Encrypted Backup

  • I use a rotating system of 3 external drives for backups. With the upgrade from OMV3->OMV4 I migrated my data to a encrypted (LUKS), redundant ZFS-pool. I do snapshots daily, scrubs monthly, backups weekly, one of the backup diks is always out of my house to have separation.


    For backups I use the USB backup plugin. I thought about encrypting my backups as well to have theft security. Setting up a encrpted device prevents me from selecting it as backup target within USB backup plugin. Is there a solution to use encryption with the plugin?


    Want to unlock my backup drives within GUI through password, after that the rsync job of backup plugin should start.

    Chaos is found in greatest abundance wherever order is being sought.
    It always defeats order, because it is better organized.
    Terry Pratchett

  • It isn't that hard to build a own script!
    I wanted to backup my data to a overlay filesystem (mergerfs), but that didn't work with the USB Backup plugin. So I had to build something on my own. (Backup to multiple disks)


    You would have to:
    1) create encrypted discs (it doesn't matter if via GUI or commandline it will be decryptable via GUI anyway)
    2) setup a udev rule to run a system service which controls the backup whenever a backup disk becomes available (Do NOT start a backup script directly from udev rule as this script will be terminated after a short time)
    3) write a backup script for rsync. You can even send outputs to the default logfile so that they are visible from the GUI and send a e-mail notification when the backup is done (togehter with some statistics).


    Here are some links that helped me much:
    https://hackaday.com/2009/09/18/how-to-write-udev-rules/
    https://brokkr.net/2017/06/12/…iling-and-how-i-fixed-it/

    • Offizieller Beitrag

    Yesterday I spend some time to try it. It is working now for trial run. Still need to setup the target drive.


    I use a keyfile to decrypt the drive. That way no interaction is needed. When you plugin the drive the filesystem is decrypted and mounted. Than the rsync job is running. After that the drive is unmounted and a mail is send to inform you that the process is completed.


    Your links were very helpful. :thumbup:


    One additional command I found helfpul is
    udevadm test /block/sdd.


    It is used to check if the udev rule is fired when (in this example) sdd becomes available, so you don't have to plug/unplug the drive all the time.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!