Thanks for the writeup, @secblocks. It’s a great idea to automate backups and your work shows some ways to do that in dom0.
You posted this in Community Guides, but you also identify an issue in your process around block devices that looks like a question. I’ll respond to that here. But you might have better luck posting in the User Support category if you want to work through this or other issues.
In this case, “device name” is probably something like /dev/sda, /dev/sda1, /dev/sdb, etc. These are the names that Linux assigns new block devices when it sees them. Is that what you see?
I’ve found that if I fail to detach the block device from the VM before I physically remove the device, then the system will assign the block device the next consecutive device name when I re-insert the device.
For example, I would plug the device in to my laptop and see /dev/sda and /dev/sda1 in the Qubes Devices menu. Then I would attach the block device to a VM, exactly like you do with qvm-block attach. Then, I would unplug the device from my laptop. Then, the next time I plugged the device into my laptop, it would show up as /dev/sdb and /dev/sdb1 in the Device menu. Is that also what you’re doing?
This is expected behavior. To avoid it, try this. Plug the device in and get a /dev/sd[x] name for it. Attach it to the VM. Before physically unplugging the device from the computer, go to the Qubes Devices menu and detach the device from the VM. Now, unplug and re-plug the device. Do you get the same name for the block device as you got before?
This will work reliably until you plug another USB SSD into a USB port before this one. The system assigns these names to devices on a first-come, first-served basis. So the first device could get /dev/sda while your backup device gets /dev/sdb.
You can not assign static block device names to USB devices that you see in the Qubes Devices menu. You might do better to skip automatic attachment entirely and attach the device manually whenever you plug it in.
However, you can get static block device names in the VM you attach the block devices to. Open a terminal in backup-vm before you attach the block device to it. Print the current static block device names with:
ls -R /dev/disk/*
These are the static names of the block devices already attached to backup-vm. Now, attach the block device from the USB SSD drive. Try this again:
ls -R /dev/disk/*
You should see new names in the output. These names are static across backup-vm restarts, USB attach/detach, and USB plug/unplug. You can use any of the new names to refer to your USB disk in backup-vm. That should help with the next step, automatically decrypting the block device in backup-vm.