giteaadmin
/
HomeLabDocs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Upload files to "/"

This commit is contained in:
giteaadmin 2025-07-22 04:38:05 +00:00
parent 40857d58cb
commit b28d6a6f38
1 changed files with 100 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
homelab_backup_strategy.md Normal file
View File

@ -0,0 +1,100 @@
# 💾 Homelab Backup Strategy Overview
This document summarizes the complete backup and recovery approach used in the homelab, including local Proxmox backups, PBS datastore configuration, offsite replication to Backblaze B2, and automated database dumps for application data.
---
## 🔁 Local Backups with Proxmox Backup Server (PBS)
- **PBS Host**: `backup` (192.168.1.35)
- **Proxmox VE Host**: `proxmox04` (192.168.1.37)
- **Datastore Path**: `/mnt/backup_nvme` (label: `proxmox04-backups`)
- **PBS Web UI**: https://192.168.1.35:8007
### 🔐 Prune Policy
- Hourly: 7
- Daily: 4
- Weekly: 6
- Monthly: 2
- Yearly: 1
### 🔧 PBS Jobs
- **Garbage Collection**: Daily
- **Prune Job**: Daily at 03:30
- **Verification Job**: Not currently enabled
- **Notifications**: Enabled for all major events, sent to `root@pam`
### 📦 Encryption
- Local PBS backups: ❌ Not encrypted
- Offsite backups: ✅ Encrypted via `rclone crypt`
- Encryption keys and rclone config: Stored in Bitwarden under `homelab/`
---
## ☁️ Offsite Backup to Backblaze B2
- **Tool**: `rclone`
- **Remote**: `b2-pbs-encrypted:` (crypt wrapper on B2 bucket)
- **Sync Source**: `/mnt/backup_nvme`
- **Schedule**: Nightly via cron
- **Retention on B2**: 30-day file versioning via Backblaze lifecycle policy
### 🛠 rclone Script Path
- `/usr/local/bin/rclone-pbs-sync.sh`
### 🔄 Cron Job (on PBS)
```cron
0 2 * * * /usr/local/bin/rclone-pbs-sync.sh >> /var/log/rclone-pbs-sync.log 2>&1
```
### 🧪 Verification
- Manual B2 restore test recommended monthly
- Backblaze costs: ~$5/year for storage + 3x restores
---
## 🧰 Application-Level DB Backups
### 📸 Immich
- **LXC Container**: 109
- **Engine**: PostgreSQL (internal)
- **Script**: `/usr/local/bin/immich-db-backup.sh` (on Proxmox04)
- **Dump Path**: `/mnt/backup_nvme/db_dumps/`
- **Schedule**: Daily at 04:30
### 📦 Nextcloud
- **LXC Container**: 115 (Nextcloud AIO via Docker)
- **Engine**: PostgreSQL (Docker: `nextcloud-aio-database`)
- **Script**: `/usr/local/bin/nextcloud-db-backup.sh` (inside LXC 115)
- **Dump Path**: `/mnt/nc_data/db_dumps/`
- **Schedule**: Daily at 04:00
### 📦 Dump Retention
- Both scripts auto-delete files older than 14 days
- Dumps are automatically included in `rclone` sync to B2
---
## 🧠 Bitwarden Secrets
- **Storage Location**: Bitwarden Vault > `homelab/`
- **Contains**:
- PBS login credentials
- rclone crypt passwords
- PostgreSQL usernames/passwords (Nextcloud, Immich)
- Cloudflare tunnel tokens
---
## ✅ Summary
- Local PBS backups: retained with deduplication
- Encrypted offsite backup: B2 with rclone crypt
- Application DB dumps: daily, compressed, auto-cleaned
- Offsite B2 costs: minimal (~$5/year)
- Disaster recovery strategy: fully documented
---
Created: 2025-07-22
Maintainer: chris.darrigo@gmail.com
Stored in: Gitea (`HomeLabDocs`)