flesh out backup instructions for arch

2023-08-06 10:00:14 -04:00
parent 8f01f68fd6
commit 41e0798abe
1 changed files with 174 additions and 6 deletions
--- a/arch.md
+++ b/arch.md
@@ -23,6 +23,10 @@
    - [XWayland](#xwayland)
    - [Wireguard](#wireguard)
    - [btrbk](#btrbk)
+      - [Snapshots](#snapshots)
+      - [Backups](#backups)
+    - [ISCSI](#iscsi)
+      - [Backing up a snapshot](#backing-up-a-snapshot)
    - [VSCode](#vscode)
  - [Apps](#apps)
  - [Bashrc](#bashrc)
@@ -462,6 +466,8 @@ vpn likely won't activate.

 ### btrbk

+#### Snapshots
+
 1. Grab the btrbk binary from the github repo. Copy it to /usr/local/bin/btrbk.
 2. Create a snapshot config

@@ -471,24 +477,26 @@ vpn likely won't activate.
    snapshot_preserve_min   24h
    snapshot_preserve       14d

-    volume /mnt/btr_pools/root
+    volume /mnt/btr_pool
        subvolume           root
        snapshot_dir        .snapshots

-    volume /mnt/btr_pools/root
+    volume /mnt/btr_pool
        subvolume           home
        snapshot_dir        .snapshots

-    volume /mnt/btr_pools/root
+    volume /mnt/btr_pool
        subvolume           libvirt
        snapshot_dir        .snapshots

-    volume /mnt/btr_pools/root
+    volume /mnt/btr_pool
        subvolume           nextcloud
        snapshot_dir        .snapshots
    ```

-3. Then create a snapshot service at /etc/systemd/system/btrbk_snapshots.service
+3. Then create a snapshot service
+
+    /etc/systemd/system/btrbk_snapshots.service

    ```conf
    [Unit]
@@ -498,7 +506,9 @@ vpn likely won't activate.
    ExecStart=/usr/local/bin/btrbk -c /etc/btrbk/snapshots.conf -v run
    ```

-4. Then create a timer for the service at /etc/systemd/system/btrbk_snapshots.timer
+4. Then create a timer for the service
+
+    /etc/systemd/system/btrbk_snapshots.timer

    ```conf
    [Unit]
@@ -521,6 +531,164 @@ vpn likely won't activate.
    systemctl enable --now btrbk_snapshots.conf
    ```

+#### Backups
+
+Before you begin, go through the usual process of setting up an encrypted drive:
+
+1. Install udisks2 for automatic usb drive mounting
+
+    ```bash
+    pacman -S udisks2
+    ```
+
+2. Crypttab automatically loads keys named `<drive_name>.key` from `/etc/cryptsetup-keys.d`
+
+    ```bash
+    mkdir /etc/cryptsetup-keys.d
+    ```
+
+3. Generate a sufficiently random key
+
+    ```bash
+    dd if=/dev/urandom of=/etc/cryptsetup-keys.d/btr_backup.key bs=64 count=1`
+    ```
+
+4. Add the key to your backup drive
+
+    ```bash
+    cryptsetup luksAddKey /dev/sda1 /etc/cryptsetup-keys.d/btr_backup.key
+    ```
+
+5. Create a crypttab entry
+
+    /etc/crypttab
+
+    ```text
+    btr_backup  UUID=a074a34c-1211-4f9a-a88c-071b4775fe54   none    nofail
+    ```
+
+6. Create an fstab entry
+
+    /etc/fstab
+
+    ```text
+    /dev/mapper/btr_backup  /mnt/btr_backup btrfs   rw,relatime,ssd,space_cache=v2,subvolid=5,comment=x-gvfs-show,nofail    0 0
+    ```
+
+7. Create a read-only mount point to prevent accidental backups to the wrong disk
+
+    ```bash
+    btrfs subvolume create /mnt/btr_backup
+    btrfs property set /mnt/btr_backup ro true
+    ```
+
+8. Create a backup config
+
+    /etc/btrbk/backups.conf
+
+    ```conf
+    snapshot_create         no
+    target_preserve_min     no
+    target_preserve         30d
+
+    volume /mnt/btr_pools
+        target /mnt/btr_backup
+        subvolume           root
+        snapshot_dir        .snapshots
+
+    volume /mnt/btr_pools
+        target /mnt/btr_backup
+        subvolume           home
+        snapshot_dir        .snapshots
+
+    volume /mnt/btr_pools
+        target /mnt/btr_backup
+        subvolume           libvirt
+        snapshot_dir        .snapshots
+    ```
+
+9. Create a backup service
+
+    /etc/systemd/system/btrbk_backups.service
+
+    ```conf
+    [Unit]
+    Description=Runs btrbk with config file at /etc/btrbk/btrbk.conf
+
+    [Service]
+    ExecStart=btrbk -c /etc/btrbk/btrbk.conf -v run
+    ```
+
+10. Create a timer to activate the service
+
+    /etc/systemd/system/btrbk_backups.timer
+
+    ```conf
+    [Unit]
+    Description=Run btrbk every hour
+
+    [Timer]
+    OnCalendar=hourly
+    AccuracySec=10min
+    Persistent=true
+    Unit=btrbk.service
+
+    [Install]
+    WantedBy=timers.target
+    ```
+
+11. Enable the timer
+
+    ```bash
+    systemctl enable --now btrbk_backup.conf
+    ```
+
+### ISCSI
+
+1. Add auth login
+
+    /etc/iscsi/iscsid.conf
+
+    ```conf
+    node.session.auth.chap_algs = SHA3-256,SHA256,SHA1,MD5
+    node.session.auth.username = username
+    node.session.auth.password = password
+    ```
+
+2. Initiate and login to the portal
+
+    ```bash
+    # Add a new target to your list of nodes
+    iscsiadm \
+        -m discovery \
+        -t st \
+        -p driveripper.reeselink.com
+
+    # Login to the target
+    iscsiadm \
+        -m node \
+        --targetname iqn.2023-01.driveripper.reeselink.com:backup-reese-pc \
+        -p driveripper.reeselink.com:3260 \
+        --login
+
+    # or login to all targets
+    iscsiadm -m node --loginall all
+
+    # View current session
+    iscsiadm -m session
+
+    # Log out of all sessions
+    iscsiadm -m node -u
+    ```
+
+#### Backing up a snapshot
+
+```bash
+pacman -S pv
+
+btrfs send /mnt/btr_backup/root.20230727T1000 | pv | btrfs receive /mnt/btr_iscsi
+```
+
 ### VSCode

 For the open source version of code install `code`: