71 lines
2.2 KiB
Markdown
71 lines
2.2 KiB
Markdown
# Cloud Host Backup Plan
|
|
|
|
## Security Architecture
|
|
|
|
### Current Setup
|
|
- **astyanax** (local): `b2:lmd005` - single repo, all hosts mixed
|
|
- **andromache** (cloud): manual backup via script to `b2:lmd005:desktop-arch`
|
|
|
|
### Recommended Setup
|
|
|
|
#### 1. Repository Isolation
|
|
Each host gets its own restic repository in a separate subdirectory:
|
|
|
|
```
|
|
b2:lmd005:astyanax/ # restic repo for astyanax
|
|
b2:lmd005:andromache/ # restic repo for andromache
|
|
b2:lmd005:<hostname>/ # restic repo for each host
|
|
```
|
|
|
|
**Benefits:**
|
|
- Cryptographic isolation (different restic keys per repo)
|
|
- Can't accidentally prune/delete other hosts' backups
|
|
- Easier to restore/manage individual hosts
|
|
- Can use B2 lifecycle rules per subdirectory
|
|
|
|
#### 2. Credential Isolation
|
|
Each host gets its own B2 Application Key restricted to its subdirectory:
|
|
|
|
```
|
|
B2 Key for astyanax: access to `lmd005:astyanax/*`
|
|
B2 Key for andromache: access to `lmd005:andromache/*`
|
|
```
|
|
|
|
**Security benefits:**
|
|
- If host is compromised, attacker only accesses that host's backups
|
|
- Cannot delete/read other hosts' backups
|
|
- Principle of least privilege
|
|
|
|
#### 3. Cloud Host Strategy (No B2 credentials on cloud hosts)
|
|
For cloud hosts like andromache:
|
|
|
|
```
|
|
andromache (cloud) --[SFTP]--> astyanax (local) --[B2]--> b2:lmd005:andromache/
|
|
```
|
|
|
|
- **andromache**: SSH access only, no B2 credentials
|
|
- **astyanax**: Pulls backups via SFTP from andromache, pushes to B2
|
|
- **B2 credentials**: Only stored on trusted local machine (astyanax)
|
|
|
|
## Implementation Plan
|
|
|
|
### ✅ Phase 1: Update astyanax backup
|
|
- Change repository from `b2:lmd005` to `b2:lmd005:astyanax/` ✅
|
|
- Create new restic repo
|
|
- Migrate old snapshots if needed
|
|
- Update to use host-specific B2 key (when available)
|
|
|
|
### ✅ Phase 2: Implement cloud host backups
|
|
- Use SFTP-based module to pull from andromache ✅
|
|
- Store in `b2:lmd005:andromache/` ✅
|
|
- No B2 credentials on andromache ✅
|
|
- Daily automated backups ✅
|
|
|
|
### Phase 3: Cleanup old backups
|
|
- Clean up old `desktop-arch` snapshots
|
|
- Remove old mixed repo (once migration complete)
|
|
|
|
## Questions
|
|
1. Do you want to migrate existing astyanax snapshots to the new subdirectory, or start fresh?
|
|
2. Should astyanax have a master/admin B2 key to manage all backups, or just its own?
|