2021-05-02

Simple personal redundant automated distributed encrypted backups?

Imagine you want backups of your data (Somehow not everybody wants this, which I don't understand, but there are many things in this world that I don't understand).

Now imagine you want your backups to be encrypted  (Somehow not everybody wants this, which I don't understand, but there are many things in this world that I don't understand).

And imagine you want these backups to be automated. (...)

Now imagine you want these backups in several distinct locations, so they are not lost if your house burns down or if a burglar steals them. (...)

And imagine you want redundancy in case one or more of these remote locations are unavailable.

And of course it should be simple, because nobody wants complex solutions.

What is the best way to have simple personal redundant automated distributed encrypted backups?

A technical solution:

1. Get a Raspberry Pi, attach a USB stick.

2. Rent five VPS spread across five countries.

3. Set up an iSCSI target on all five VPS.

4. Configure the local Raspberry Pi as Initiator.

5. Create an mdadm RAID6 on these five drives and format with LUKS cryptfs?

6. Mirror this device on the USB drive attached to the Pi (So there is a local encrypted copy of the remote distributed encrypted copy).

7. Setup (on the Pi) crontab with rsync to backup certain directories on my personal laptop. Any file copied to that directory will then be encrypted, backed up locally and distributed redundantly in remote.

The only manual thing in this setup is entering the cryptfs key when the Pi needs a reboot (which happens less than once each month but often enough to remember the key).

(I know I can automate the cryptfs key but I refuse. That key is in my head, and nowhere else.)

Note: Maybe the mirroring should happen before the encryption?? Let me sleep on this.

Cost: I think I can get 15GB per VPS for about 15 euro/month (both OVH and Hetzner do this for 3euro/month). So the full backup device will be 45GB (RAID6 of 5x15GB) which should be adequate for personal documents.


I should try this...

UPDATE:

The Initiater on the Pi is connected to the five targets. I wonder if this will work...
 

root@elvire~# ls -l /dev/disk/by-id/ | grep wwn | cut -b1-55,75-
lrwxrwxrwx 1 root root  9 May  2 18:08 wwn-0x60014052b9750 -> ../../sde
lrwxrwxrwx 1 root root  9 May  2 18:08 wwn-0x6001405557bcf -> ../../sdf
lrwxrwxrwx 1 root root  9 May  2 18:08 wwn-0x60014056a1559 -> ../../sdg
lrwxrwxrwx 1 root root  9 May  2 18:08 wwn-0x60014058ec9a4 -> ../../sdd
lrwxrwxrwx 1 root root  9 May  2 18:09 wwn-0x600140598f532 -> ../../sdc
root@elvire~# cat /proc/mdstat
Personalities : [raid6] [raid5] [raid4] 
md0 : active raid6 sdc[4] sdd[3] sdg[2] sdf[1] sde[0]       44012544 blocks super 1.2 level 6, 512k chunk, algorithm 2 [5/5] [UUUUU]       [>....................]  resync =  1.7% (260284/14670848) finish=434.6min speed=552K/sec       unused devices: <none>


UPDATE 14-MAY-2021: It seems to work.


root@elvire~# cat /proc/mdstat 
Personalities : [raid6] [raid5] [raid4] 
md0 : active raid6 sdc[4] sdd[3] sdg[2] sdf[1] sde[0]
      44012544 blocks super 1.2 level 6, 512k chunk, algorithm 2 [5/5] [UUUUU]
      
unused devices: <none>
root@elvire~# mount | grep VPS
/dev/mapper/vpsmd0 on /srv/VPS_mirror type ext4 (rw,relatime,stripe=6144)
root@elvire~# crontab -l | tail -1
0 0 * * * rsync -a /srv/VPS_mirror/ /srv/cova/VPS_mirror/
root@elvire~# ls -l /srv/VPS_mirror/
total 24
-rw-r--r-- 1 root root     0 May 11 13:36 VPS_mirror
drwxr-xr-x 2 root root  4096 May  5 11:27 dotfiles
drwxr-xr-x 2 root root  4096 May  5 11:27 etcfiles
drwx------ 2 root root 16384 May  3 17:42 lost+found
root@elvire~# 


No comments: