aboutsummaryrefslogtreecommitdiff
path: root/docs/backups.md
diff options
context:
space:
mode:
Diffstat (limited to 'docs/backups.md')
-rw-r--r--docs/backups.md146
1 files changed, 146 insertions, 0 deletions
diff --git a/docs/backups.md b/docs/backups.md
new file mode 100644
index 0000000..f6faf8a
--- /dev/null
+++ b/docs/backups.md
@@ -0,0 +1,146 @@
+# Backups and syncs
+
+This mostly has to do with `hydractl` commands such as
+`sync-{backups,media,tpc}`.
+
+## Servers
+
+* Backups can be automatically generated and sent to other servers, including
+ NAS instances.
+* Automated backup checking can be done.
+* But all this does not exempt a team from manually testing backups and to make
+ their own offline copies in external drives.
+
+## New external drive
+
+Proceed as follows
+
+ disk=new-disk-name
+ device=/dev/sdc
+ hydractl usb-enable # run this for USB drives, then connect the disk
+ sudo cfdisk ${device} # layout with single ${device}1 partition
+ sudo cryptsetup luksFormat ${device}1
+ sudo cryptsetup luksOpen ${device}1 $disk
+ sudo mkfs.ext4 /dev/mapper/$disk
+ sudo mkdir /media/$disk
+ sudo mount /dev/mapper/$disk /media/$disk
+ sudo mkdir /media/$disk/media.`facter domain`
+ sudo chown `whoami`: /media/$disk/media.`facter domain`
+
+## NAS
+
+These commands should be enough to sync all media archives:
+
+ hydractl usb-enable # run this for USB drives, then connect the disk
+ hydractl mount-media $MEDIA
+ hydractl sync-media $MEDIA
+
+As this should handle syncing all backups:
+
+ hydractl sync-backups $MEDIA
+
+## TPC
+
+Chek the [specific](tpc.md) documentation for more information about TPCs.
+
+When regularly syncing a TPC, use a procedure that guarantees minimal
+changes in the running TPC, to make sure syncing data won't create
+inconsistencies in the destination, by doing something like:
+
+1. Reboot the machine
+2. Turn off networking.
+3. Log in through console.
+
+Then do the following:
+
+ hydractl usb-enable # run this for USB drives, then connect the disk
+ hydractl mount-media $TPC
+ hydractl sync-tpc $TPC
+
+To sync archives and remote backups, proceed with as explained in the NAS
+section.
+
+You may also want to consider using [borger][] ([mirror][]) to have encrypted
+homedir backups in the external archive/backup volume.
+
+[borger]: https://git.fluxo.info/borger/about/
+[mirror]: https://0xacab.org/rhatto/borger
+
+## Appliances
+
+You might want to backup the whole SSD, M-SATA or microSD from your appliances.
+If so, proceed as follows with the appliance device connected in your TPC:
+
+ export appliance=appliance-name
+ export dest="/var/backups/remote/$appliance.`facter domain`/image/`date +%Y%m%d`"
+ sudo mkdir -p $dest
+ dcfldd if=/dev/sdb | bzip2 > $dest/$appliance.img.bz2
+
+## Smartphone
+
+Smartphones usually have their own way to be backed up. This is an example
+based on the [android-backup][] utility:
+
+ android-backup <device-name>
+
+[android-backup]: https://git.fluxo.info/scripts/tree/android-backup
+
+## Hardware rotation
+
+It's recommended to rotate the current hardware in use in all
+places:
+
+* Backup disks.
+* Laptops, so they're not kept out of use (and/or especially the batteries).
+
+## Backup Kit
+
+A Backup Kit is a box with the following items:
+
+* External encrypted archive/backup disk.
+* Case for SSD transportation.
+* Laptop power adapter and cables.
+* Dockstation SATA/USB/M-2/microSD/etc (with power adapter).
+* USB power adapter and cable (including USB 2, USB 3 and USB C).
+* USB cables (USB 2, USB 3 and USB C) for the Dockstation and the external drive.
+* TPC laptop with battery and TPS (SSD, M-2 etc), optionally with a UltraBase/Dockstation.
+* Philips screwdriver and other tools.
+* FCR-MG2 adaptor for microSD to USB.
+* Anything else your need (like eyeglasses).
+* Everything in a sealed box.
+
+This may be the ultimate disaster recovery kit for your Hydra!
+
+## Restore
+
+Examples according to the software used to make the backup.
+
+### Duplicity
+
+For [duplicity][]:
+
+ duplicity collection-status file:///var/backups/duplicity
+ duplicity restore --file-to-restore home/$USER --time 2018-03-25 file:///var/backups/duplicity/ /home/$USER
+
+[duplicity]: https://duplicity.gitlab.io/
+
+### Borg
+
+For [Borg][]:
+
+ mkdir ~/temp/misc/restore
+ cd ~/temp/misc/restore
+ borg list ssh://$USER@$SERVER:$PORT//var/backups/users/$USER/borg
+ borg extract ssh://$USER@$SERVER:$PORT//var/backups/users/$USER/borg::$USER-2018-06-11T17:07:39 mnt/crypt/home/$USER/$FILE_OR_FOLDER
+
+Make sure to cleanup `~/temp/misc/restore` after recovering what you need.
+
+[Borg]: https://www.borgbackup.org/
+
+### eCryptfs
+
+For [eCryptfs][]:
+
+ sudo ecryptfs-recover-private /media/$MEDIA/home/.ecryptfs/$USER/.Private
+
+[eCryptfs]: https://www.ecryptfs.org/