Well, here my story, might it be useful to others too.

I have a home server with 6Tb RAID1 (os on dedicated nvme). I was playing with bios update and adding more RAM, and out of the blue after the last reboot my RAID was somehow shutdown unclean and needed a fix. I probably unplugged the power chord too soon while the system was shutting down containers.

Well, no biggie, I just run fsck and mount it, so there it goes: “mkfs.ext4 /dev/md0”

Then hit “y” quickly when it said “the partition contains an ext4 signature blah blah” I was in a hurry so…

Guess what? And read again that command carefully.

Too late, I hit Ctrl+c but already too late. I could recover some of the files but many where corrupted anyway.

Lucky for me, I had been able to recover 85% of everything from my backups (restic+backrest to the rescue!) Recreate the remaining 5% (mostly docker compose files located in the odd non backupped folders) and recovered the last 10% from the old 4Tb I replaced to increase space some time ago. Luckly, that was never changing old personal stuff that I would have regret losing, but didn’t consider critical enough on backup.

The cold shivers I had before i checked my restic backup discovering that I didn’t actually postponed backup of those additional folders…

Today I will add another layer of backup in the form of an external USB drive to store never-changing data like… My ISOs…

This is my backup strategy up to yesterday, I have backrest automating restic:

  • 1 local backup of the important stuff (personal data mostly)
  • 1 second copy of the important stuff on an USB drive connected to an openwrt router on the other side of home
  • 1 third copy of the important stuff on a remote VPS

And since this morning I have added:

  • a few git repos (pushed and backup in the important stuff) with all docker compose, keys and such (the 5%)
  • an additional USB local drive where I will be backup ALL files, even that 10% which never changes and its not “important” but I would miss if I lost it.

Tools like restic and Borg and so critical that you will regret not having had them sooner.

Setup your backups like yesterday. If you didn’t already, do it now.

  • The Hobbyist
    link
    fedilink
    English
    -11 month ago

    I’m not sure, I read that ZFS can help in the case of ransomware, so I assumed it would extend to accidental formatting but maybe there’s a key difference.

    • @twack
      link
      English
      4
      edit-2
      1 month ago

      ZFS is fantastic and it can indeed restore files that have been encrypted as long as you have an earlier snapshot.

      However, it would not have helped in this scenario. In fact, it might have actually made recovery efforts much more difficult.

      It could have helped by automatically sending incremental snapshots to a secondary drive, which you could then have restored the original drive from. However, this would have required the foresight to set that up in the first place. This process also would not have been quick; you would need to copy all of the data back just like any other complete drive restoration.