Data loss is a real threat

Having home server is great but if you don’t have it backed up you are risking losing all your data. You can lose data due to numerous things like hardware failure, ransomware, fire, theft, etc. If you google up data backup people usually recommend having some kind of raid setup but this is not solving most of the disasters that can happen.

Physical distance

One of most reliable solutions is to have another server/storage in different physical location. You can have one server home and another installed at your parents’ house or at your office. Another option is to get some inexpensive cloud storage like backblaze b2 or storj and have your data backed up there. This is great solution but it can be quite expensive compared to second home server, especially if you have few terabytes of data.

My setup

In my scenario I have 2 servers with main NVMe disk running OS and attached slower HDD drive. On both machines I am running ubuntu server. I would like to have data from local server HDD drive backed up to remote server HDD drive. I would like to have it automated and encrypted.

My disk is mounted with fstab (/etc/fstab) at boot with following line:

/dev/sda2 /mnt/disk2 ext4 defaults 0 0

Let’s call this machine local server.

Restic

I have chosen restic as my backup tool. It is open source, free and it supports incremental backups. It also supports encryption and it is quite easy to setup. It is written in go so it is quite fast and it has support for many different storage backends. Please give it a star on github if you like it.

Establish connection

First, we need to establish connection between local and remote server. We will use ssh for that. We will need to generate ssh key on local server and copy it to remote server. To prevent local server doing harm on remote server we will create new user on remote server and give him only permissions to read or write our backup directory.

# local server
export REMOTE_IP="100.xxx.xxx.xxx" # <- write your remote server ip
export BACKUP_DIR="/mnt/disk2/backup" # <- write your backup directory
ssh-keygen # keep pressing (defaults) to use no passphrase
cat ~/.ssh/id_rsa.pub
# copy pubkey to cliboard

# remote server
sudo groupadd backup
sudo useradd -m backup
sudo usermod -aG backup backup
sudo su backup
mkdir ~/.ssh
touch ~/.ssh/authorized_keys
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
# paste pubkey from local server to ~/.ssh/authorized_keys

Now you should test connection from local server to remote server with ssh backup@${REMOTE_IP}. If everything is ok, you should be able to login without password and close connection with exit.

Install restic and setup backup

# local
sudo apt install restic
restic init -r sftp:backup@$REMOTE_IP:/home/backup/restic init
# save password to your password manager!
read -p "Enter your repository password: " RESTIC_PASS
# test it out
RESTIC_PASSWORD=$RESTIC_PASS restic -r sftp:backup@$REMOTE_IP:/home/backup/restic backup $BACKUP_DIR

sudo mkdir /opt/backuper
export USER=$(whoami)
sudo chown -R $USER:$USER /opt/backuper
cat > /opt/backuper/password <<EOF
$RESTIC_PASS
EOF
chmod 600 /opt/backuper/password

cat > /opt/backuper/restic-backuper.sh <<EOF
#!/usr/bin/env bash
set -euo pipefail

GOMAXPROCS=2 restic -p /opt/backuper/password -r sftp:backup@$REMOTE_IP:/home/backup/restic backup $BACKUP_DIR
GOMAXPROCS=2 restic -p /opt/backuper/password -r sftp:backup@$REMOTE_IP:/home/backup/restic forget --keep-daily 2 --keep-monthly 1 --prune
EOF
chmod +x /opt/backuper/restic-backuper.sh
# add to crontab to run during the night
crontab -e
0 3 * * * /opt/backuper/restic-backuper.sh >> /opt/backuper/log

As you can see from script this will install restic tool, initialize remote repository in /home/backup/restic folder. It will create backup script in /opt/backuper/ folder which will run every night at 3am and it will keep 2 daily and 1 monthly backups.

Restore

Let’s pretend your local server was destroyed. In this scenario you can create new one and do exact same steps as above. Then you can restore your data from remote server with following command:

restic -p /opt/backuper/password -r sftp:backup@$REMOTE_IP:/home/backup/restic restore latest --target /

Test this command to make sure your backups are working properly! Please make sure you read whole documentationt about restore as it has many options.