I see many posts asking about what other lemmings are hosting, but I’m curious about your backups.
I’m using duplicity myself, but I’m considering switching to borgbackup when 2.0 is stable. I’ve had some problems with duplicity. Mainly the initial sync took incredibly long and once a few directories got corrupted (could not get decrypted by gpg anymore).
I run a daily incremental backup and send the encrypted diffs to a cloud storage box. I also use SyncThing to share some files between my phone and other devices, so those get picked up by duplicity on those devices.
Daily offsite to a backup server via restic (+ a self written wrapper for multiple targets). Restic can also run with anything else (sftp, s3 APIs etc). Kinda modern duplicity / borg. Full encrypted and incremental.
A kind of “extended” 3-2-1, more a 4-3-2. As nearly everything I host runs on Docker, I usually pause the stack, .tar.bz everything and back that up on several devices (NAS, off-site machine, external HDD).
The neat thing about keeping every database in its own container is the resulting backup “package”, which can easily be restored as a whole without having to mess with db dumps, permissions, etc.
3 2 1 with Restic and B2
Restic is so awesome and in combination with backblaze it’s probably the most cost effective solution.
Main NAS backups to Secondary NAS (onsite - 10G link). Secondary NAS backups up to Offsite (Hetzner server) weekly. Only important data, not Linux ISOs etc.
Do you encrypt your Backups on the Hetzner server?
Yup, both NASs are running TrueNas Scale, which have a setting for Encryption on Cloud Sync Tasks. (Encrypts both filename and file contents)
Is the encryption a builtin thing with TrueNas Scale?
Yes. Under the hood, it just uses “rclone crypt” functionality. It’s a little hard to find, it’s all the way down on the Cloud Sync Task setup but it’s there.
Okay, cool. I’m also using rclone crypt and was always wondering how safe the encryption is in comparison to Cryptomator or Veracrypt
i backup locally to a second NAS (daily)
i use rclone crypt to backup to the cloud (hetzner storage box, weekly)
the most important stuff i also backup to an external harddisk (from time to time, whenever i’m in the mood / have some spare time)
You basically described my backup strategy, although I do the Hetzner box daily too (on 1gbit synchronous fiber, so why not)
if i had a better upload connection than my current 10MBit i would also do it daily :D
I backup an encrypted and heavily compressed archive to my local nas and to google drive every night. NAS keeps the version from the first of every month and 7 days prior history and google drive just the latest
