Moving from BackupPC to Attic
19 May 2015Trying new software can be fun!
I’ve been using BackupPC as a backup system for my local computers. It has saved my ass a few times already. What I don’t really like is the “pull” approach it uses. You need to able it to access directly the files you want to backup from remote. It supports SMB as well as SSH, but I barely use any kind of Windows system anymore.
Since some people have given Attic a try and were happy with it I decided to try it myself.
This is how I use it:
- I have a backup server hosting all the repositories
- This server backups itself locally
- Other computers push their own backups
All the following happens on Debian Jessie.
# Remote automated backups
On the backup server:
# apt-get install attic
# mkdir -p /backup/attic
# cd /backup/attic
# useradd attic -d /backup/attic -s /bin/bash
# echo "umask 0077" >> /backup/attic/.bashrc
On the system to backup:
# apt-get install attic
# ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa_attic
Copy that in /backup/attic/.ssh/authorized_keys like so
from="10.10.10.10",command="attic serve --restrict-to-path /backup/attic/pc1.attic" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1BaDZxoljGUv7Gh7qB3vOJ9O0tNy6NvZprZTB40inLLRonR4AxqCYdYF19uckFF8O4WBTzysbqAjQuLEA+qPzVY+T/j9XDyAmH2oljXPSAHCW/d/qZi3XPNYgUisnQLlIqYoGHtTeGQunLKSP8oK6g51NoJntTivsRnEf+sTL/p0raDN7E3Po8Y2r1eN41c1K1q790waD9lmdpGe5VyzEaE/uO9VvuPplrdkP+ELHJOEBeIZD6x4ZCAsopXoKmgUqgmXf1EpnKkWPjgSr/3zVLYwg0F8nln1qnR2IV3QDxYwOXFjZ0RVps/ADCJncUh4ZVVP7y7uzeGOOtdBCIs4VMWHdoNJaYolBDjtkC8JhoAMOJ3t0yy5i56C+QwOILZpPgJrz/uAbFabmNGZD/F8tfneTXgiCPa1TssP6QzA/Eku1bcKwREK7nrY6rC7uurbaSqdZQRMcnsvrNYmJ249u99pBoe3MdScfVSpSj9Sd2ZB7fL7MvTIwvBl83wreiO+LXhQXgkte0fPDEDVcGVPAJqCGrYArsJS3HEM4COorAeR7GsvFKrYksgY7yVkPDc5K6GDHalkXJn4dpPjJDprP/9/qHeuxRUoObNEG9nYL/ry8ym/rEU3NU0AqGq8tL+5c8lq+wHsE9iNNb95sCCRHUErXyH0VOKlapffAkDRRSQ== root@pc1
I’ve shamelessly copied the automated backup script from Attic website
#!/bin/sh
REPOSITORY=attic@backup.server:pc1.attic
export ATTIC_PASSPHRASE="some awesome and long passphrase"
attic create --stats \
$REPOSITORY::pc1-`date +%Y-%m-%d` \
/etc \
/home \
/root \
--exclude '*.pyc'
# Use the `prune` subcommand to maintain 7 daily, 4 weekly
# and 6 monthly archives.
attic prune -v $REPOSITORY --keep-daily=7 --keep-weekly=4 --keep-monthly=6
Add this to some daily cron, then back on the backup server:
# su attic
$ attic init -v --encryption=passphrase pc1.attic
And feed it the same passphrase as the one from the previous script.
WARNING: be sure to save the passphrase somewhere else! In case of a failure on pc1, you’ll also lose the backup script, and the corresponding passphrase.