On Backups

2022-09-10

I want a backup solution that:

1. Follows the 3-2-1 strategy
2. Is simple
3. Is cheap
4. Is secure

This is what I've come up after almost 2 years of making backups for my personal data.

The 3-2-1 strategy

3 copies of data, 2 different media, 1 copy off-site.

Copy 1: The SSD on my machine.

Copy 2: The raid-1 spinning rust connected to my Raspberry Pi.

Copy 3: "Cloud" storage on Backblaze B2.

I've also added a 4th copy which lives on another hard drive connected to the my main machine, where "Copy 1" is. This is only to avoid copying files over the network in case my main hard drive fails. It's more of a nice-to-have.

Simple

I'm using restic to create backups. Now, there are simpler and more established solutions out there like rsync, where all you do is copy files somewhere else and call it a day. restic, on the other hand, produces some opaque artifacts that can only be read by restic, so you're kind of locked into the software when it comes to managing your files.

The reason I chose restic over rsync is because you get a set of features that make it easy to implement the rest of the requirements (cheap & secure) while still having an easy-to-use interface, even if the underlying implementation is not as straight-forward as rysnc's. My favourite features from restic are:

• Encryption. Everything is encrypted, so my backups can live on a third-party server and I don't have to worry about prying eyes.
• Many backends implemented, including S3 and SFTP. This gives me flexibility when it comes to choosing where to store the backups. Note that S3 not only gives you access to AWS but also any other file storage server that implements the S3 interface (DigitalOcean, Wasabi, Backblaze etc).
• FUSE mount. I can access the files without having to download backups.
• Versioning. In case I accidentally backup a corrupted file.
• Incremental backups.

Cheap

My desktop PC and my Raspberry Pi are "free" so to speak, in the sense that I've already paid for them, even before I started making backups, and electricity costs are negligible for both. The main cost is the third off-site copy which currently lives on Backblaze B2. The price is very reasonable (I'm paying less than 30 cents a month). If it ever becomes a problem I can easily switch to another provider.

Secure

restic manages encryption and verifies that the backups have not been tampered with. I'm not a security expert, but I've seen Filippo's seal of approval and that's good enough for me from a confidentiality and integrity point of view.

There's a more comprehensive version of the 3-2-1 rule that adds an offline+immutable backup to the mix to protect from hackers that have accessed the infrastructure. I haven't figured out how to implement this in my workflow yet, perhaps an external hard drive that I update semi-regularly will suffice.

Worth mentioning: Timeshift + Btrfs

Btrfs deserves a whole blog post, but since we're on the subject of data recovery I figured it's worth noting that Btrfs snapshots are an excellent tool for when you need to quickly rollback to a previous version of your hard drive and restoring from backups would be overkill. I'm talking about restoring system files that that have been corrupted or deleted due to a bad update, as opposed to your hard-drive dying.

Timeshift makes the whole snapshot experience a breeze. The UI lets you create snapshots on-demand, schedule snapshots, and restore. It also supports creating snapshots using rsync, but it's not as fast as Btrfs snapshots.