Selfhosted @lemmy.world Croquette @sh.itjust.works 3 mo. ago

Immutable backup for important data

Hello,

I am looking for recommendations for a service provider of immutable backup that has options for a homelab user.

My research has led me to services with expensive options, or no pricing at all unless you ask for a quote.

Thank you

20 comments

How immutable do you need?

S3 offers a flag that prevents modification or deletion for a set period, and afaik basically every S3-compatible provider offers that.

I use that along with a lifecycle rule to maintain my backup buckets on iDrive.

If you need a 'you cannot touch this and the provider has no way of allowing it' then you're talking specialized corporate talk-to-a-sales-person-for-a-quote, as you found out.

Edit: if you don't need cloud, there's options for WORM media from the humble BluRay to fancy SSDs that don't allow deletion.
- My goal is that if for whatever reason, my homelab is compromised, I will be able to at least restore my important data.
  
  If i can modify the data on the other end, but cannot from my proxmox, then its fine.
  
  I would like a offsite solution in the future, but for now it's going to be a cloud for data blob only.
  
  Borg backup?
BorgBase allows for append-only backups.
- Thanks, from another link in this thread, Borg seems to have wrapper options as a complement to its features.
I use Backblaze B2, but stored in an encrypted Restic container, set up using this guide:

https://helgeklein.com/blog/restic-encrypted-offsite-backup-with-ransomware-protection-for-your-homeserver/

Restic has been great for automating backups, and even letting me mount the encrypted storage to grab individual files. I like doing it this way since I don't have to trust Backblaze isn't reading my data - I know for sure that they can't.

Performance of storage that is both remote and encrypted is about what you would expect, but I don't need access to the data unless something bad happens.
- Thats a great link, it lists a lot of options and gives a good explanation on how to setup the author's choices.
Backblaze B2 has the option: https://www.backblaze.com/docs/cloud-storage-object-lock

Cheap storage too.
- Thanks for the information, I will look into that.
  
  I use backblaze storage with Kopia, which supports using object lock. Every time a backup is made the objects for it are locked for a configurable amount of time. I use 30 days, so an attacker would have to compromise my backup software for a month before being able to erase my backups.
- I use B2 for my backups with object lock on
Restic or Borg on your side, a safe and remote destination on the other side.

use restic, with backrest web GUI, and cannot be happier.

As for remote site, I use a remote machine I rent, but there are plenty of providers around, shop a bit... Or find a friend for reciprocal backup?
- My plan is to build a second server that I will leave at my inlaws' house and use that, but for now, I will rent a cloud while this happens.
  
  Thats perfect
How much data are we talking about?

A free mega.nz account should be fine for everything except family fotos and legally obtained music/movies.
- Photos was part of my plan, so mega.nz isn't an option. Thanks for the suggestion though.

You've viewed 20 comments.