HomeBackup/README.md

# HomeBackup

Automated backup solution for a home lab: Raspberry Pis, OpenWrt router, Linux servers → Synology NAS.

## What it does

| What | How | When |
|---|---|---|
| Files, configs, Docker volumes | Restic → Synology REST server | Daily 02:00 |
| Full SD card image | dd → Synology NFS share | Monthly |
| OpenWrt router config | sysupgrade → Pi → Restic | Daily 02:30 |

## Quick start

### 1. Set up Synology

See [docs/synology-setup.md](docs/synology-setup.md).
Run `bash scripts/synology-setup.sh` (fill in your values first).

### 2. Fill in your inventory

Edit `ansible/inventory/hosts.yml` — replace all `192.168.x.x` placeholders.
Add per-device overrides in `ansible/inventory/host_vars/<hostname>.yml` if needed.

### 3. Configure secrets

```bash
# Edit vault with your passwords (do NOT commit unencrypted)
vi ansible/vault.yml    # fill in all CHANGEME values
ansible-vault encrypt ansible/vault.yml
```

### 4. Install Ansible on the control node

```bash
apt install ansible sshpass        # Debian/Ubuntu/Raspberry Pi OS
pip install ansible                # alternative
```

### 5. Deploy

```bash
cd ansible

# Deploy to all devices
ansible-playbook playbooks/deploy.yml --ask-vault-pass

# Deploy to a single Pi first (test run)
ansible-playbook playbooks/deploy.yml --limit pi1 --ask-vault-pass
```

### 6. Set up OpenWrt SSH key (one-time)

```bash
# On the router
ssh root@ROUTER_IP
ssh-keygen -t ed25519 -f /etc/dropbear/backup_id -N ""
cat /etc/dropbear/backup_id.pub

# Append the public key to authorized_keys on the receiver Pi
# (the Pi defined as openwrt_backup_receiver_host in group_vars/all.yml)
echo "PUBLIC_KEY_HERE" >> /home/pi/.ssh/authorized_keys

# Edit scripts/openwrt-backup.sh — set RECEIVER_HOST and RECEIVER_USER
# Then test:
ssh -i /etc/dropbear/backup_id pi@RECEIVER_HOST "echo ok"
```

### 7. Verify

```bash
# Check backup health on all Pis
ansible-playbook playbooks/check.yml --ask-vault-pass
```

## Directory layout

```
ansible/
  ansible.cfg
  vault.yml                    # encrypted with ansible-vault
  inventory/
    hosts.yml
    group_vars/
      all.yml                  # Synology config, restic settings
      pis.yml                  # Pi SSH auth and backup paths
      linux_servers.yml
    host_vars/                 # per-device overrides (create as needed)
  roles/
    restic-client/             # installs restic, systemd timer, repo init
    docker-backup/             # pre/post hooks to stop/start containers
    image-backup/              # monthly dd image via NFS
  playbooks/
    deploy.yml
    run-backup.yml
    check.yml
scripts/
  openwrt-backup.sh            # runs on OpenWrt (ash/busybox)
  synology-setup.sh            # one-time Synology bootstrap
docs/
  synology-setup.md
  restore.md                   # recovery runbooks
```

## Restore

See [docs/restore.md](docs/restore.md) for step-by-step recovery procedures.

## Adding a new device

1. Add to `ansible/inventory/hosts.yml` under the right group
2. Create `ansible/inventory/host_vars/<hostname>.yml` for overrides (optional)
3. Run: `ansible-playbook playbooks/deploy.yml --limit <hostname> --ask-vault-pass`