MerkelBackup is a simple backup solution based on merkel trees. MerkelBackup backups are:
- Incremental: Files are split into chunks of 64MB and only changed chunks are stored.
- Encrypted: The data on the server is encrypted using chacha20, so that a compromise of the backup server does not leak the data.
- Deduplicated: File chunks and folders are stored by hash value in the merkel tree on the server, so duplicate files even from different servers are only stored once.
- Checksumed: File chenks and folders are stored in a merkel tree by hash value on the server, and the integrity of the data is validated on restore.
MerkelBackup consists of a server mbackupd and a client mbackup. The client connects to the server over a REST api.
To install the server and client extract the source and run
cargo build --release
cargo install --path . --root /usr
First create a config file in /etc/mbackupd.toml with content like below:
bind = "0.0.0.0:3321"
data_dir = "/var/mbackup"
ssl_cert = "/etc/cert.pxf"
ssl_key = "hunter1"
[[users]]
name = "backup"
password = "hunter2"
access_level = "Put"
[[users]]
name = "recover"
password = "hunter3"
access_level = "Get"
[[users]]
name = "admin"
password = "hunter4"
access_level = "Delete"
Make sure that /etc/cert.pxf
is a valid DER-formatted PKCS #12 archive for the host the backup server is running on,
and that ssl_key
is the key the certificiate is encrypted with. To generate a .pfx from an openssl certificate run
openssl pkcs12 -export -out cert.pfx -inkey key.pem -in cert.pem -certfile chain_certs.pem
Also make sure that the /var/mbackup
directory exists and is writable by whatever user you want the server to run as.
Finally you can run the backup server as
mbackup -c /etc/mbackupd.toml
Note that the server does not demonize, if you want that create a systemd service file or run the server through docker. Also note that the server uses simple http basic auth, and that the passwords are stored in plain text, so use long auto generated passwords like the output from
sh pwgen -n 30
First create a config file in /etc/mbackup.toml with content like below:
user = "backup"
password = "hunter2"
encryption_key = "MySecretEncryptionKey"
server = "https://backup.example.com"
backup_dirs = [
"/home/importantuser",
"/var/importantdata",
]
cache_db = "/var/cache/mbackup/cache.db"
Make sure that the /var/cache/mbackup/
dir exists and is writable by whatever user the backup client should be run as.
To perform a backup run
mbackup backup
To recover from a backup run
mbackup -c /etc/mbackup.toml --user recover --password hunter3 roots
To get a list of backup roots, find the id
of the root you want to restore from (say 42) and run
mbackup -c /etc/mbackup.toml --user recover --password hunter3 restore 42 -p /home/importantuser/mydir
To remove old backups and free up space run
mbackup -c /etc/mbackup.toml --user admin --password hunter4 prune --age 90
This will remove all backups older than 90 days.
To validate the integrety of the backedup date run
mbackup -c /etc/mbackup.toml --user recover --password hunter3 validate --full
This software has has not been tested extensively so use it at your own peril.