Backups
This commit is contained in:
parent
21034a3318
commit
39bdded3a4
|
@ -0,0 +1,120 @@
|
||||||
|
#+TITLE:
|
||||||
|
#+AUTHOR: Bob Mottram
|
||||||
|
#+EMAIL: bob@robotics.uk.to
|
||||||
|
#+KEYWORDS: freedombox, debian, beaglebone, red matrix, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber
|
||||||
|
#+DESCRIPTION: Turn the Beaglebone Black into a personal communications server
|
||||||
|
#+OPTIONS: ^:nil
|
||||||
|
#+BEGIN_CENTER
|
||||||
|
[[./images/logo.png]]
|
||||||
|
#+END_CENTER
|
||||||
|
|
||||||
|
#+BEGIN_CENTER
|
||||||
|
#+ATTR_HTML: :border -1
|
||||||
|
| [[file:index.html][Home]] |
|
||||||
|
| Backup to USB |
|
||||||
|
| Restore from USB |
|
||||||
|
| Distributed backups |
|
||||||
|
| |
|
||||||
|
#+END_CENTER
|
||||||
|
|
||||||
|
* Backup to USB
|
||||||
|
Insert a USB thumb drive into the front socket of the Beaglebone Black.
|
||||||
|
|
||||||
|
Log into the system and become the root user, then run the /backup/ command.
|
||||||
|
|
||||||
|
#+BEGIN_SRC bash
|
||||||
|
su username@domainname -p 2222
|
||||||
|
su
|
||||||
|
backup
|
||||||
|
#+END_SRC
|
||||||
|
|
||||||
|
You will be prompted for your GPG key password a couple of times.
|
||||||
|
|
||||||
|
When the backup ends remove the USB drive and keep it somewhere safe. Even if it gets lost or falls into the wrong hands the content is encrypted and so is unlikely to become a source of leaks.
|
||||||
|
* Restore from USB
|
||||||
|
Insert the USB thumb drive containing your backup into the front socket of the Beaglebone Black.
|
||||||
|
|
||||||
|
Log into the system and become the root user, then run the /restore/ command.
|
||||||
|
|
||||||
|
#+BEGIN_SRC bash
|
||||||
|
su username@domainname -p 2222
|
||||||
|
su
|
||||||
|
restore
|
||||||
|
#+END_SRC
|
||||||
|
|
||||||
|
When the restore is complete you can remove the USB drive.
|
||||||
|
* Distributed backups
|
||||||
|
Distributed backups are a better way of ensuring the persistence of your data, such that even if your system gets stolen or destroyed then the data will still be recoverable from your friends. Since the backups are encrypted your friends (or anyone else with access to their systems) won't be able to read your backed up content even if their systems are subsequently compromised.
|
||||||
|
|
||||||
|
Firstly you will need to have a user account on one or more of your friends servers. They don't necessarily need to be using Freedombone, just some version of GNU/Linux with ssh access. They can create a user account for you with the *adduser <username>* command when logged in as root and then give you the username and password via a secure method, such as on paper or via an encrypted email or via an XMPP chat using OTR. Make sure that the password used is a strong one - preferably a long random string stored in a password manager - so that dictionary attacks will fail. Also for maximum resilience put your password manager file onto a USB thumb drive and carry it with you.
|
||||||
|
|
||||||
|
To add friends servers create a file called /backup.list/ in the following way.
|
||||||
|
|
||||||
|
#+BEGIN_SRC bash
|
||||||
|
ssh username@domainname -p 2222
|
||||||
|
emacs ~/backup.list
|
||||||
|
#+END_SRC
|
||||||
|
|
||||||
|
Add entries like this. The numbers are the ssh port number to log in on.
|
||||||
|
|
||||||
|
#+BEGIN_SRC bash
|
||||||
|
username1@frienddomain1:2222//home/username1 ssh_password1
|
||||||
|
username2@frienddomain2:2222//home/username2 ssh_password2
|
||||||
|
...
|
||||||
|
#+END_SRC
|
||||||
|
|
||||||
|
Save and exit with *CTRL-x CTRL-s* then *CTRL-x CTRL-c*, then type *exit*.
|
||||||
|
|
||||||
|
The system will try to backup to these remote locations once per day.
|
||||||
|
* Restore from a friend
|
||||||
|
** With a completely new Freedombone installation
|
||||||
|
This is the ultimate disaster recovery scenario in which you are beginning completely from scratch with new hardware and a new Freedombone installation. It is assumed that the old hardware was destroyed, but that you have the passwords stored within a password manager on a USB thumb drive.
|
||||||
|
|
||||||
|
First log in and create a new friends list:
|
||||||
|
|
||||||
|
#+BEGIN_SRC bash
|
||||||
|
ssh username@domainname -p 2222
|
||||||
|
emacs ~/backup.list
|
||||||
|
#+END_SRC
|
||||||
|
|
||||||
|
Add entries like this. The numbers are the ssh port number to log in on.
|
||||||
|
|
||||||
|
#+BEGIN_SRC bash
|
||||||
|
username1@frienddomain1:2222//home/username1 ssh_password1
|
||||||
|
username2@frienddomain2:2222//home/username2 ssh_password2
|
||||||
|
...
|
||||||
|
#+END_SRC
|
||||||
|
|
||||||
|
Save and exit with *CTRL-x CTRL-s* then *CTRL-x CTRL-c*.
|
||||||
|
|
||||||
|
Now log in as root and edit the restore script.
|
||||||
|
|
||||||
|
#+BEGIN_SRC bash
|
||||||
|
su
|
||||||
|
emacs /usr/bin/restorefromfriend
|
||||||
|
#+END_SRC
|
||||||
|
|
||||||
|
Recover your backup password from your password manager and set the PASSPHRASE variable accordingly.
|
||||||
|
|
||||||
|
Save and exit with *CTRL-x CTRL-s* and *CTRL-x CTRL-c*.
|
||||||
|
|
||||||
|
Then use the command:
|
||||||
|
|
||||||
|
#+BEGIN_SRC bash
|
||||||
|
restorefromfriend <friends server domain name>
|
||||||
|
#+END_SRC
|
||||||
|
** On an existing Freedombone installation
|
||||||
|
This is for more common situations in which maybe some data became corrupted and you want to restore it.
|
||||||
|
|
||||||
|
Log in as root:
|
||||||
|
|
||||||
|
#+BEGIN_SRC bash
|
||||||
|
ssh username@domainname -p 2222
|
||||||
|
su
|
||||||
|
#+END_SRC
|
||||||
|
|
||||||
|
Then use the command:
|
||||||
|
|
||||||
|
#+BEGIN_SRC bash
|
||||||
|
restorefromfriend <friends server domain name>
|
||||||
|
#+END_SRC
|
1
faq.org
1
faq.org
|
@ -16,7 +16,6 @@
|
||||||
| [[How do I get a domain name?]] |
|
| [[How do I get a domain name?]] |
|
||||||
| [[How do I get a "real" SSL certificate?]] |
|
| [[How do I get a "real" SSL certificate?]] |
|
||||||
| [[Why use self-signed certificates?]] |
|
| [[Why use self-signed certificates?]] |
|
||||||
|
|
||||||
#+END_CENTER
|
#+END_CENTER
|
||||||
|
|
||||||
* Why not supply a disk image download?
|
* Why not supply a disk image download?
|
||||||
|
|
|
@ -10,7 +10,7 @@
|
||||||
|
|
||||||
#+BEGIN_CENTER
|
#+BEGIN_CENTER
|
||||||
#+ATTR_HTML: :border -1
|
#+ATTR_HTML: :border -1
|
||||||
| [[./variants.html][Variants]] | [[./installation.html][Installation]] | [[./usage.html][How to use it]] | [[./code.html][Code]] | [[./related.html][Related Projects]] | [[file:faq.html][FAQ]] | [[https://www.gnu.org/licenses/gpl-3.0-standalone.html][License]] |
|
| [[./variants.html][Variants]] | [[./installation.html][Installation]] | [[./usage.html][How to use it]] | [[file:backups.html][Backups]] | [[./code.html][Code]] | [[./related.html][Related Projects]] | [[file:faq.html][FAQ]] | [[https://www.gnu.org/licenses/gpl-3.0-standalone.html][License]] |
|
||||||
#+END_CENTER
|
#+END_CENTER
|
||||||
|
|
||||||
Today everyone is concerned about privacy on the internet. At the same time there's a problem with the companies who have traditionally provided most of the web services. The people running those companies may be well-intentioned - as in the famous motto "/don't be evil/" - but the advertising based business model which currently dominates, combined with an increasing level of political pressure to insert backdoors means that it is usually impossible for companies operating within both their own business models and the framework of national laws to provide you with services which don't intentionally leak your private communications to advertisers, insurers or governments.
|
Today everyone is concerned about privacy on the internet. At the same time there's a problem with the companies who have traditionally provided most of the web services. The people running those companies may be well-intentioned - as in the famous motto "/don't be evil/" - but the advertising based business model which currently dominates, combined with an increasing level of political pressure to insert backdoors means that it is usually impossible for companies operating within both their own business models and the framework of national laws to provide you with services which don't intentionally leak your private communications to advertisers, insurers or governments.
|
||||||
|
|
|
@ -752,23 +752,17 @@ function backup_to_friends_servers {
|
||||||
BACKUP_TO_FRIENDS_PASSPHRASE=$(openssl rand -base64 32)
|
BACKUP_TO_FRIENDS_PASSPHRASE=$(openssl rand -base64 32)
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! grep -q "With a USB drive attached just type" /home/$MY_USERNAME/README; then
|
if ! grep -q "backups on friends servers" /home/$MY_USERNAME/README; then
|
||||||
if [ ! -f /home/$MY_USERNAME/README ]; then
|
|
||||||
touch /home/$MY_USERNAME/README
|
|
||||||
fi
|
|
||||||
echo '' >> /home/$MY_USERNAME/README
|
echo '' >> /home/$MY_USERNAME/README
|
||||||
echo '' >> /home/$MY_USERNAME/README
|
echo '' >> /home/$MY_USERNAME/README
|
||||||
echo 'Backups' >> /home/$MY_USERNAME/README
|
echo 'Backups' >> /home/$MY_USERNAME/README
|
||||||
echo '=======' >> /home/$MY_USERNAME/README
|
echo '=======' >> /home/$MY_USERNAME/README
|
||||||
echo 'With a USB drive attached just type "backup" or "restore" when logged in as root.' >> /home/$MY_USERNAME/README
|
|
||||||
echo 'You will be asked to enter your GPG key passphrase.' >> /home/$MY_USERNAME/README
|
|
||||||
echo '' >> /home/$MY_USERNAME/README
|
|
||||||
echo "Passphrase for backups on friends servers: $BACKUP_TO_FRIENDS_PASSPHRASE" >> /home/$MY_USERNAME/README
|
echo "Passphrase for backups on friends servers: $BACKUP_TO_FRIENDS_PASSPHRASE" >> /home/$MY_USERNAME/README
|
||||||
echo "To add friends servers create a file called $FRIENDS_SERVERS_LIST"
|
echo "To add friends servers create a file called $FRIENDS_SERVERS_LIST"
|
||||||
echo 'and add entries like this:' >> /home/$MY_USERNAME/README
|
echo 'and add entries like this:' >> /home/$MY_USERNAME/README
|
||||||
echo '' >> /home/$MY_USERNAME/README
|
echo '' >> /home/$MY_USERNAME/README
|
||||||
echo 'username1@domain1//home/username1 ssh_password1' >> /home/$MY_USERNAME/README
|
echo 'username1@domain1:2222//home/username1 ssh_password1' >> /home/$MY_USERNAME/README
|
||||||
echo 'username2@domain2//home/username2 ssh_password2' >> /home/$MY_USERNAME/README
|
echo 'username2@domain2:2222//home/username2 ssh_password2' >> /home/$MY_USERNAME/README
|
||||||
echo '...' >> /home/$MY_USERNAME/README
|
echo '...' >> /home/$MY_USERNAME/README
|
||||||
echo '' >> /home/$MY_USERNAME/README
|
echo '' >> /home/$MY_USERNAME/README
|
||||||
echo 'The system will try to backup to these remote locations once per day.' >> /home/$MY_USERNAME/README
|
echo 'The system will try to backup to these remote locations once per day.' >> /home/$MY_USERNAME/README
|
||||||
|
@ -910,17 +904,11 @@ function restore_from_friend {
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! grep -q "Restoring from Backups" /home/$MY_USERNAME/README; then
|
if ! grep -q "restore from a friend's server" /home/$MY_USERNAME/README; then
|
||||||
if [ ! -f /home/$MY_USERNAME/README ]; then
|
|
||||||
touch /home/$MY_USERNAME/README
|
|
||||||
fi
|
|
||||||
echo '' >> /home/$MY_USERNAME/README
|
echo '' >> /home/$MY_USERNAME/README
|
||||||
echo '' >> /home/$MY_USERNAME/README
|
echo '' >> /home/$MY_USERNAME/README
|
||||||
echo 'Restoring from Backups' >> /home/$MY_USERNAME/README
|
echo 'Restoring from backups to friends servers' >> /home/$MY_USERNAME/README
|
||||||
echo '======================' >> /home/$MY_USERNAME/README
|
echo '=========================================' >> /home/$MY_USERNAME/README
|
||||||
echo 'To restore from USB backup plug in the USB drive then log in' >> /home/$MY_USERNAME/README
|
|
||||||
echo 'as root and just type "restore".' >> /home/$MY_USERNAME/README
|
|
||||||
echo '' >> /home/$MY_USERNAME/README
|
|
||||||
echo "To restore from a friend's server use the command:" >> /home/$MY_USERNAME/README
|
echo "To restore from a friend's server use the command:" >> /home/$MY_USERNAME/README
|
||||||
echo '' >> /home/$MY_USERNAME/README
|
echo '' >> /home/$MY_USERNAME/README
|
||||||
echo " $RESTORE_FROM_FRIEND_SCRIPT_NAME [server]" >> /home/$MY_USERNAME/README
|
echo " $RESTORE_FROM_FRIEND_SCRIPT_NAME [server]" >> /home/$MY_USERNAME/README
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
|
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
|
||||||
<head>
|
<head>
|
||||||
<title></title>
|
<title></title>
|
||||||
<!-- 2014-10-28 Tue 19:23 -->
|
<!-- 2014-10-29 Wed 19:02 -->
|
||||||
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
|
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
|
||||||
<meta name="generator" content="Org-mode" />
|
<meta name="generator" content="Org-mode" />
|
||||||
<meta name="author" content="Bob Mottram" />
|
<meta name="author" content="Bob Mottram" />
|
||||||
|
@ -173,6 +173,8 @@ for the JavaScript code in this tag.
|
||||||
|
|
||||||
<col class="left" />
|
<col class="left" />
|
||||||
|
|
||||||
|
<col class="left" />
|
||||||
|
|
||||||
<col class="left" />
|
<col class="left" />
|
||||||
</colgroup>
|
</colgroup>
|
||||||
<tbody>
|
<tbody>
|
||||||
|
@ -180,6 +182,7 @@ for the JavaScript code in this tag.
|
||||||
<td class="left"><a href="./variants.html">Variants</a></td>
|
<td class="left"><a href="./variants.html">Variants</a></td>
|
||||||
<td class="left"><a href="./installation.html">Installation</a></td>
|
<td class="left"><a href="./installation.html">Installation</a></td>
|
||||||
<td class="left"><a href="./usage.html">How to use it</a></td>
|
<td class="left"><a href="./usage.html">How to use it</a></td>
|
||||||
|
<td class="left"><a href="backups.html">Backups</a></td>
|
||||||
<td class="left"><a href="./code.html">Code</a></td>
|
<td class="left"><a href="./code.html">Code</a></td>
|
||||||
<td class="left"><a href="./related.html">Related Projects</a></td>
|
<td class="left"><a href="./related.html">Related Projects</a></td>
|
||||||
<td class="left"><a href="faq.html">FAQ</a></td>
|
<td class="left"><a href="faq.html">FAQ</a></td>
|
||||||
|
|
Loading…
Reference in New Issue