Imho it's a bad idea to have your backups inside your prouction environment. Imagine something bad happens ( hardware error, ransomware) you will need your cluster to restore your cluster. Even worse: If some bad actor manages to take over your cluster he can also access your backups.
So I wouldn't do this without some mitigations, some ideas:
- Keep your vmware pbs to have another local copy ( also good for fast restores)
- Use the PBS vm/lxc only as relay to be able to do fast backup / restore without needing acess to the vmware pbs or s3 storage. That way your pc doesn't need to run all the time
- Configure the permissions that each PBS can read/pull backups of each other nut not write/remove/modify them.
- D'ont use your PBS vm/lxc inside the cluster for the s3 aceess so a bad actor doesn't get it's acess infos (user, password, api tokens). Instead use your vware pbs for pushing to s3.
- Alternatively get a cheap cloud vserver, install PBS on it and use this PBS for pulling backups from your cluster pbs/vm andpushing them to S3.
- You could even create firewall rules which would allow access to the offsite or vmware pbs only from your pc (since for a pull sync no open incoming port is needed on the pulling pbs).
You should also have muliple copies. More on this and the whole permission business can be found in the manual:
https://pbs.proxmox.com/docs/storage.html#ransomware-protection-recovery
Finally: Don't forget to test restores from time to time.
Update: It might make sense to have some automatism/script for the power up pc/start vmware pbs/sync backups dance, so you don't need it running the whole time but can't forget it.
