Post · bonfire.cafe

Stefano Marinelli

@stefano@mastodon.bsd.cafe · 2 months ago

Make Your Own Backup System – Part 2: Forging the FreeBSD Backup Stronghold

https://it-notes.dragas.net/2025/07/29/make-your-own-backup-system-part-2-forging-the-freebsd-backup-stronghold/

#Backup #FreeBSD #ZFS #IT #SysAdmin #OwnYourData #ITNotes

David Chisnall (*Now with 50% more sarcasm!*)

@david_chisnall@infosec.exchange replied · 2 months ago

@stefano I've recently been setting up off site backups for my NAS.

The remote machine has a zvol exported over iSCSI (over Wireguard). The NAS mounts it and uses GELI and then creates a new ZFS pool there. I use zrepl to mirror snaoshots from the local pool to the remote and also on the remote side to snapshot the ZVOL.

If the NAS is compromised or starts writing nonsense, I can roll back the ZVOL to an earlier version. If the remote machine is compromised, it can delete the backups, but can't see their contents.

The only things from outside the base system are the wireguard tools and zrepl.

Poul-Henning Kamp

@bsdphk@fosstodon.org replied · 2 months ago

@david_chisnall @stefano

You have heard about colin's "tarsnap", right?

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.0-rc.3.1 no JS en

Automatic federation enabled