Backups
TODO: DRAFT UNTESTED
Basic concept
The NEXUS supports a snapshot system which allows you to save, revert and switch between system states at any time.
This system is used as basis for backups because it allows you to create consistent backups easily.
Backups via Nexus Control UI
The easiest way to create backups is via web interface.
Just create a snapshot and click on the “Start backup” button.
You must copy the password from the message box and save it on your device/computer because it will vanish soon and will not be stored anywhere!
I takes some time until the backup is finished, you can download it afterwards.
The backup is encrypted using the free open source tool GNUPG.
For Windows and macOS you need to download and install GNUPG, Linux based systems have it usually installed.
The decrypted file is a TAR archive, Linux and macOS systems can open it directly, for Windows you need a tool like the free 7ZIP or WinRAR.
Automated backups
It is highly recommended to create automated backups and store them on a different device regulary.
There are many tools for this task and we give a few recommendations for the best options.
For starting/downloading the backups we recommend to setup an public/private key based SSH access.
Alternatively, you may trigger the backups via systemd timer (recommended) or a cronjob and download them via the http api https://nexus-unity.local/nexus-backups/nexus-backups/nexus_backup_1.tar.gpg).
Automated backups via Backup D-Bus API
The Nexus Control UI uses a D-Bus API to handle the backups.
The same API is recommended for automated backups.
Benefits:
- Root less backup
- Ensured integrity
Contra:
- No support for incremental/differential backups
# Add a backup user must be done on the Nexus
sudo adduser remotebackup --gecos 'Backup'
# Setup permissions for the user
sudo sh -c 'echo -e "[Backup permissions]\nIdentity=unix-user:remotebackup\nAction=com.nexus_unity.Backup1.Cancel;com.nexus_unity.Backup1.Create;com.nexus_unity.Backup1.Delete;com.nexus_unity.Backup1.GetList;com.nexus_unity.Backup1.Status;com.nexus_unity.Snapshot1.Activate;com.nexus_unity.Snapshot1.Create;com.nexus_unity.Snapshot1.Delete;com.nexus_unity.Snapshot1.GetList;\nResultActive=yes\nResultInactive=yes\nResultAny=yes\n" > /etc/polkit-1/localauthority/50-local.d/10-backup.pkla'
# OPTIONAL
# Install ssh keys for remote backup must be done on the Backup server
ssh-copy-id remotebackup@nexus-unity.local
#!/bin/bash -e
# Create snapshot and save ID to variable
RESPONSE=($(sudo dbus-send --system --print-reply --dest="com.nexus_unity.Snapshot1" /com/nexus_unity/Snapshot1 com.nexus_unity.Snapshot1.Create boolean:true boolean:true string:"Automated backup"))
SNAPSHOT_ID=${RESPONSE[9]}
echo "Snapshot: $SNAPSHOT_ID"
# Start backup for the snapshot
PASSWORD="lee5Iezaeshul6showoomiiS2ii3neiv"
dbus-send --system --print-reply --dest="com.nexus_unity.Backup1" /com/nexus_unity/Backup1 com.nexus_unity.Backup1.Create string:"$SNAPSHOT_ID" string:"$PASSWORD"
# Wait until the backup is completed
RESPONSE=($(sudo dbus-send --system --print-reply --dest="com.nexus_unity.Backup1" /com/nexus_unity/Backup1 com.nexus_unity.Backup1.Status)
STATUS=${RESPONSE[15]}
while [[ "$STATUS" == "$SNAPSHOT_ID" ]];
do
echo "Progress: ${RESPONSE[22]}"
sleep 1
done
# Backup finished
# Download from the backup server via http
wget https://nexus-unity.local/nexus-backups/nexus-backups/nexus_backup_$SNAPSHOT_ID.tar.gpg
# Download via ssh
scp remotebackup@nexus-unity.local/broot/backups/nexus_backup_$SNAPSHOT_ID.tar.gpg
Automated incremental/differential backups
Tools like BackupPC or Bacula support incremental/differential backups which allows you to do them fast and store them efficient.
Benefits:
- Fast and efficient
Contra:
- Requires root access
#!/bin/bash -e
# **WARNING**: Ensure the user exists before you do this or this will break the system!!
# Give the user unlimited root access to the system
sudo sh -c 'echo "remotebackup ALL=NOPASSWD: ALL" > /etc/sudoers.d/90_remotebackup'
# Create snapshot and save ID to variable
RESPONSE=($(sudo dbus-send --system --print-reply --dest="com.nexus_unity.Snapshot1" /com/nexus_unity/Snapshot1 com.nexus_unity.Snapshot1.Create boolean:true boolean:true string:"Automated backup"))
SNAPSHOT_ID=${RESPONSE[9]}
echo "Snapshot: $SNAPSHOT_ID"
Backup this directory with your software via ssh "/broot/snapshot/snapshots/$SNAPSHOT_ID/"