My backup game is pretty bad, I only have my primary copy of my data and a cloud storage copy. I was trying to think of a cheap way to have another backup, and then realized I have an Orange Pi Zero 2 and a 1TB USD SSD lying around. So I was thinking of:

  • installing Debian on the OPZ2, and setting up key-authenticated SFTP (no password auth)
  • connect the OPZ2 on my home network and expose a non-standard (e.g. not 22) port for SFTP
  • have a subdomain point to my home network ip, and use DDNS to keep it in sync
  • using Restic to remotely push password-encrypted backups to the OPZ2 via SFTP using the subdomain
  • set a cron job to check diskhealth and send myself email on bad
  • enable auto updates on debian and email on fail

Is this setup a bad idea? Is this a security nightmare? Any better suggestions?

  • bladewdr@infosec.pub
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    If you’ve got a copy of the data that’s local, why are you opening up ports? Just run the backup job internally.

    I’m also not fond of using SBCs as a NAS, by nature their I/O is extremely limited. It will probably work as a backup, but man do I not trust a USB interface at all.

    I also recommend not relying on email for notifications - too unreliable. I use the healthchecks.io docker image and have it send me notifications via Pushover when something fails.

    • jakkos@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      If you’ve got a copy of the data that’s local, why are you opening up ports? Just run the backup job internally.

      I’m often not at home for weeks at a time.

      but man do I not trust a USB interface at all.

      Trust?

      I also recommend not relying on email for notifications - too unreliable. I use the healthchecks.io docker image and have it send me notifications via Pushover when something fails.

      I’ll look into this thanks!

      • bladewdr@infosec.pub
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        You don’t need to be home for a cron job to run.

        USB has a bad habit of randomly dropping off the bus until you reseat the cable or reset the device.