Fix: Use nix flake check for hooks, simplify module, remove apps
This commit is contained in:
70
CLOUD_BACKUP_PLAN.md
Normal file
70
CLOUD_BACKUP_PLAN.md
Normal file
@@ -0,0 +1,70 @@
|
||||
# Cloud Host Backup Plan
|
||||
|
||||
## Security Architecture
|
||||
|
||||
### Current Setup
|
||||
- **astyanax** (local): `b2:lmd005` - single repo, all hosts mixed
|
||||
- **andromache** (cloud): manual backup via script to `b2:lmd005:desktop-arch`
|
||||
|
||||
### Recommended Setup
|
||||
|
||||
#### 1. Repository Isolation
|
||||
Each host gets its own restic repository in a separate subdirectory:
|
||||
|
||||
```
|
||||
b2:lmd005:astyanax/ # restic repo for astyanax
|
||||
b2:lmd005:andromache/ # restic repo for andromache
|
||||
b2:lmd005:<hostname>/ # restic repo for each host
|
||||
```
|
||||
|
||||
**Benefits:**
|
||||
- Cryptographic isolation (different restic keys per repo)
|
||||
- Can't accidentally prune/delete other hosts' backups
|
||||
- Easier to restore/manage individual hosts
|
||||
- Can use B2 lifecycle rules per subdirectory
|
||||
|
||||
#### 2. Credential Isolation
|
||||
Each host gets its own B2 Application Key restricted to its subdirectory:
|
||||
|
||||
```
|
||||
B2 Key for astyanax: access to `lmd005:astyanax/*`
|
||||
B2 Key for andromache: access to `lmd005:andromache/*`
|
||||
```
|
||||
|
||||
**Security benefits:**
|
||||
- If host is compromised, attacker only accesses that host's backups
|
||||
- Cannot delete/read other hosts' backups
|
||||
- Principle of least privilege
|
||||
|
||||
#### 3. Cloud Host Strategy (No B2 credentials on cloud hosts)
|
||||
For cloud hosts like andromache:
|
||||
|
||||
```
|
||||
andromache (cloud) --[SFTP]--> astyanax (local) --[B2]--> b2:lmd005:andromache/
|
||||
```
|
||||
|
||||
- **andromache**: SSH access only, no B2 credentials
|
||||
- **astyanax**: Pulls backups via SFTP from andromache, pushes to B2
|
||||
- **B2 credentials**: Only stored on trusted local machine (astyanax)
|
||||
|
||||
## Implementation Plan
|
||||
|
||||
### ✅ Phase 1: Update astyanax backup
|
||||
- Change repository from `b2:lmd005` to `b2:lmd005:astyanax/` ✅
|
||||
- Create new restic repo
|
||||
- Migrate old snapshots if needed
|
||||
- Update to use host-specific B2 key (when available)
|
||||
|
||||
### ✅ Phase 2: Implement cloud host backups
|
||||
- Use SFTP-based module to pull from andromache ✅
|
||||
- Store in `b2:lmd005:andromache/` ✅
|
||||
- No B2 credentials on andromache ✅
|
||||
- Daily automated backups ✅
|
||||
|
||||
### Phase 3: Cleanup old backups
|
||||
- Clean up old `desktop-arch` snapshots
|
||||
- Remove old mixed repo (once migration complete)
|
||||
|
||||
## Questions
|
||||
1. Do you want to migrate existing astyanax snapshots to the new subdirectory, or start fresh?
|
||||
2. Should astyanax have a master/admin B2 key to manage all backups, or just its own?
|
||||
Reference in New Issue
Block a user