My backup game is pretty bad, I only have my primary copy of my data and a cloud storage copy. I was trying to think of a cheap way to have another backup, and then realized I have an Orange Pi Zero 2 and a 1TB USD SSD lying around. So I was thinking of:

  • installing Debian on the OPZ2, and setting up key-authenticated SFTP (no password auth)
  • connect the OPZ2 on my home network and expose a non-standard (e.g. not 22) port for SFTP
  • have a subdomain point to my home network ip, and use DDNS to keep it in sync
  • using Restic to remotely push password-encrypted backups to the OPZ2 via SFTP using the subdomain
  • set a cron job to check diskhealth and send myself email on bad
  • enable auto updates on debian and email on fail

Is this setup a bad idea? Is this a security nightmare? Any better suggestions?

  • rhabarba
    link
    fedilink
    English
    31 year ago

    A few thoughts on this:

    • Debian is, in my opinion, oversized for an OPZ2. If it absolutely has to be Linux (does it?), Alpine or Void might be worth a closer look.
    • Why SFTP? Wouldn’t SCP be enough?
    • Automatic updates are risky for a device that is supposed to run always. Instead, I would recommend sending update notifications and then manually applying an update from time to time. If the device no longer boots up, you often don’t even notice it.
    • @jakkosOP
      link
      English
      11 year ago

      If it absolutely has to be Linux (does it?)

      It’s just what I’m familiar with, what would you suggest?

      Why SFTP? Wouldn’t SCP be enough?

      SFTP seemed like the simplest thing that Restic supported

      Automatic updates are risky for a device that is supposed to run always. Instead, I would recommend sending update notifications and then manually applying an update from time to time. If the device no longer boots up, you often don’t even notice it.

      Risky from a perspective of it crashing? I think I’m okay with that as I would notice it erroring out when I try and push the backups