Rebuilding my miniserver

  • by

Two weeks ago, I launched into bringing up some new-to-me hardware and decided to re-mount most of the kit in my home rack. In the process, I broke a few things, and somehow couldn’t get my home server (what hosts this site) back online afterwards!! Ahhh! 🙁

Thankfully I had backups on another host, but backups were a bit old, so I lost a few things – two blog posts and a small window of emails (newer than the backup, older than the caches on my laptop). Nooo!! Much sad. They were good posts and will be missed.

Anyway… after reimaging the miniserver and reinstalling yunohost, I had a little trouble getting ssh access working because fail2ban kept banning me during the login process. Protip: use the admin user and their .ssh/authorized_keys file. Don’t try to add keys to an unprivileged user via PAM at this stage in the process! Maybe don’t ever do this. It doesn’t seem to be working in yunohost right now.

After getting SSH access restored, and whitelisting my internal network with

fail2ban-client set sshd addignoreip xx.xx.xx.0/24

I uploaded the backup, moved it to /home/yunohost.backup/archives/, then restored literally everything with one command:

sudo yunohost backup restore <name of backup file>

With that out of the way, I desperately wanted to be sure I wouldn’t have to go through this again. To that end, it seems like a glaring omission that yunohost doesn’t include automatic backups and backup rotation scripts, so I’ve added them.

Step 1: add this to root’s crontab

0 4    * * *         yunohost backup create

Step 2: add logrotate file

$ tee /etc/logrotate.d/backup << 'EOF'
/home/yunohost.backup/archives/* {
	rotate 5

Step 3: on another host, create a crontab to rsync files

0 12  * * *      cd /home/aeva/Backups && rsync -rav -e "ssh -i automation_rsa" [email protected]:/home/yunohost.backup/archives/* yunohost/

Now that would be even better with encrypted offsite backups, pushed from the server and rotated to keep fixed amount, but this is Good Enough For Now.