1w ago

How and where should I keep backups of system configurations?

Sorry for adding to the massive pile of backup-related question, but I could not figure out how to manage backups from existing answers..

I want to backup my VPS setup (think container-defining files, its volumes, and etc configs), but am unsure where to put it. Does keeping these in the VPS itself make sense? If so, how do I create and manage the backup?

Also, I would need a remote copy - what is the good location for this? I wish I could copy to my laptop, but obviously I cannot do that automatically. Should I pay money for a backup? I want to avoid paying lots of money just for backups. Thanks in advance!

27 comments

Create git repo
Put all config in git repo
Create repo on codeberg
Clone git repo to both VPS and laptop
No extra money needed
- Make sure to not check in secrets in plaintext. git crypt is one way to encrypt secrets before checking them in.
  
  I suggest SOPS
- Codeberg sounds like a good way! I was concerned about server config being stored on self-hosted forgejo (which is configured by the very server config), turns out that need not be the case.
- Edit: Was asking about the config targetting process for git (not how to use git) and was going to ask an AI to do some googling for me.
  
  Please don't use AI for simple things like this.
  The Odin Project has a tutorial on Git Basics and a guide on Setting Up Git. The instructions are roughly the same whether on Github, Codeberg, etc.
  Once you have the repository, it's as simple as:
  sh
  
  git add . git commit -m "Updated config" git push origin main
  
  https://docs.codeberg.org/getting-started/first-repository/
  Follow this, should suffice

Ansible if you want to do it the right way.
Or keep all of your configs in one tree and use syncthing on it If you want to phone it in. Turn on versioning call it a night.
- Thanks! I gotta get my hands on Ansible, was reluctant as I've heard it can be complicated. Should see myself!
  
  Ansible's not all that bad. The alternatives are far more complicated.
  Jeff geerling has a bunch of videos on ansible 101.

Better question: Have you looked into infrastructure as code? (IaaC) you can define everything in a Git repo and then create everything in a repeatable way.

I'd get familiar with deploying these with some infrastructure-as-code tools, and keep a git repo. Ansible is pretty easy to get started with.
- Git might be over engineered for this purpose. Maybe SVN?
  
  You joking?

Look at tools like kopia and restic. Depending on how much data you have, it should be relatively cheap to back up to backblaze b2.

If you haven't played with Pulumi (for configuring cloud services) and Ansible (for local services, shell commands, apt installs etc) you may enjoy them as a way to capture / re-apply configuration.

Most of the time the VPS provider offers some backup solution. It's not only about your configuration files which can easily be recreated, but about all the user data like pictures databases, etc. Which once lost can't be recovered.
Best practice is a 3-2-1 backup: https://www.backblaze.com/blog/the-3-2-1-backup-strategy/
But you could back up your stuff on your laptop if you want, it's not such a bad idea actually. For that you trigger the backup script from your laptop, you can do it automatically there too. This makes sure that the laptop is on while you're doing the backup.
The easiest way is a crown job and a bash file which runs a couple of rsync commands to get specific files and directories from the server via ssh.
A more involved way would be a backup system like restic, which does a lot of things for you but is a bit more involved to set up.

I keep my server backups on a dedicated backup server.
- real question though is do you back up your backup server?

Etckeeper

Lots of good ideas.
I'm a fan of stow-like tools, but there are advantages to using something like Salt (or similar) if you're dealing with VPSes that share don't common configs like firewalls. There's a lot to learn with things like salt/chef/puppet/attune/ansible, whereas something like yas-bdsm, which is what I'm currently using, is literally just:
Keep your configs in a git repos, in a structure that mirrors your target
Run a command and it creates symlinks for the destination files
Commit your changes and push them somewhere. Or just restic-backup the repos.
The config file formats are irrelevant; there's no transformation logic to learn. Its greatest feature is its simplicity.

27 comments