hektor/nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
1681a246de116d0a2df5991f01b69ace63e9e33a
nix/CLOUD_BACKUP_PLAN.md

2.2 KiB
Raw Blame History

Cloud Host Backup Plan

Security Architecture

Current Setup

  • astyanax (local): b2:lmd005 - single repo, all hosts mixed
  • andromache (cloud): manual backup via script to b2:lmd005:desktop-arch

Recommended Setup

1. Repository Isolation

Each host gets its own restic repository in a separate subdirectory:

b2:lmd005:astyanax/      # restic repo for astyanax
b2:lmd005:andromache/    # restic repo for andromache
b2:lmd005:<hostname>/    # restic repo for each host

Benefits:

  • Cryptographic isolation (different restic keys per repo)
  • Can't accidentally prune/delete other hosts' backups
  • Easier to restore/manage individual hosts
  • Can use B2 lifecycle rules per subdirectory

2. Credential Isolation

Each host gets its own B2 Application Key restricted to its subdirectory:

B2 Key for astyanax:  access to `lmd005:astyanax/*`
B2 Key for andromache: access to `lmd005:andromache/*`

Security benefits:

  • If host is compromised, attacker only accesses that host's backups
  • Cannot delete/read other hosts' backups
  • Principle of least privilege

3. Cloud Host Strategy (No B2 credentials on cloud hosts)

For cloud hosts like andromache:

andromache (cloud) --[SFTP]--> astyanax (local) --[B2]--> b2:lmd005:andromache/
  • andromache: SSH access only, no B2 credentials
  • astyanax: Pulls backups via SFTP from andromache, pushes to B2
  • B2 credentials: Only stored on trusted local machine (astyanax)

Implementation Plan

Phase 1: Update astyanax backup

  • Change repository from b2:lmd005 to b2:lmd005:astyanax/
  • Create new restic repo
  • Migrate old snapshots if needed
  • Update to use host-specific B2 key (when available)

Phase 2: Implement cloud host backups

  • Use SFTP-based module to pull from andromache
  • Store in b2:lmd005:andromache/
  • No B2 credentials on andromache
  • Daily automated backups

Phase 3: Cleanup old backups

  • Clean up old desktop-arch snapshots
  • Remove old mixed repo (once migration complete)

Questions

  1. Do you want to migrate existing astyanax snapshots to the new subdirectory, or start fresh?
  2. Should astyanax have a master/admin B2 key to manage all backups, or just its own?
Reference in New Issue View Git Blame Copy Permalink