Offsite backups
We all know that you need to have offsite backups. You can backup your data to an external drive, but if you have a flood or fire in your house or apartment then you will have lost your valuable data and the backup. There are many services that are catered to backup Windows for home users, however, Linux users have fewer options from which to choose. I had this probl
em and had an external drive and a Raspberry Pi and decided to solve the issue for myself. It is not a perfect solution, but it works for me. I had a Raspberry Pi and and external drive that I was able to combine to make a make shift NAS. In my solution I used the Raspbian distro and on the external USB drive I formatted it with BTRFS. You can use Ext4 as well, but I wanted to be able to make snapshots. I will leave the installation of Raspbian and formatting as an exercise for the end user.
The way this works is that the Raspberry Pi goes and sits on a remote location and is on that network and turned on, such as a parent’s or friend’s house under armed guard (armed guard optional). The Pi will have cron job that fires off and connects to the SSH server of your local Linux box that needs to get backed up. This means that you must have SSH enabled and opened on the internet. I suggest that when you forward the ports you use a port besides 22. The script will use rsync over SSH to securely transfer the files over the internet.
I will show the code here and explain a little bit below.
The Code
#!/bin/sh # # Location of local logfile on your raspberry pi RSYNCLOG=/home/USER/scripts/rsynclog.txt # Location of files to be backed up on the source computer RSYNCSRC=/mnt/files # Location on rasberry pi to where backups will go RSYNCDST=/mnt/b-backup # Email information SMTPUSER=you@example.com SMTPPASS=Email-Password SMTPDESTUSER=you@example.com MAILX=/usr/bin/heirloom-mailx if mount | grep $RSYNCDST ; then echo "Already mounted. Nothing to do." else echo "Mounting b-backup pool..." sudo mount /dev/sda $RSYNCDST fi echo > $RSYNCLOG uptime > $RSYNCLOG echo ----------------------- >> $RSYNCLOG uname -nrv >> $RSYNCLOG echo ----------------------- >> $RSYNCLOG df -h >> $RSYNCLOG echo ----------------------- >> $RSYNCLOG sudo btrfs filesystem show >> $RSYNCLOG echo ----------------------- >> $RSYNCLOG sudo btrfs subvolume list $RSYNCDST >> $RSYNCLOG echo ----------------------- >> $RSYNCLOG rsync -avz --bwlimit=500 -e "ssh -p 22 -i /home/USER/scripts/sshkeys_rsa" --exclude=VirtualBox* --exclude=.Trash* --exclude=8GB.swap --log-file=$RSYNCLOG unixuser@address.dynamic.tld:$RSYNCSRC/ $RSYNCDST/backup/ echo ----------------------- >> $RSYNCLOG uptime >> $RSYNCLOG if [ "$?" -eq "0" ] then echo Have a Nice Day! | $MAILX -v -r "Your Raspberry Pi<$SMTPUSER>" -s "Rsync Completed Successfully" -a $RSYNCLOG -S smtp=smtps://mail.example.tld:465 -S smtp-auth=plain -S smtp-auth-user=$SMTPUSER -S smtp-auth-password=$SMTPPASS -S ssl-verify=ignore $SMTPDESTUSER # ---------------------- Create snapshot sudo btrfs subvolume snapshot $RSYNCDST $RSYNCDST/.snaps/snapshot-`date +%Y%d%m` else echo Perhaps an Investigation is Warranted... | $MAILX -v -r "Your Raspberry Pi<$SMTPUSER>" -s "!!!! Rsync Appears To Have FAILED !!!!" -a $RSYNCLOG -S smtp=smtps://mail.example.tld:465 -S smtp-auth=plain -S smtp-auth-user=$SMTPUSER -S smtp-auth-password=$SMTPPASS -S ssl-verify=ignore $SMTPDESTUSER fi sudo umount $RSYNCDST
Some Explanations
There are a few variables on the top of the script that need to be changed to reflect your environment. You will also need to change the unixuser@address.dynamic.tld to match your local linux username and your dynamic DNS hostname or IP address. If you need Dynamic DNS you’ll need to set that up if you haven’t already.. You will need to setup a dynamic I also have an email server and the script is setup to email me whenever it completes a backup so you’ll need to change the mail.example.tld:465 to reflect your situation. I use the heirloom-mailx program to send the email so you will need to do an sudo apt install heirloom-mailx to get it installed properly. You may need to install the btrfs-tools as well if you want to use that. If you opt to not use BTRFS, then just remove the relevant lines. I have my own email server, but you should be able to adapt the script to use GMail servers as your email server. Again, excercise for the end user.
One more item of note is that since you are connecting via SSH, you don’t want to have to type in your password since this will be automated. Since that is the case you will need to implement SSH Keys. The linked page should give you good enough direction to get that implemented.
Finally, the files on the Raspberry Pi are not encrypted. The files are encrypted as they travel over the Internet, but the files at rest can be opened so you need to be able to trust the person that has your files on the other end. I know it’s not perfect but for a low cost cloud backup, it works well enough.
I hope this helps. Feel free to hit me up if you have any issues with it.