lutz/HomeBackup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
980d90dd51f9414b60e6a41bdb6c04cc1b4d0b89
HomeBackup/README.md
Lutz Finsterle 980d90dd51 Initial commit
2026-02-21 16:47:41 +01:00

3.1 KiB
Raw Blame History

HomeBackup

Automated backup solution for a home lab: Raspberry Pis, OpenWrt router, Linux servers → Synology NAS.

What it does

What How When
Files, configs, Docker volumes Restic → Synology REST server Daily 02:00
Full SD card image dd → Synology NFS share Monthly
OpenWrt router config sysupgrade → Pi → Restic Daily 02:30

Quick start

1. Set up Synology

See docs/synology-setup.md. Run bash scripts/synology-setup.sh (fill in your values first).

2. Fill in your inventory

Edit ansible/inventory/hosts.yml — replace all 192.168.x.x placeholders. Add per-device overrides in ansible/inventory/host_vars/<hostname>.yml if needed.

3. Configure secrets

# Edit vault with your passwords (do NOT commit unencrypted)
vi ansible/vault.yml    # fill in all CHANGEME values
ansible-vault encrypt ansible/vault.yml

4. Install Ansible on the control node

apt install ansible sshpass        # Debian/Ubuntu/Raspberry Pi OS
pip install ansible                # alternative

5. Deploy

cd ansible

# Deploy to all devices
ansible-playbook playbooks/deploy.yml --ask-vault-pass

# Deploy to a single Pi first (test run)
ansible-playbook playbooks/deploy.yml --limit pi1 --ask-vault-pass

6. Set up OpenWrt SSH key (one-time)

# On the router
ssh root@ROUTER_IP
ssh-keygen -t ed25519 -f /etc/dropbear/backup_id -N ""
cat /etc/dropbear/backup_id.pub

# Append the public key to authorized_keys on the receiver Pi
# (the Pi defined as openwrt_backup_receiver_host in group_vars/all.yml)
echo "PUBLIC_KEY_HERE" >> /home/pi/.ssh/authorized_keys

# Edit scripts/openwrt-backup.sh — set RECEIVER_HOST and RECEIVER_USER
# Then test:
ssh -i /etc/dropbear/backup_id pi@RECEIVER_HOST "echo ok"

7. Verify

# Check backup health on all Pis
ansible-playbook playbooks/check.yml --ask-vault-pass

Directory layout

ansible/
  ansible.cfg
  vault.yml                    # encrypted with ansible-vault
  inventory/
    hosts.yml
    group_vars/
      all.yml                  # Synology config, restic settings
      pis.yml                  # Pi SSH auth and backup paths
      linux_servers.yml
    host_vars/                 # per-device overrides (create as needed)
  roles/
    restic-client/             # installs restic, systemd timer, repo init
    docker-backup/             # pre/post hooks to stop/start containers
    image-backup/              # monthly dd image via NFS
  playbooks/
    deploy.yml
    run-backup.yml
    check.yml
scripts/
  openwrt-backup.sh            # runs on OpenWrt (ash/busybox)
  synology-setup.sh            # one-time Synology bootstrap
docs/
  synology-setup.md
  restore.md                   # recovery runbooks

Restore

See docs/restore.md for step-by-step recovery procedures.

Adding a new device

  1. Add to ansible/inventory/hosts.yml under the right group
  2. Create ansible/inventory/host_vars/<hostname>.yml for overrides (optional)
  3. Run: ansible-playbook playbooks/deploy.yml --limit <hostname> --ask-vault-pass
Reference in New Issue View Git Blame Copy Permalink