diff options
Diffstat (limited to 'docs/backups.md')
| -rw-r--r-- | docs/backups.md | 146 |
1 files changed, 146 insertions, 0 deletions
diff --git a/docs/backups.md b/docs/backups.md new file mode 100644 index 0000000..f6faf8a --- /dev/null +++ b/docs/backups.md @@ -0,0 +1,146 @@ +# Backups and syncs + +This mostly has to do with `hydractl` commands such as +`sync-{backups,media,tpc}`. + +## Servers + +* Backups can be automatically generated and sent to other servers, including + NAS instances. +* Automated backup checking can be done. +* But all this does not exempt a team from manually testing backups and to make + their own offline copies in external drives. + +## New external drive + +Proceed as follows + + disk=new-disk-name + device=/dev/sdc + hydractl usb-enable # run this for USB drives, then connect the disk + sudo cfdisk ${device} # layout with single ${device}1 partition + sudo cryptsetup luksFormat ${device}1 + sudo cryptsetup luksOpen ${device}1 $disk + sudo mkfs.ext4 /dev/mapper/$disk + sudo mkdir /media/$disk + sudo mount /dev/mapper/$disk /media/$disk + sudo mkdir /media/$disk/media.`facter domain` + sudo chown `whoami`: /media/$disk/media.`facter domain` + +## NAS + +These commands should be enough to sync all media archives: + + hydractl usb-enable # run this for USB drives, then connect the disk + hydractl mount-media $MEDIA + hydractl sync-media $MEDIA + +As this should handle syncing all backups: + + hydractl sync-backups $MEDIA + +## TPC + +Chek the [specific](tpc.md) documentation for more information about TPCs. + +When regularly syncing a TPC, use a procedure that guarantees minimal +changes in the running TPC, to make sure syncing data won't create +inconsistencies in the destination, by doing something like: + +1. Reboot the machine +2. Turn off networking. +3. Log in through console. + +Then do the following: + + hydractl usb-enable # run this for USB drives, then connect the disk + hydractl mount-media $TPC + hydractl sync-tpc $TPC + +To sync archives and remote backups, proceed with as explained in the NAS +section. + +You may also want to consider using [borger][] ([mirror][]) to have encrypted +homedir backups in the external archive/backup volume. + +[borger]: https://git.fluxo.info/borger/about/ +[mirror]: https://0xacab.org/rhatto/borger + +## Appliances + +You might want to backup the whole SSD, M-SATA or microSD from your appliances. +If so, proceed as follows with the appliance device connected in your TPC: + + export appliance=appliance-name + export dest="/var/backups/remote/$appliance.`facter domain`/image/`date +%Y%m%d`" + sudo mkdir -p $dest + dcfldd if=/dev/sdb | bzip2 > $dest/$appliance.img.bz2 + +## Smartphone + +Smartphones usually have their own way to be backed up. This is an example +based on the [android-backup][] utility: + + android-backup <device-name> + +[android-backup]: https://git.fluxo.info/scripts/tree/android-backup + +## Hardware rotation + +It's recommended to rotate the current hardware in use in all +places: + +* Backup disks. +* Laptops, so they're not kept out of use (and/or especially the batteries). + +## Backup Kit + +A Backup Kit is a box with the following items: + +* External encrypted archive/backup disk. +* Case for SSD transportation. +* Laptop power adapter and cables. +* Dockstation SATA/USB/M-2/microSD/etc (with power adapter). +* USB power adapter and cable (including USB 2, USB 3 and USB C). +* USB cables (USB 2, USB 3 and USB C) for the Dockstation and the external drive. +* TPC laptop with battery and TPS (SSD, M-2 etc), optionally with a UltraBase/Dockstation. +* Philips screwdriver and other tools. +* FCR-MG2 adaptor for microSD to USB. +* Anything else your need (like eyeglasses). +* Everything in a sealed box. + +This may be the ultimate disaster recovery kit for your Hydra! + +## Restore + +Examples according to the software used to make the backup. + +### Duplicity + +For [duplicity][]: + + duplicity collection-status file:///var/backups/duplicity + duplicity restore --file-to-restore home/$USER --time 2018-03-25 file:///var/backups/duplicity/ /home/$USER + +[duplicity]: https://duplicity.gitlab.io/ + +### Borg + +For [Borg][]: + + mkdir ~/temp/misc/restore + cd ~/temp/misc/restore + borg list ssh://$USER@$SERVER:$PORT//var/backups/users/$USER/borg + borg extract ssh://$USER@$SERVER:$PORT//var/backups/users/$USER/borg::$USER-2018-06-11T17:07:39 mnt/crypt/home/$USER/$FILE_OR_FOLDER + +Make sure to cleanup `~/temp/misc/restore` after recovering what you need. + +[Borg]: https://www.borgbackup.org/ + +### eCryptfs + +For [eCryptfs][]: + + sudo ecryptfs-recover-private /media/$MEDIA/home/.ecryptfs/$USER/.Private + +[eCryptfs]: https://www.ecryptfs.org/ |