Hey,
actually I'm using pve backup to secure my vms/lxc onto my NAS in the same network. I start to use my ZFS for nextcloud and before I want to use it "productive" I want to adjust my backup.
Current setup
8-12x LXC
1-2x VM
Backup: VMS/LSC --> NAS via NFS
For Nextcloud
Goal
Onsite
VM/LXC
Proxmox → PBS Onsite → PBS Offsite
Offsite NUC pulls data: NUC → Proxmox:data_tank/nextcloud-data → NUC:backup_pool/nextcloud-data
Security
What do you think?
actually I'm using pve backup to secure my vms/lxc onto my NAS in the same network. I start to use my ZFS for nextcloud and before I want to use it "productive" I want to adjust my backup.
Current setup
8-12x LXC
1-2x VM
Backup: VMS/LSC --> NAS via NFS
For Nextcloud
Code:
#create datapool
zpool create -f -o ashift=12 <pool> raidz1 <device1> <device2> <device3> <device4> <device5>
#create datasets
zfs create data_tank/nextcloud-data
zfs set compression=lz4 data_tank/nextcloud-data
zfs set atime=off data_tank/nextcloud-data
#mount dataset to nextcloud container
pct set 115 -mp0 /data_tank/nextcloud-data,mp=/mnt/nextcloud-dataGoal
- Complies with the 3-2-1 backup strategy
- Protection against hardware failure, ransomware and site loss
- Scalable with growing storage needs
- Cost-efficient
Onsite
- Proxmox
- ZFS Dataset: data_tank/nextcloud-data
- VMs / LXC
- PBS Onsite (LXC on Proxmox)
- Storage: NAS (1x 8TB, no mirror)
- PBS (bare metal, 1x 8 TB)
- Datastore: backup_pool/pbs-datastore
- ZFS Pool
- backup_pool/nextcloud-data
- syncoid (Pull)
VM/LXC
Proxmox → PBS Onsite → PBS Offsite
- Backups are first performed locally
- Offsite PBS synchronizes automatically
Offsite NUC pulls data: NUC → Proxmox:data_tank/nextcloud-data → NUC:backup_pool/nextcloud-data
- Job runs on the NUC
- No push from Proxmox
Security
- Pull instead of push (ZFS)
- Versioning (PBS + ZFS snapshots)
- Separate systems
- No direct offsite write access
- Enable retention
- 24-hourly
- 7 days daily
- 4 weeks weekly
- Keep multiple backup versions
- No RAID necessary
- Multiple locations preferred over mirroring
- ZFS = Data
- PBS = Systems
- 3 copies (Proxmox + PBS Onsite + PBS Offsite)
- 2 media types (not quite, but zpool/raidz1 + NAS)
- 1 offsite location
Code:
#fast local restores
zfs snapshot data_tank/nextcloud-data@auto-$(date +%F-%H%M)
#offsite pbs
zfs set readonly=on backup_pool/nextcloud-data
zfs set readonly=off backup_pool/nextcloud-data
syncoid root@proxmox:data_tank/nextcloud-data backup_pool/nextcloud-data
zfs set readonly=on backup_pool/nextcloud-dataWhat do you think?
