Offsite Backup with a Raspberry Pi

Offsite backups

We all know that you need to have offsite backups. You can backup your data to an external drive, but if you have a flood or fire in your house or apartment then you will have lost your valuable data and the backup. There are many services that are catered to backup Windows for home users, however, Linux users have fewer options from which to choose. I had this probl

em and had an external drive and a Raspberry Pi and decided to solve the issue for myself. It is not a perfect solution, but it works for me. I had a Raspberry Pi and and external drive that I was able to combine to make a make shift NAS. In my solution I used the Raspbian distro and on the external USB drive I formatted it with BTRFS. You can use Ext4 as well, but I wanted to be able to make snapshots. I will leave the installation of Raspbian and formatting as an exercise for the end user.

The way this works is that the Raspberry Pi goes and sits on a remote location and is on that network and turned on, such as a parent’s or friend’s house under armed guard (armed guard optional). The Pi will have cron job that fires off and connects to the SSH server of your local Linux box that needs to get backed up. This means that you must have SSH enabled and opened on the internet. I suggest that when you forward the ports you use a port besides 22. The script will use rsync over SSH to securely transfer the files over the internet.

I will show the code here and explain a little bit below.

The Code

#!/bin/sh
#
# Location of local logfile on your raspberry pi
RSYNCLOG=/home/USER/scripts/rsynclog.txt
# Location of files to be backed up on the source computer
RSYNCSRC=/mnt/files
# Location on rasberry pi to where backups will go
RSYNCDST=/mnt/b-backup
# Email information
SMTPUSER=you@example.com
SMTPPASS=Email-Password
SMTPDESTUSER=you@example.com
MAILX=/usr/bin/heirloom-mailx
if mount | grep $RSYNCDST ; then
echo "Already mounted. Nothing to do."
else
echo "Mounting b-backup pool..."
sudo mount /dev/sda $RSYNCDST 
fi
echo > $RSYNCLOG
uptime > $RSYNCLOG
echo ----------------------- >> $RSYNCLOG
uname -nrv >> $RSYNCLOG
echo ----------------------- >> $RSYNCLOG
df -h >> $RSYNCLOG 
echo ----------------------- >> $RSYNCLOG
sudo btrfs filesystem show >> $RSYNCLOG
echo ----------------------- >> $RSYNCLOG
sudo btrfs subvolume list $RSYNCDST >> $RSYNCLOG
echo ----------------------- >> $RSYNCLOG
rsync -avz --bwlimit=500 -e "ssh -p 22 -i /home/USER/scripts/sshkeys_rsa" --exclude=VirtualBox* --exclude=.Trash* --exclude=8GB.swap --log-file=$RSYNCLOG unixuser@address.dynamic.tld:$RSYNCSRC/ $RSYNCDST/backup/
echo ----------------------- >> $RSYNCLOG
uptime >> $RSYNCLOG
if [ "$?" -eq "0" ]
then
echo Have a Nice Day! | $MAILX -v -r "Your Raspberry Pi<$SMTPUSER>" -s "Rsync Completed Successfully" -a $RSYNCLOG -S smtp=smtps://mail.example.tld:465 -S smtp-auth=plain -S smtp-auth-user=$SMTPUSER -S smtp-auth-password=$SMTPPASS -S ssl-verify=ignore $SMTPDESTUSER
# ---------------------- Create snapshot
sudo btrfs subvolume snapshot $RSYNCDST $RSYNCDST/.snaps/snapshot-`date +%Y%d%m`
else
echo Perhaps an Investigation is Warranted... | $MAILX -v -r "Your Raspberry Pi<$SMTPUSER>" -s "!!!! Rsync Appears To Have FAILED !!!!" -a $RSYNCLOG -S smtp=smtps://mail.example.tld:465 -S smtp-auth=plain -S smtp-auth-user=$SMTPUSER -S smtp-auth-password=$SMTPPASS -S ssl-verify=ignore $SMTPDESTUSER
fi
sudo umount $RSYNCDST

Some Explanations

There are a few variables on the top of the script that need to be changed to reflect your environment. You will also need to change the unixuser@address.dynamic.tld to match your local linux username and your dynamic DNS hostname or IP address. If you need Dynamic DNS you’ll need to set that up if you haven’t already.. You will need to setup a dynamic I also have an email server and the script is setup to email me whenever it completes a backup so you’ll need to change the mail.example.tld:465 to reflect your situation. I use the heirloom-mailx program to send the email so you will need to do an sudo apt install heirloom-mailx to get it installed properly. You may need to install the btrfs-tools as well if you want to use that. If you opt to not use BTRFS, then just remove the relevant lines. I have my own email server, but you should be able to adapt the script to use GMail servers as your email server. Again, excercise for the end user.

One more item of note is that since you are connecting via SSH, you don’t want to have to type in your password since this will be automated. Since that is the case you will need to implement SSH Keys. The linked page should give you good enough direction to get that implemented.

Finally, the files on the Raspberry Pi are not encrypted. The files are encrypted as they travel over the Internet, but the files at rest can be opened so you need to be able to trust the person that has your files on the other end. I know it’s not perfect but for a low cost cloud backup, it works well enough.

I hope this helps. Feel free to hit me up if you have any issues with it.

You may also like...

Popular Posts