20 lines
1.1 KiB
Markdown
20 lines
1.1 KiB
Markdown
# backups
|
|
|
|
Auto backup script. The objectives are the following:
|
|
- Have a raspberry-pi `RPI` (or any other device) doing automatic backups of a remote server `SERVER` every day
|
|
- Backups are incremental, without redundancy, it is easy to get data out of a specific snapshot
|
|
- `RPI` is not vulnerable to physical access (in a reasonable way):
|
|
+ The backup disk is encrypted, but the key is not stored on `RPI`
|
|
+ The keys to access `SERVER` are locked and can be "revoked at distance"
|
|
- Conversely, if a malicious access is made to `SERVER`, backups are not compromised
|
|
- If a backup fails for any reason, a notification is sent (via Discord)
|
|
- `RPI` can be accessed remotely, without needing to expose one of its ports
|
|
|
|
## Installation
|
|
|
|
On a raspbian distribution, this requires:
|
|
- The packages `cryptsetup sshpass`
|
|
- a filesystem (in a LUKS device with `LUKS_KEY`) formatted in xfs or btrf (needs either `xfsprogs` or `btrfs-progs`)
|
|
- an ssh key locked with `SSH_PASSPHRASE` to access to the server to backup
|
|
- Two urls containing each `LUKS_KEY` or `SSH_PASSPHRASE`
|
|
- a (Discord) webhook |