Comment

Comment on After 1.5 years of learning selfhosting, this is where I'm at

dan@upvote.au ⁨9⁩ ⁨months⁩ ago

I’d recommend using Borgbackup over SSH, instead of just using rclone for backups. As far as I know, rclone is like rsync in that you only have one copy of the data. If it gets corrupted at the source, and that gets synced across, your backup will be corrupted too. Borgbackup and Borgmatic are a great way to do backups, and since it’s deduplicated you can usually store months of daily backups without issue. I do daily backups and retain 7 daily backups, 4 weekly backups, and ‘infinite’ monthly backups (until my backup server runs out of space, then I’ll start pruning old monthly backups).

Borgbackup also has an append-only mode, which prevents deleting backups. This protects the backup in case the client system is hacked. Right now, someone that has unauthorized access to your main VPS could in theory delete both the system and the backup (by connecting via rclone and deleting it). Borg’s append-only mode can be enabled per SSH key, so for example you could have one SSH key on the main VPS that is in append-only mode, and a separate key on your home PC that has full access to delete and prune backups. It’s a really nice system overall.

source

Sort:hotnew top

7Sea_Sailor@lemmy.dbzer0.com ⁨9⁩ ⁨months⁩ ago
You’re right, that’s one of the remaining pain points of the setup. The rclone connections are all established from the homelab, so potential attackers wouldn’t have any traces of the other servers. But I’m not 100% sure if I’ve protected the local backup copy from a full deletion.

The homelab is currently using Kopia to push some of the most important data to OneDrive. From what I’ve read it works very similarly to Borg (deduplicate, chunk based, compression and encryption) so it would probably also be able to do this task? Or maybe I’ll just move all backups to Borg.

Do you happen to have a helpful opinion on Kopia vs Borg?

source
- dan@upvote.au ⁨9⁩ ⁨months⁩ ago
  I haven’t tried Kopia, so unfortunately I can’t compare the two. A lot of the other backup solutions don’t have an equivalent to Borg’s append-only mode though.
  
  source
  - fine_sandy_bottom@discuss.tchncs.de ⁨9⁩ ⁨months⁩ ago
    I’m a borg guy. I’d never heard of kopia. This is from their docs though:
    
    Each snapshot is always incremental. This means that all data is uploaded once to the repository based on file content, and a file is only re-uploaded to the repository if the file is modified. Kopia uses file splitting based on rolling hash, which allows efficient handling of changes to very large files: any file that gets modified is efficiently snapshotted by only uploading the changed parts and not the entire file.
    
    So looks like they do append only.
    
    source
    dan@upvote.au ⁨9⁩ ⁨months⁩ ago
    What I mean by “append-only” is that the client can’t delete the backups. I don’t think Kopia supports that.
    
    source
    -> View More Comments