As someone who’s been successfully breaking and maiming computers for around two decades, it’s surprising that I have been waltzing around without proper backups until last year. I knew the mantra: back up often, back up securely, back up remotely. I just figured it was more trouble than it was worth; I didn’t have anything really important to back up, anyway.
Now that I have started keeping track of my finances (more on that later) and feel that a computer crash would actually hurt in terms of losing documents, I decided to take a deeper look at making backups a part of my daily computing habits. Thankfully, Linux has a number of very useful tools for this, and with cloud storage more available than ever, backing up remotely is just as simple.
Backup tool
I run GNOME on my machines, so the first thing I looked at was Déjà Dup. It’s perfect for what I need: easy, automated, and encrypted. For my purposes, all I need to backup is my Documents folder. My pictures and videos are all on my mobile device at this point, and I have them backed up to Google Photos already. Music I generally stream from the internet these days. Everything else is pretty much expendable.
// Arch install:
# pacman -S deja-dup
All you need to do with Déjà Dup is give it a list of directories to backup, a place to put the backups, and a password if you want to encrypt them. Then, simply set it to backup at one of the given intervals (I back up every day) and tell it how long to keep them.
Going remote
Backing up to a local machine or file server is helpful for restoring files you delete accidentally or when your hard drive crashes, but it doesn’t help much if your house/apartment burns down. Remote backups are important! It’s also important to keep them secure, as you don’t want anyone snooping on your personal information.
Remote storage
Déjà Dup supports some of the common remotefs protocols (SSH, FTP, WebDAV, etc.) in case you have your own private server set up. For those of us that don’t, it also supports a few hosting services, but most of them are services you have to pay for, which I’m not so interested in doing considering the plethora of free options that are out there. You get 15GB from Google just for having a Google account. Dropbox offers 2GB for free. Since I’m just backing up a bunch of documents, space is not a huge concern (although I would have to upgrade a Dropbox account for a year’s worth of backups).
Although I could have gone the Google route, I decided to sign up for MEGA’s cloud storage service. Not only do you get 50GB for free, they also offer a desktop client for automatic syncing (much like Dropbox). This allows me to automate my backups to the cloud without the need for Déjà Dup to support the service directly.
Security
As for security, Déjà Dup already takes care of that, as everything is encrypted via GnuPG right off the bat. This is plenty of security for my personal needs.
Putting it all together
I have Déjà Dup set to backup my files into a hidden directory
in my home folder called .doc-sync
. Backups go in there automatically every
day.
Then I set up a Document Backups
folder in my Mega account and point Mega’s
desktop sync client at that .doc-sync
folder. Whenever Déjà Dup
adds something to that folder, it automatically gets uploaded to my Mega
account. Voila! Automagic remote backups!
Problems with my setup
Though I am quite happy to have nearly a year’s worth of backups up to this point, there’s still a few things I’m dissatisfied with.
Password is set in stone
First is that I can’t change my password on the backups once I set it. The sanctioned workaround for this is to simply move your backup directory or rename it, then start afresh[bug]. I was honestly confused by this because I thought Déjà Dup used GnuPG for “encryption,” and since I can change the password on a GnuPG key without changing the key itself, surely this is possible. This turned out to be a fundamental misunderstanding of how it is being used in Déjà Dup.
Déjà Dup uses GnuPG through duplicity
with a
“symmetric cipher” for encryption[link], which
is different from the asymmetric public-private keys you generate with the
gpg
command. The confusion was understandable, since both require
passphrases. I just assumed that Déjà Dup was hiding its use of a
GnuPG master key or subkey, when in fact it’s just using the password you
give it.
Can’t use my GnuPG keys to encrypt/decrypt my backups
Piggy-backing on the previous thought, it’d be nice if I could use a GnuPG key to encrypt my backups[bug]. Such a setup would fix the issue above; the key can stay the same, but I can change the password on the key to improve security. Also, as pointed out in the bug report, it would allow for automatic backups without the need to save the password on your machine or, if you decide not to save it, enter it every time you want to backup.
Solution?
Looking through the docs (or you may have noticed in the previously linked bug
report), duplicity
actually supports asymmetric GnuPG keys
[man], so moving to duplicity
would actually solve
those problems rather elegantly. I would end up losing the simple interface for
scheduling, doing periodic full backups, and deleting old ones that
Déjà Dup provides in the process though, but I might be able to
get that back with cron
(something I’ve never used before) or a systemd
unit file (something I’ve never written on my own). Seems like another
opportunity to learn something new!
Another boon to this solution is that duplicity
also supports sending files
directly to MEGA without the need for a sync client[man],
although the developer of Déjà Dup mentioned it may not be fully
reliable as of April last year[list]. That said, there’s a
bug report open for integrating more of the backends that
duplicity
supports into Déjà Dup itself.
Check back with me later. I might decide to go commando with my backups!