Let’s assume the following structure:
- Personal VM (offline)
- Audio (500GB)
- Video (500GB)
- Photos (500GB)
- Documents (500GB)
- Vault VM (offline)
- Keepass DB (1MB)
- PhoneBackup VM (from phone via Syncthing to VM over local network, restricted network access)
- Phone Backup (50 GB)
- Backup VM (offline)
- [used for Qubes Backup]
- How would you store the Audio/Video/Photo/Document data?
a. On an encrypted partition which is mounted to /home of the Personal VM?
b. Directly inside the Personal VM storage (which is stored on the Qubes partition)?
- I tend trust all Audio/Video/Photo/Document data equally well? Would you still seperate it to different VMs? My fear of further separation is that it would make the backup even more complex.
- How would you do a weekly full backup of the data to an external drive?
I’m thinking about writing a Dom0 script, triggering the following steps:
- [User connects (encrypted) external harrdrive]
- Attach the external harddrive to the Personal VM → run Rsync to sync only what has changed (and not the complete 2TB all the time)
- Attach the external harddrive to the Personal VM (and mount it as e.g. /home)
- Copy the Keepass DB from the VaultVM to the Backup VM (because I want it directly on the harddrive and not packaged inside a Qubes Backup)
- Trigger Qubes Backup, which includes the data of PhoneBackup VM and all my VMs (but not the large amount of data of the PersonalVM)
- Unmount the external harddrive
I currently see the following drawbacks:
- I have to enter the password of the external harddrive twice (in step 1 and 2)
- Copying data from the Vault VM to the Backup VM cannot be fully automated because the copy dialog will come up and ask me where to copy the data
- The 50GB of PhoneBackup are always synced as a whole and not only the differences
Thanks in advance!