Backup Strategy Request for feedback

Owing to my lack of knowledge about linux and programming in general I have found since moving to qubes that I have a tendency to break things and then feel the need to start from scratch lest one of my amendments have compromised the very foundations upon which (my) qubes is based.

I have therefore decided to have two installs, a test install (TEST) and a production install (PROD). Test is inentionally unencrypted; this has been done with the express intention of not allowing myself to start using it over PROD as my daily driver; on the other hand PROD will be encrypted to incentivize the opposite behaviour. Given a tendency to rush things without thinking of potential consequences until after the fact, I plan to have a minimum of one day difference between the two installs so that I have time to reflect on things before they go live.

Query: Does this disparity in encryption mean that I will not be able to use backups of TEST to populate PROD when I install it tomorrow? It’s no biggie if so, the plan was to develop best practices through iteration. but i guess i thought it might be a good idea to also do a dummy backup recovery install at least once, if only so that I have seen how such a thing is done in advance of a real DR situation.

Given the things I have read about a 3-2-1 backup strategy, my plan is to use two 4TB SATA SSD drives configured in a RAID 1 (already owned presently unused) format to both learn about using RAID to incrementally back up my 2 2TB Qubes M.2 installs (PROD on NVME, Test on SAtA) at the end of each day.

Query: Although I have managed to install the two drives into a RAID array on my motherboard, the drives didn’t show up when I installed TEST earlier (previously they showed up as two seperate drives). The windows documention for my B450-F mobo talked of drivers needing to be installed for RAID, but I couldn’t find any for Fedora. How do I set this array up to allow it to be recognised, preferably in a partitioned format to facilitate a mirror for each of my M.2 drives?

Beyond this mirror, I also have a 4TB external USB drive, which I plan to use to backup the RAID mirror at the end of each week.

Query: Is there a way to automate this process, either through backup software or through writing a script. If the only way is the latter, can you suggest some resources from which I can learn how to do so?

Finally, I have 500GB of offsite storage via Proton and plan to get the rest through a different provider because ideally I would like to keep the data and the OS stored separately. This backup would be done monthly. The offsite data backup would just be a snapshot of all my files and I anticipate it being much larger than my OS backup, particularly when I finsh setting up the plex media server that i plan to subsequently build (the 4tb drives were initially for this, but i have subsequently learned that SSd is not desirable for such a build). On the other hand I would like the OS offsite backup to be incremental, so that if I fuck something up and don’t realise before the change moves from TEST to PROD, I still have the capacity to row it back without needing to start from scratch again.

Query: Is this seperatiion of data OS desirable in your opinion? achievable?

I would be grateful for any feedback or suggestions you might have on this strategy.

  • I know I could just get another external enclosure and miss out the raid, but i want to learn about doing raid. If you think a different raid preferable let me know (I already have a spare should one fail).

No. LUKS drive encryption is independent of the Qubes backup tool’s encryption.

You’d probably be better off using software RAID (e.g., mdadm) rather than your motherboard’s “fakeRAID.” However, at this stage, I’d suggest skipping RAID so that you don’t overwhelm and confuse yourself. You can still use both drives (e.g., to have another backup of your backup), but trying to set up RAID at the same time as everything else (when you don’t really know what you’re doing yet) sounds like a recipe for pain, IMHO. If something goes wrong, you won’t know which is the cause, because you introduced so many new variables all at the same time.

I think a script would be best. I’d suggest familiarizing yourself with basic Bash scripting (which is not Qubes-specific) and the Qubes dom0 command-line tools. Just try doing it manually from the command line first. Then, once you got your desired workflow down, put it into a simple script.

I don’t understand the question. If you’re asking whether you should back up your own personal data separately from the OS system files, then in general, yes. However, it really depends on your needs. For example, someone who can’t afford much downtime might need to be able to restore an entire working system as soon as possible, which requires more storage. On the other hand, someone who has time to reinstall Qubes from an ISO need only worry about making sure their own irreplaceable data is safe. We can’t tell you your goals, only how to achieve them.

1 Like

I summarized and linked some refs to incremental backup discussions on Qubes here

Would be awesome if you can try (or even benchmark) some of the mentioned tools on your test installation !

And you’ll maybe end up adopting one of the tool / method in your prod environment :slight_smile: