Change backup architecture #3

New issue

Closed

opened 2023-04-23 13:47:15 +00:00 by pim · 0 comments

pim commented

2023-04-23 13:47:15 +00:00

Owner

Current architecture is unfortunately unsatifactory.
New plan is to have a push architecture again. However, this time we will use append-only backups. It seems it is not easy to get around creating a separate user for every backup client. We could automate this when configuring the hypervisor. The backup client logs in using their own username, and they are authenticated using SSH user certificates.. We additionally force a command to execute borg in append-only mode (see: https://borgbackup.readthedocs.io/en/stable/usage/notes.html#append-only-mode), and restrict Borg to one repository which could be in the user's home directory (see: https://borgbackup.readthedocs.io/en/stable/deployment/hosting-repositories.html#hosting-repositories).

Current architecture is unfortunately unsatifactory. New plan is to have a push architecture again. However, this time we will use append-only backups. It seems it is not easy to get around creating a separate user for every backup client. We could automate this when configuring the hypervisor. The backup client logs in using their own username, and they are authenticated using SSH user certificates.. We additionally force a command to execute borg in append-only mode (see: https://borgbackup.readthedocs.io/en/stable/usage/notes.html#append-only-mode), and restrict Borg to one repository which could be in the user's home directory (see: https://borgbackup.readthedocs.io/en/stable/deployment/hosting-repositories.html#hosting-repositories).