Discussion
Loading...

Post

  • About
  • Code of conduct
  • Privacy
  • Users
  • Instances
  • About Bonfire
Stefano Marinelli
@stefano@mastodon.bsd.cafe  ·  activity timestamp 2 months ago

Make Your Own Backup System – Part 2: Forging the FreeBSD Backup Stronghold

https://it-notes.dragas.net/2025/07/29/make-your-own-backup-system-part-2-forging-the-freebsd-backup-stronghold/


#Backup#FreeBSD#ZFS#IT#SysAdmin#OwnYourData#ITNotes

  • Copy link
  • Flag this post
  • Block
David Chisnall (*Now with 50% more sarcasm!*)
@david_chisnall@infosec.exchange replied  ·  activity timestamp 2 months ago
@stefano I've recently been setting up off site backups for my NAS.

The remote machine has a zvol exported over iSCSI (over Wireguard). The NAS mounts it and uses GELI and then creates a new ZFS pool there. I use zrepl to mirror snaoshots from the local pool to the remote and also on the remote side to snapshot the ZVOL.

If the NAS is compromised or starts writing nonsense, I can roll back the ZVOL to an earlier version. If the remote machine is compromised, it can delete the backups, but can't see their contents.

The only things from outside the base system are the wireguard tools and zrepl.

  • Copy link
  • Flag this comment
  • Block
Poul-Henning Kamp
@bsdphk@fosstodon.org replied  ·  activity timestamp 2 months ago
@david_chisnall @stefano

You have heard about colin's "tarsnap", right?

  • Copy link
  • Flag this comment
  • Block
Log in

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances
Bonfire social · 1.0.0-rc.3.1 no JS en
Automatic federation enabled
  • Explore
  • About
  • Members
  • Code of Conduct
Home
Login