this post was submitted on 24 Jul 2023
13 points (88.2% liked)

Selfhosted

40467 readers
504 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

My backup game is pretty bad, I only have my primary copy of my data and a cloud storage copy. I was trying to think of a cheap way to have another backup, and then realized I have an Orange Pi Zero 2 and a 1TB USD SSD lying around. So I was thinking of:

  • installing Debian on the OPZ2, and setting up key-authenticated SFTP (no password auth)
  • connect the OPZ2 on my home network and expose a non-standard (e.g. not 22) port for SFTP
  • have a subdomain point to my home network ip, and use DDNS to keep it in sync
  • using Restic to remotely push password-encrypted backups to the OPZ2 via SFTP using the subdomain
  • set a cron job to check diskhealth and send myself email on bad
  • enable auto updates on debian and email on fail

Is this setup a bad idea? Is this a security nightmare? Any better suggestions?

top 7 comments
sorted by: hot top controversial new old
[–] [email protected] 5 points 1 year ago (1 children)

If you've got a copy of the data that's local, why are you opening up ports? Just run the backup job internally.

I'm also not fond of using SBCs as a NAS, by nature their I/O is extremely limited. It will probably work as a backup, but man do I not trust a USB interface at all.

I also recommend not relying on email for notifications - too unreliable. I use the healthchecks.io docker image and have it send me notifications via Pushover when something fails.

[–] jakkos 1 points 1 year ago (1 children)

If you’ve got a copy of the data that’s local, why are you opening up ports? Just run the backup job internally.

I'm often not at home for weeks at a time.

but man do I not trust a USB interface at all.

Trust?

I also recommend not relying on email for notifications - too unreliable. I use the healthchecks.io docker image and have it send me notifications via Pushover when something fails.

I'll look into this thanks!

[–] [email protected] 2 points 1 year ago

You don't need to be home for a cron job to run.

USB has a bad habit of randomly dropping off the bus until you reseat the cable or reset the device.

[–] [email protected] 3 points 1 year ago (1 children)

A few thoughts on this:

  • Debian is, in my opinion, oversized for an OPZ2. If it absolutely has to be Linux (does it?), Alpine or Void might be worth a closer look.
  • Why SFTP? Wouldn't SCP be enough?
  • Automatic updates are risky for a device that is supposed to run always. Instead, I would recommend sending update notifications and then manually applying an update from time to time. If the device no longer boots up, you often don't even notice it.
[–] jakkos 1 points 1 year ago

If it absolutely has to be Linux (does it?)

It's just what I'm familiar with, what would you suggest?

Why SFTP? Wouldn’t SCP be enough?

SFTP seemed like the simplest thing that Restic supported

Automatic updates are risky for a device that is supposed to run always. Instead, I would recommend sending update notifications and then manually applying an update from time to time. If the device no longer boots up, you often don’t even notice it.

Risky from a perspective of it crashing? I think I'm okay with that as I would notice it erroring out when I try and push the backups

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

Hi,

maybe use openwrt, it’s meant by to be used on cheap low end devices, don’t know how good the image is. https://github.com/Kazagumo/openwrt-orangepizero2

I personally use it on an discontinued WD mybook live duo. If you prefer an easy setup, be warned, it is not. ;) On the plus side, openwrts Luci is a good starting point for configuring of a lot of services, hdd spin down, monitoring, etc.

Use case: samba4, kopia destination from my VPS through Zerotier

Good luck with your setup!

[–] [email protected] 1 points 1 year ago