dns323 + duplicity == encrypted offsite backup BLISS!
What is it?
Duplicity backs up directories by producing encrypted tar-format volumes and uploading them to a remote or local file server. Because duplicity uses librsync, the incremental archives are space efficient and only record the parts of files that have changed since the last backup. Because duplicity uses GnuPG to encrypt and/or sign these archives, they will be safe from spying and/or modification by the server.
I have been using this since June 1st now and it has been working great! I had to compile and install several things to get it to work, but in the end, it works perfectly when using ffp0.5.
The packages I used
- duplicity-0.4.12-1.ffp0.5.tgz
- Python-2.5.2-2.tgz
- Originally from here
- gnupg-1.4.9-1-ffp0.5.tgz
- GnuPGInterface-0.3.2-1.ffp0.5.tgz
- librsync-0.9.7-1-ffp0.5.tgz
- pexpect-2.3-1.ffp0.5.tgz
- boto-1.3a-1.ffp0.5.tgz
I made these packages after I installed everything from source because I wanted to share with everyone. If they are not perfect, let me know and I will try to fix it.
I now have a ‘SecureBackup’ folder on the dns323 that gets pushed (only the changes) up to my webserver every night via ssh. Only truly important stuff goes in there.
I have tested to make sure that the version of duplicity that is installed on my Debian Sid box is able to restore all files, and it works great!
Also note, duplicity also works with amazon S3 – which I haven’t tested with, but in theory, that is a GREAT option for anyone who doesn’t already have an offsite backup location. If there is interest, I could attempt to get boto posted as well (needed for S3).
UPDATE: You can see the shell scripts used here.
UPDATE: Boto package has been included
UPDATE: Upgraded to duplicity 0.4.12. Seems to work for me 
[...] dns323 + duplicity == encrypted offsite backup BLISS! I defintely need this! Make my DNS-323 NAS automatically encrypt key files and upload them to Amazon’s S3 service for dirt cheap off-site backups. (tags: backup amazon s3 offsite dns323) [...]
Hi,
This looks interesting. I have a question thou. Is this method suitable for remote backups? i.e. I would like to setup my DNS-323 as the backup master that will perform the backup on folders located in my client PCs (I have three currently, one PC and one Notebook both running Vista, another notebook running XP). How I see it being implemented is as follows:
Setup cron jobs in DNS-323 that will trigger a backup program to run on the box. The box will attempt to connect to each client PC’s folders (via shared setup specifically for the backup) and do the necessary (backups are stored on the DNS-323). Nothing should be running or installed on the client side.
The reason for this is to simplfy backup administration and deployment. Can duplicity help in this case?
I am not a duplicity expert, but I think duplicity’s main strength is pushing secure backups to insecure locations – such as a webhost (like I do), or amazon s3.
If you simply want to backup windows boxes that have a shared folder to the NAS, duplicity probably isn’t the right tool. Storing encrypted backups on the same machine as the keys reside is a poor solution.
Maybe you simply could use rsync + samba to mount each share and incrementally back it up? If you need incremental backups with history, rsnapshot or rdiff-backup are great!
Thanks for this. Would be very interested in the boto package for getting S3 working. We use the DNS323 as a small business backup solution, but would like to offsite it all as well.
Ok, boto has been packaged up… totally untested. Let me know if it works or not!
Just noticed a new version of duplicity – 0.4.12 – now packaged and ready to roll….
I added the cron entry using cron -e and noticed that when I restarted the dns-323 it no longer was present. Have you noticed this?
see this post on how to set up ‘editcron.sh’ script for the dns323. It goes in the /ffp/start directory – otherwise, all cron is lost during a reboot. Let me know if you need further assistance
http://forum.dsmg600.info/t1150-Tutorial:-Backup-Everything-from-once-night.html
Ah, thanks for the tip!
Add A Comment