Backups and syncs

This mostly has to do with hydractl commands such as sync-{backups,media,tpc}.

Servers

Backups can be automatically generated and sent to other servers, including NAS instances.
Automated backup checking can be done.
But all this does not exempt a team from manually testing backups and to make their own offline copies in external drives.

New external drive

Proceed as follows

disk=new-disk-name
device=/dev/sdc
hydractl usb-enable   # run this for USB drives, then connect the disk
sudo cfdisk ${device} # layout with single ${device}1 partition
sudo cryptsetup luksFormat ${device}1
sudo cryptsetup luksOpen ${device}1 $disk
sudo mkfs.ext4 /dev/mapper/$disk
sudo mkdir /media/$disk
sudo mount /dev/mapper/$disk /media/$disk
sudo mkdir /media/$disk/media.`facter domain`
sudo chown `whoami`: /media/$disk/media.`facter domain`

NAS

These commands should be enough to sync all media archives:

hydractl usb-enable  # run this for USB drives, then connect the disk
hydractl mount-media $MEDIA
hydractl sync-media  $MEDIA

As this should handle syncing all backups:

hydractl sync-backups $MEDIA

TPC

Chek the specific documentation for more information about TPCs.

When regularly syncing a TPC, use a procedure that guarantees minimal changes in the running TPC, to make sure syncing data won't create inconsistencies in the destination, by doing something like:

Reboot the machine
Turn off networking.
Log in through console.

Then do the following:

hydractl usb-enable  # run this for USB drives, then connect the disk
hydractl mount-media $TPC
hydractl sync-tpc    $TPC

To sync archives and remote backups, proceed with as explained in the NAS section.

You may also want to consider using borger (mirror) to have encrypted homedir backups in the external archive/backup volume.

Appliances

You might want to backup the whole SSD, M-SATA or microSD from your appliances. If so, proceed as follows with the appliance device connected in your TPC:

export appliance=appliance-name
export dest="/var/backups/remote/$appliance.`facter domain`/image/`date +%Y%m%d`"
sudo mkdir -p $dest
dcfldd if=/dev/sdb | bzip2 > $dest/$appliance.img.bz2

Smartphone

Smartphones usually have their own way to be backed up. This is an example based on the android-backup utility:

android-backup <device-name>

Hardware rotation

It's recommended to rotate the current hardware in use in all places:

Backup disks.
Laptops, so they're not kept out of use (and/or especially the batteries).

Backup Kit

A Backup Kit is a box with the following items:

External encrypted archive/backup disk.
Case for SSD transportation.
Laptop power adapter and cables.
Dockstation SATA/USB/M.2/microSD/etc (with power adapter).
USB power adapter and cable (including USB 2, USB 3 and USB C).
USB cables (USB 2, USB 3 and USB C) for the Dockstation and the external drive.
TPC laptop with battery and TPS (SSD, M.2 etc), optionally with a UltraBase/Dockstation.
Philips screwdriver and other tools.
FCR-MG2 adaptor for microSD to USB.
Anything else your need (like eyeglasses).
Everything in a sealed box.

This may be the ultimate disaster recovery kit for your Hydra!

Restore

Examples according to the software used to make the backup.

Duplicity

For duplicity:

duplicity collection-status file:///var/backups/duplicity
duplicity restore --file-to-restore home/$USER --time 2018-03-25 file:///var/backups/duplicity/ /home/$USER

Borg

For Borg:

mkdir ~/temp/misc/restore
cd    ~/temp/misc/restore
borg list    ssh://$USER@$SERVER:$PORT//var/backups/users/$USER/borg
borg extract ssh://$USER@$SERVER:$PORT//var/backups/users/$USER/borg::$USER-2018-06-11T17:07:39 mnt/crypt/home/$USER/$FILE_OR_FOLDER

Make sure to cleanup ~/temp/misc/restore after recovering what you need.

eCryptfs

For eCryptfs:

sudo ecryptfs-recover-private /media/$MEDIA/home/.ecryptfs/$USER/.Private