My backup game is pretty bad, I only have my primary copy of my data and a cloud storage copy. I was trying to think of a cheap way to have another backup, and then realized I have an Orange Pi Zero 2 and a 1TB USD SSD lying around. So I was thinking of:
- installing Debian on the OPZ2, and setting up key-authenticated SFTP (no password auth)
- connect the OPZ2 on my home network and expose a non-standard (e.g. not 22) port for SFTP
- have a subdomain point to my home network ip, and use DDNS to keep it in sync
- using Restic to remotely push password-encrypted backups to the OPZ2 via SFTP using the subdomain
- set a cron job to check diskhealth and send myself email on bad
- enable auto updates on debian and email on fail
Is this setup a bad idea? Is this a security nightmare? Any better suggestions?
A few thoughts on this:
It’s just what I’m familiar with, what would you suggest?
SFTP seemed like the simplest thing that Restic supported
Risky from a perspective of it crashing? I think I’m okay with that as I would notice it erroring out when I try and push the backups