Built a Small Offsite backup machine! What to run on it?
As the title says, i recently printed a nice case for my RPi3 and HDD that intend to run as an offsite backup machine.
Looking for recommendations on what backup service to run. I want to backup my Nextcloud and a "changes only" backup/cloning solution would be optimal but i have yet to find one.
Rsync paired with ZFS is sufficient for a backup server imo. Configure ZFS to create daily snapshot and now you have versioned backup system. It's basically what rsync.net sells to their customers.
Duplicity uses rsync internally for efficient transport. I have used that. I'm presently using rdiff-backup, driven by backupninja out of a cron job, to backup to a local hard drive and which does incremental backups (which would address @Nr97JcmjjiXZud's concern). That also uses rsync. There's also rsbackup, which also uses rsync and I have not used.
Two caveats I'd note that may or may not be a concern for one's specific use case (which apply to rdiff-backup, and I believe both also apply to the other two rsync-based solutions above, though it's been a while since I've looked at them, so don't quote me on that):
One property that a backup system can have is to make backups immutable -- so that only the backup system has the ability to purge old backups. That could be useful if, for example, the system with the data one is preserving is broken into -- you may not want someone compromising the backed up system to be able to wipe the old backups. Rdiff-backup expects to be able to connect to the backup system and write to it. Unless there's some additional layer of backups that the backup server is doing, that may be a concern for you.
Rdiff-backup doesn't do dedup of data. That is, if you have a 1GB file named "A" and one byte in that file changes, it will only send over a small delta and will efficiently store that delta. But if you have another 1GB file named "B" that is identical to "A" in content, rdiff-backup won't detect that and only use 1GB of storage -- it will require 2GB and store the identical files separately. That's not a huge concern for me, since I'm backing up a one-user system and I don't have a lot of duplicate data stored, but for someone else's use case, that may be important. Possibly more-importantly to OP, since this is offsite and bandwidth may be a constraining factor, the 1GB file will be retransferred. I think that this also applies to renames, though I could be wrong there (i.e. you'd get that for free with dedup; I don't think that it looks at inode numbers or something to specially try to detect renames).
Try rsnapshot, it's rsync with hard links. Though, is better to use snapshots on filesystem (be it zfs, btrfs, or another one with such a feature... Might be CoW is required, never thought much about it ..)
Rsync has a bunch of downsides though. It only gives you one backup, any corrupted files will be mirrored in their corrupted state with no way to go back to an old version, and if the client system is hacked, the attacker can delete the remote backups. Not ideal.
Something like Borgbackup is much better. It dedupes blocks so storing months of daily backups isn't an issue, and it has an "append-only" mode that prevents the client from deleting backups. Even if the client system is hacked, the attacker can't delete the backups.
I recommend Restic. It's fast, it supports snapshots and compression, written in Go so it's much quicker than most other solutions I've tested. It also supports multiple different backends for transporting and storing the files so you can use one you've already got or use the restic-server (which is pretty easy to setup).
Borgbackup is great. It uses block-level dedupe so you can store months of daily backups without using a lot of space, and don't have to do full backups every so often like with Duplicity.
It has an "append-only" mode that prevents the client system from being able to delete the backups. This means that even if the client gets hacked, the attacker can't delete the offsite backups. This is a common problem with other backup solutions - the client system has full write access to the backup, so an attacker (or ransomware) can wipe all your remote backups before locking/destroying the local files.
not related to backup solution, but this is a great time to get some home monitoring sorted! put prometheus on it, run prometheus at home too, and have them monitor each other… great way to know why/when things aren’t working in general, but adds another level of confidence that your data are nice and safe
Duplicacy is a great solution, well worth the cheap price. It can do changes only over many different protocols.
I also would recommend setting up something like Uptime-Kuma on it, and also an instance of it home. This way you have an external monitor for your own home network, but also a monitor for your backups! Both Duplicacy and Uptime-Kuma can run on docker.
I’m interested to know why more people aren’t recommending kopia, it seemed like the obvious choice when I evaluated them but perhaps I was just wrong?
My backup server is running borg server for automated backups from my main server as well as time machine for my macbook and an smb share for manual backup of bits and pieces.
Same server also functions as my vpn (wireguard) and dns (pihole)