid/syncoid tool.

The tool is really simple: you add the backup policy to /etc/sanoid/sanoid.conf, specifying which snapshots to take and how to lifecycle them. On Debian a systemd timer comes with the package that executes sanoid every 15 minutes.

[laptop/home/myuser]
        use_template = backup2nas
        recursive = yes
        skip_children = yes

[template_backup2nas]
        frequently = 0
        hourly = 0
        daily = 14
        monthly = 0
        yearly = 0
        autosnap = yes
        autoprune = yes

This policy keeps 14 days of daily snapshots.

You also need a policy on the receiving system, otherwise the old snapshots will never be cleaned up:

[datapool/backups/hosts]
        use_template = host_backups
        recursive = yes
        process_children_only = yes

[template_host_backups]
        frequently = 0
        hourly = 0
        daily = 30
        monthly = 12
        yearly = 5
        autosnap = no
        autoprune = yes
        daily_warn = 2d
        daily_crit = 3d

This policy keeps 30 daily, 12 monthly and 5 yearly snapshots. It also sends out a warning of snapshots are more than 2 days old.

To send the snapshots over, I use syncoid in a cron job that runs every 20 minutes:

*/20 * * * * /usr/sbin/syncoid --quiet --no-sync-snap laptop/home/myuser server:datapool/backups/hosts/laptop

Additionaly, a daily restic job sends the latest snapshots to BackBlace B2, where they live even longer and with finer granularity. This way I have an easy restore method locally, and if needed I can just mount the restic respository and copy out the single file that I need to restore, costing me only the money to get that one file (and a bit of overhead).

Always practice good backups. Have a local copy on-site, and make sure you have atleast an additional copy off-site.

Comments

You May Also Enjoy

SSH’ing to Unifi equipment with Fedora 37

less than 1 minute read

Connecting to Unifi equipment (Switch 8/AP AC Pro) from Fedora37 fails out of the box with a very useful error Bad server host key: Invalid key length. This is because the dropbear used on these devices is woefully out of date, and still requires the use of ssh-rsa (with SHA1), which has been deprecated by OpenSSH in 2021,

Now using less external services!

less than 1 minute read

So back in 2019 I moved the site from WordPress to Jekyll (using Minimal Mistakes), and from Gandi to AWS Serverless.

Lenovo Thinkpad T14s Gen3 (AMD)

3 minute read

10 years ago I bought a Dell XPS13 L322x ultrabook as a replacement for my white Macbook 2,1. This week I replaced the Dell with something newer: a Lenovo Thinkpad T14s Gen3 (AMD).