f3ce93554d
1. Don't automount disks (dconf changes) this breaks backups 2. Rewrite the entire backup script to handle mounting, decrypting, many use cases, etc 3. Update main.yaml to not create mount location for backup drive, script will handle it
Workstation
Workstation configuration, tool lists, and eventually ansible playbooks
Ansible
https://docs.ansible.com/ansible/latest/user_guide/intro_getting_started.html
Setup
pip install --user ansible
Run an ad-hoc command
ansible pi -i hosts --become-method=sudo --ask-become-pass --become -a "apt update"
Run a playbook
ansible-playbook -i hosts --ask-become-pass playbooks/pi.yaml
Run the manjaro playbook
NOTE: Restore home directory and REBOOT first
ansible-playbook --ask-become-pass ansible/setup-full.yml
BTRFS
https://linoxide.com/how-to-take-backup-with-btrfs-snapshots/
# Create backup subvolume
btrfs subvolume create /mnt/backup/DucoBacktop
# Create snapshot dir
mkdir /.snapshots
# Create readonly snapshot
```bash
SNAPSHOT_TIME=$(date +"%y_%m_%d-%H.%M")
SNAPSHOT_NAME=home_$SNAPSHOT_TIME
SNAPSHOT_DIR=/.snapshots
btrfs subvolume snapshot -r /home $SNAPSHOT_DIR/$SNAPSHOT_NAME
# Send a snapshot with no previous snapshot
export SNAPSHOT_DIR=${SNAPSHOT_DIR:=/.snapshots}
export BACKUP_DIR=${BACKUP_DIR:=/mnt/backup0/DucoBacktop}
btrfs send $SNAPSHOT_DIR/$SNAPSHOT_NAME | btrfs receive $BACKUP_DIR
# Send a snapshot with previous snapshot
export SNAPSHOT_DIR=${SNAPSHOT_DIR:=/.snapshots}
export BACKUP_DIR=${BACKUP_DIR:=/mnt/backup0/DucoBacktop}
export LATEST=${LATEST:=/previous_snapshot}
btrfs send -p $SNAPSHOT_DIR/$LATEST $SNAPSHOT_DIR/$SNAPSHOT_NAME | btrfs receive $BACKUP_DIR
# Clean up snapshots
find /.snapshots -maxdepth 1 -type d -not -path /.snapshots -exec sudo btrfs subvolume delete {} \;
Luks
# LUKS Disk Encryption can use up to 8 key slots to store passwords. We can use these keys to auto mount LUKS device.
# cryptsetup luksDump /dev/sda
# Create a lukskeys
mkdir /home/ducoterra/.lukskeys
# Generate key
dd if=/dev/random bs=32 count=1 of=/home/ducoterra/.lukskeys/backup0
# Change key mode
chmod 600 /home/ducoterra/.lukskeys
# Luks add a key
sudo cryptsetup luksAddKey /dev/sda /home/ducoterra/.lukskeys/backup0
# Get UUID of disk with
sudo blkid /dev/sda
# Add key to crypttab
echo 'backup0 UUID=1d7ce570-e695-47a0-9dda-5f14b5b20e21 /home/ducoterra/.lukskeys/backup0 luks' > /etc/cryptab
# Create backup mount point
sudo mkdir -p /mnt/backup0
# Add to fstab
echo '/dev/mapper/backup0 /mnt/backup0 btrfs defaults,noatime,compress=zstd 0 0' > /etc/fstab
# mount
sudo cryptsetup luksOpen /dev/disk/by-uuid/1d7ce570-e695-47a0-9dda-5f14b5b20e21 backup0 --key-file=/home/ducoterra/.lukskeys/backup0
# close (or fix issues)
sudo cryptsetup luksClose backup0