Souji Thenria

Setup backups using Kopia

Summary: A short guide how to configure backups using Kopia on Freebsd/OpenBSD and Linux

Created on:

-----

TL;DR I use kopia with SFTP and the StorageBox from Hetzner for my backups. Now you can continue with the section *StorageBox* setup.

For quite some time now, I have wanted to set up a proper backup solution for my servers and laptop. All of my servers run using FreeBSD or OpenBSD as an operating system.
I use ZFS as a file system on the FreeBSD servers and create periodic ZFS snapshots.

During Christmas time, I worked on a solution for that.

I found that Hetzner provides storage exactly for this purpose, the so-called StorageBox. A StorageBox provides you with a lot of cheap storage (below 4 Euro for 1TB at the time of writing) which can be accessed using different methods. It is important to note that you do not administrate the server; you can just access and create/delete stuff on it.

On the StorageBox, you can create up to 100 users with different login credentials and up to 10 snapshots. These snapshots are ZFS snapshots; they do not require a lot of storage since the snapshot only includes files that were changed or deleted after the snapshot was created.

But I do not want to upload unencrypted backups to some server I have no control over. That’s when I found the tool Kopia.
Kopia is written in Go, which results in easy cross-compilation for the operating systems I use (I think it is also available as a binary package for FreeBSD and OpenBSD).

StorageBox setup

On the StorageBox I created one user for each server. In case someone would be able to access a server and the backup repository, the attacker would only see backups for this server and not for all the other servers.
Users for the StorageBox can be created using the Hetzner Robot-Webinterface.
When Creating such a user, you can specify a root directory for the user. I created one directory for each server beforehand. The user cannot access anything above this directory. Hetzner StorageBox Users

Kopia setup on the servers

On the server, install Kopia by using the package manager or by building it from source.
I’ll use SFTP to transfer the backups from the server to the remote backup server. You can also use any of the other supported options by Kopia and the StorageBox.

The command to create a new repository is:

kopia repository create sftp \
    --path="kopia_repo" \
    --host="<hostname>.your-storagebox.de" \
    --username="<username>" \
    --sftp-password="<User-Password>" \
    --known-hosts="<Path to the known_hosts file>"

The --path= is the path where the new repository is supposed to be created on the remote location. I just created a new directory because using a . to specify the current directory resulted in an error for me. --host=, --username= and --sftp-password= should be prety self explanary. The last option, --known-hosts=, wants the path to the known_hosts file, which includes the fingerprint of the remote server. You must connect to the backup server at least once before creating the repository; otherwise, the creation command will cause an error.

After the creation of the repository, I run the command:
kopia repository validate-provider
It turned out that, for whatever reason, the command would sometimes not work directly after the repository creation, and I had to wait some minutes until it worked.

I also enabled compression for all my backups using:
kopia policy set --global --compression=zstd

By default, Kopia checks for updates after some time. I’m not a big fan of this and disabled this by removing the file ~/.config/kopia/repository.config.update-info.json.

Backup creation

You can just run the command kopia snapshot create <some dir> to create backups. To backup /usr, /etc and /var, the following commands need to be run:

kopia snapshot create /usr
kopia snapshot create /etc
kopia snapshot create /var

Crontab

After creating the initial backups, it might be desirable to automate the backup process. I used cron and the command kopia snapshot create --all, which creates new snapshots for all directories which already have a snapshot.

Connect to the repository from another device

kopia repository connect sftp \
    --path="kopia_repo" \
    --host="<hostname>.your-storagebox.de" \
    --username="<username>" \
    --sftp-password="<User-Password>" \
    --known-hosts="<Path to the known_hosts file>"

Other resources

Hetzner StorageBox
Kopia Geting Started

Tags: