Immutable backup for important data
from Croquette@sh.itjust.works to selfhosted@lemmy.world on 31 Jul 2024 18:28
https://sh.itjust.works/post/23032489
from Croquette@sh.itjust.works to selfhosted@lemmy.world on 31 Jul 2024 18:28
https://sh.itjust.works/post/23032489
Hello,
I am looking for recommendations for a service provider of immutable backup that has options for a homelab user.
My research has led me to services with expensive options, or no pricing at all unless you ask for a quote.
Thank you
#selfhosted
threaded - newest
How immutable do you need?
S3 offers a flag that prevents modification or deletion for a set period, and afaik basically every S3-compatible provider offers that.
I use that along with a lifecycle rule to maintain my backup buckets on iDrive.
If you need a ‘you cannot touch this and the provider has no way of allowing it’ then you’re talking specialized corporate talk-to-a-sales-person-for-a-quote, as you found out.
Edit: if you don’t need cloud, there’s options for WORM media from the humble BluRay to fancy SSDs that don’t allow deletion.
My goal is that if for whatever reason, my homelab is compromised, I will be able to at least restore my important data.
If i can modify the data on the other end, but cannot from my proxmox, then its fine.
I would like a offsite solution in the future, but for now it’s going to be a cloud for data blob only.
Borg backup?
Never heard of it, but I will look into it. Thanks
Borg append only seems like the way to do this easily
restic can run append-only, too. It’s more about the remote not allowing deletions.
Backblaze B2 has the option: www.backblaze.com/docs/cloud-storage-object-lock
Cheap storage too.
Thanks for the information, I will look into that.
I use backblaze storage with Kopia, which supports using object lock. Every time a backup is made the objects for it are locked for a configurable amount of time. I use 30 days, so an attacker would have to compromise my backup software for a month before being able to erase my backups.
I like the thought of having timed backups to keep the costs lower by pruning the olds backups.
Also only differences are stored, so if your files don’t change much each backup costs very little. I keep hundreds of backups for the previous year of changes, and it uses less than double the amount of storage the files take up. You can also enable compression, which I do, so it’s even smaller.
I use B2 for my backups with object lock on
I use Backblaze B2, but stored in an encrypted Restic container, set up using this guide:
helgeklein.com/…/restic-encrypted-offsite-backup-…
Restic has been great for automating backups, and even letting me mount the encrypted storage to grab individual files. I like doing it this way since I don’t have to trust Backblaze isn’t reading my data - I know for sure that they can’t.
Performance of storage that is both remote and encrypted is about what you would expect, but I don’t need access to the data unless something bad happens.
Thats a great link, it lists a lot of options and gives a good explanation on how to setup the author’s choices.
BorgBase allows for append-only backups.
Thanks, from another link in this thread, Borg seems to have wrapper options as a complement to its features.
How much data are we talking about?
A free mega.nz account should be fine for everything except family fotos and legally obtained music/movies.
Photos was part of my plan, so mega.nz isn’t an option. Thanks for the suggestion though.
Restic or Borg on your side, a safe and remote destination on the other side.
use restic, with backrest web GUI, and cannot be happier.
As for remote site, I use a remote machine I rent, but there are plenty of providers around, shop a bit… Or find a friend for reciprocal backup?
My plan is to build a second server that I will leave at my inlaws’ house and use that, but for now, I will rent a cloud while this happens.
Thats perfect