Centralised file backup qube (Cryptomator)

Glimmer868 · March 16, 2025, 1:41pm

I backup my templates and AppVMs occasionally via the Qubes backup tool but I would like to automate a more frequent cloud backup solution for some of my important files within my AppVMs. What I’m thinking is that I will create a centralised qube with access to cloud storage via Cryptomator. And I will somehow copy my important files from their respective AppVMs to the “Cryptomator” AppVM which will then back them up to cloud storage. This compartmentalises Cryptomator and the cloud storage apps to one place.

I’m wondering if there are any suggestions on the best way to get these files from their respective AppVM to the “Cryptomator” AppVM. I’d rather not punch holes in firewalls and have the qubes communicating directly via tcp so I’m thinking the most secure way would be to make use of qvm-copy, perhaps staging via ~/QubesIncoming and then onto the cloud storage from there. But it doesn’t seem very efficient.

Is there a better way? What about some kind of functionality similar to sharing a USB device from sys-usb to AppVM that might allow me to share a mount point from cryptomator-vm to AppVM?

Glimmer868 · March 16, 2025, 2:18pm

Replying to self but I found a similar discussion here so I think the solution will look similar.

whoami · March 16, 2025, 4:19pm

It is still not 100% ready but maybe this could guide you in coding it yourself.

whoami · March 17, 2025, 11:30am

@Glimmer868 beside the mounting approach, this is imo the most simple option.

qvm-run --pass-io SourceQube "tar cf - /home/user/foobar/" | qvm-run --pass-io DestQube "tar xvf - -C /"

qvm-run --pass-io SourceQube "cat /home/user/file.txt" | qvm-run --pass-io DestQube "cat > /home/user/file.txt"

Edit: Corrected 2nd option (thanks @solene).

solene · March 17, 2025, 1:09pm

a cat is missing in the destqube command, should be “cat > /home/user/file.txt” and >/dev/null is too much

qvm-run --pass-io SourceQube "cat /home/user/file.txt" | qvm-run --pass-io DestQube "cat > /home/user/destination.txt"

unman · March 17, 2025, 1:42pm

Alternative approaches would be to use rsync or syncthing over qrexec -
syncthing would provide a completely automated solution, which seems to
match your requirements.
I salt syncthing here with the packaged version
here. That provides a syncthing
server to access external nodes, and a syncthing qubes service that you
can enable between qubes.
If you only have a few files then a scripted qvm-copy would do - if you
have more than a few, and they change over time, then an automated
system would be better.
If you want advice on setting up one of these services just ask.

I never presume to speak for the Qubes team. When I comment in the Forum I speak for myself.

Glimmer868 · March 18, 2025, 6:43pm

Thank you @whoami and @solene - this seems like a lightweight solution that might suit my needs perfectly well.

Thanks @unman - you’ve given me plenty of topics to research there as I’m not familiar with any of them. I think I’m going to put in place the piped qvm-run solution immediately for a few essential files and then read up on your suggestions as a learning opportunity if nothing else.

kenosen · March 18, 2025, 7:32pm

Have you considered exploring wyng and wyng-util-qubes?

Glimmer868 · March 18, 2025, 7:36pm

Thanks - I haven’t although this particular backup requirement is to backup certain user files to cloud storage in a manner which allows them to be retrieved and used with very few tools. I’m thinking in cases where my PC blows up and I have to use another device until I can replace it. The other solutions seem to meet those needs for now though.

kenosen · March 18, 2025, 9:31pm

I’ve found the below, via rsync, rather painless and perfectly granular for those kinds of backups. It also uses salt as @unman suggested :