My backup game is pretty bad, I only have my primary copy of my data and a cloud storage copy. I was trying to think of a cheap way to have another backup, and then realized I have an Orange Pi Zero 2 and a 1TB USD SSD lying around. So I was thinking of:
- installing Debian on the OPZ2, and setting up key-authenticated SFTP (no password auth)
- connect the OPZ2 on my home network and expose a non-standard (e.g. not 22) port for SFTP
- have a subdomain point to my home network ip, and use DDNS to keep it in sync
- using Restic to remotely push password-encrypted backups to the OPZ2 via SFTP using the subdomain
- set a cron job to check diskhealth and send myself email on bad
- enable auto updates on debian and email on fail
Is this setup a bad idea? Is this a security nightmare? Any better suggestions?
Hi,
maybe use openwrt, it’s meant by to be used on cheap low end devices, don’t know how good the image is. https://github.com/Kazagumo/openwrt-orangepizero2
I personally use it on an discontinued WD mybook live duo. If you prefer an easy setup, be warned, it is not. ;) On the plus side, openwrts Luci is a good starting point for configuring of a lot of services, hdd spin down, monitoring, etc.
Use case: samba4, kopia destination from my VPS through Zerotier
Good luck with your setup!
Syncthing
If you’ve got a copy of the data that’s local, why are you opening up ports? Just run the backup job internally.
I’m also not fond of using SBCs as a NAS, by nature their I/O is extremely limited. It will probably work as a backup, but man do I not trust a USB interface at all.
I also recommend not relying on email for notifications - too unreliable. I use the healthchecks.io docker image and have it send me notifications via Pushover when something fails.
If you’ve got a copy of the data that’s local, why are you opening up ports? Just run the backup job internally.
I’m often not at home for weeks at a time.
but man do I not trust a USB interface at all.
Trust?
I also recommend not relying on email for notifications - too unreliable. I use the healthchecks.io docker image and have it send me notifications via Pushover when something fails.
I’ll look into this thanks!
A few thoughts on this:
- Debian is, in my opinion, oversized for an OPZ2. If it absolutely has to be Linux (does it?), Alpine or Void might be worth a closer look.
- Why SFTP? Wouldn’t SCP be enough?
- Automatic updates are risky for a device that is supposed to run always. Instead, I would recommend sending update notifications and then manually applying an update from time to time. If the device no longer boots up, you often don’t even notice it.