My backup tape stacker died recently, so I had to look for alternate cheap backup solutions. Goodbye Amanda! snif Recent tape drives being prohibitively expensive, I went for two more 200gb disks, one for the living-room machine (aka. tosspot) and one for an usb enclosure and transfer via sneaker-net to the office.
So far, so good. The choice of available software, however, and my paranoia re backup storage have an intersection close to \epsilon: backuppc doesn't encrypt. boxbackup does, but is a bit rough and needs loads of certificates to get anything done. On a comparison page about boxbackup I found a link to duplicity which has a very nice feature set which meets my ideas of backup pretty nicely:
- Everything happens on the client, the server only needs to give scp/ftp/rsync/s3 access.
- Symmetric or asymmetric encryption, encrypt-but-not-sign as well.
- a way to do incrementals that shows deleted files, while still not needing anything but gpg and tar to restore (if you've lost the duplicity program).
- Doesn't need to decrypt anything for doing incrementals, if you give it a little space on the local machine.
However, it's got a fair number of minor problems as well. Quite some debugging and head-scratching and four bug reports later (one two three for duplicity, two with patches and one for rsync with a patch as well) I'm now set: a dumb rsync server with some disk behind it, encryption (but no signing) to my gpg key happening on the clients, the result of which ends up on the server. To do incrementals cleanly, a little unencrypted space (--archive-dir) is set aside on the clients, where duplicity can store some hashes and other info of the files it's backing up.
I still don't like python much but I'm at least reaching that debugging-and-mini-maintenance-hacking level. Syntactic whitespace sucks.