HACKER Q&A
📣 trialbyte

What tools/strategy do you use for backups?


I use restic for incremental, encrypted backups, with ssh+rsync as fallback for any excpetions. Using keyfiles for restic results in headaches with securing it and passphrases means no automation.

I am curious how you guys manage your files in a convenient and secure way.

  👤 eternityforest Accepted Answer ✓
External hard drive, Back in Time(Which is an rsync GUI). All manual without encryption, same as my laptop itself, just relying on physical security.

I also use SyncThing, some of my files are synced to all devices, including my laptop, which gets backed up.

I would prefer to have a NAS with redundant hard disks, so I didn't have to worry about the integrity of my backups, and I could archive some files I still care about but don't need on my laptop.

But that would be expensive, and I would then need to back up the archive files since Raid Is Not A Backup, and I couldn't just leave anything important only on the NAS and nowhere else(Although some of the stuff isn't that important).

👤 mmphosis 

  rsync
incremental, obscure but no encryption and no compression because I've had restores fail in the past due to compression
👤 theandrewbailey
Everything I deem important I put on my server in the basement. I periodically back that up to an encrypted external hard drive. I keep that drive in a lockbox when not backing up, and occasionally swap it with another one in another state.

I use LUKS encryption, BTRFS file system, and rsync. I run a script that prompts for the drive's password, then automates unlocking, backing up, and locking: https://gist.github.com/theandrewbailey/3b5bbb3fa3a53c2ef0e1...

👤 deckard1
> and passphrases means no automation.

You can easily specify a password file via env variable[1]. Make sure file permissions are restricted to root only. If someone had root they could read any file already, so I don't see a threat beyond someone gaining root.

My offsite is done automatically with cron using restic. Then I use rsync for incremental backups to a USB drive (LUKS encrypted). Beyond that, I have a NAS with mirrored ZFS (+ daily snapshots) for live data. I use Syncthing to get my data to the NAS from phones, laptops, etc.

[1] https://restic.readthedocs.io/en/latest/faq.html#how-can-i-s...

👤 greggarious
I used to have my iPhone backup to my laptop, then my laptop back up to an encrypted USB hard drive, and that encrypted USB hard drive swapped out when I went out for groceries in a safe deposit box at my credit union.

This is probably not a sustainable backup strategy, but you'd be amazed how many people abuse their access and how much power you can rapidly accumulate with what one supervisor described as "CIA level opsec".

(Just be careful -- if you get hit over the head and forget your master password, you're gonna have a bad time!!)

👤 brysonreece
Time Machine backups to a NAS with (2) 4TB WD Reds. One disk is exposed as a local Samba share while the other disk is set up as a duplicate using a nightly rsync cron job.
👤 jesuisunchat
Windows and OSX use native backup systems to a media server that backs up to backblaze with duplicati.

I kind of hate using duplicati as the interface is incredibly clunky and restoring data is a massive chore. I recently had to rebuild the media server after a system disk failure and there’s no way to do a data consistency check against the remote backup as all check data is stored in a local database that had to be rebuilt.

👤 bravetraveler
Vorta/borg, but I've been considering Restic. The portability/single binary I saw mentioned yesterday is tempting

I also wrote/use a rather simple Python script that tries to efficiently create archives

I store them on two arrays in different machines locally, but I also encrypt/upload them offsite -- to a dedicated server I use for other stuff

👤 _-----_
Dejadup is a decent solution for automatic backups to a remote or local device that is encrypted. Works over ssh.
👤 sgtnoodle
I have an 8TB hard drive in my desktop, and another in a low power server in my detached garage. They automatically synchronize via syncthing. Every year or two I'll make a cold backup to a 3rd drive. This has the benefit of making sure all the data is read periodically.
👤 d4rkp4ttern
This may be a good place to ask — I’ve been looking for a good guide to setting up a NAS based on SSDs (no spinning disks). Anyone know of a good guide or recommend what to buy? Thanks!
👤 guilhas
I have a small server with a BTRFS raid

Syncthing some, rsync others, going to test Borg

Also have a 2.5 4TB HDD, where I backup again important data

I don't encrypt any backup

I am more afraid of lose data irrecoverably than someone having local access to it

👤 publicarray
I’m trying out https://Kopia.io at the moment Finally something that is fully cross platform, easy to use and open source.
👤 viraptor
Borg. Very close to restic and you can configure the other side to limit the access to only adding new backups, so having an SSH key without a passphrase is ok in most situations.
👤 hackrnusr
One word: duplicacy.

It has every feature I could possibly want, in a well engineered piece of software at a price that I could not refuse.

👤 t312227
good morning & have i nice year 2023 :)

ad backup: try to follow the 3 - 2 - 1 rule ~ [at least: 3 copys; 2 different media; 1 off-site :]

using one of the following tools -- heavily depending on the use-case (data/system to backup)

* rsync for snapshots over ssh or nfs

* mt & tar for good-old streamer-tapes

* vorta & borg for workstations

* duplicity for secure backup to insecure networked devices

👤 fhaldridge7
I'm using restic to backup. I like that it's encrypted and can be installed easily on every major os.
👤 8b16380d
Encrypted Time Machine backups.
👤 mattr47
Backblaze.