This is not necessarily a privacy questions but I hope some people have a good idea.
I bought a big 2 TB external HDD which I would like to use to back up my /home folder.
The /home folder at the moment contains about 1.1 TB of data, so I cannot or don’t want to bother with versioning or keeping multiple incremental backups (like Borg-Backup or Duplicity). All I need is the latest version of everything, basically mirroring my /home folder to the external HDD, and deleting any files I deleted in my /home folder.
I would like the backup to be encrypted, of course.
I would like the backup to happen semi-automatically. Every time I plug in the drive, I want to be asked if I want to make a backup.
I want to exclude some folders from the backup
I prefer to have a GUI.
Bonus: I would like the backup to be “smart”, only copying the difference, especially for large files like a Virtual Machine image where the changes are small but the file is huge.
What’s the best solution?
Format the external HDD with LUKS encryption + an rsync command to mirror the home folder + some systemd service trigger when the disk is mounted?
The same but using Veracrypt instead of LUKS?
Some “easy” solution like Vorta Backup with password protection? But I find it a bit overengineered, I don’t care about keeping multiple versions of old backups.
Just wondering what others do for local encrypted backups.
Borg is indeed easy way of backup. It will give you some benefits like compression, de-duplication, versioning. Not sure why you refuse about several versions, but you may setup it for 1 single version. I use gui Pika Backup, because I have several setups to local and remote backups and seeing everything in a simple ui is convenient.
rsync will work. Idk if there is a gui. But you will probably need a script to open, mount, rsync files, unmount, close it. I see it as too much steps, and if something goes wrong?
VeraCrypt is even more complex solution with different containers/partitions, like wrong password opens hidden partition, sound really cool, but I never used it.
EDIT: The pitfalls of a direct mirror backup are somewhat mitigated by the fact that you seem to plug in your backup drive for backups and unplug it otherwise, which I didn’t notice until rereading your post for some reason, my bad . I’d still consider versioning in case you don’t notice an important file is missing until after you make a backup without it, though.
Original:
I’m not 100% sure I understand your use case, but if file changes/deletions are mirrored in real time, I fail to see how this is a proper backup. While the best case would be having some sort of off-site backup in the case that malware deletes/encrypts your files, including on your connected drives, making all of this a direct mirror doesn’t even protect you in the case that you accidentally delete a file or more naive malware messes with files only on your boot drive and leaves your backup drive alone. The only thing this setup would protect against is a complete hardware failure of your main drive, which is valid, but far from the only thing I would be concerned about as mentioned above. Given that you have nearly double your boot drive’s storage available on your backup drive, you can absolutely bother with versioning since many backup programs support incremental backups, meaning (depending on how sophisticated it is) only changed files/file contents will be backed up on top of your initial backup, often using very little extra space per additional version. With your amount of backup space, this theoretically means you’d have enough space for your initial backup as well as backups including changes to almost every single file. With a 1TB internal drive and a 2TB backup drive, I comfortably have a rolling 30-day incremental backup of my machine.
With a 1TB internal drive and a 2TB backup drive, I comfortably have a rolling 30-day incremental backup of my machine.
My internal drive is also 2 TB although some is taken by the system of course, which I’m not backing up. I tried Deja-Dup first (based on Duplicity) and after the first few days it started complaining about not enough space on the external disk. It said something like “980 GB of free space needed”. Ummm no, an incremental backup should not be more than 1 GB at most. Not sure what Deja-Dup is doing wrong.
Then I tried Vorta Backup, based on Borg. This was a bit more confusing to set up, with lots of settings. I ran it for a few days and it seemed fine (first day 1 TB with compression, next days 0.5 GB each). But when I tested the pruning feature by telling it to prune the first snapshot, it proceeded to completely delete it and when I tried to restore it just showed me a handful of files from the newer, small snapshots. Not sure if this is a bug in Vorta where the “pruning” button just deletes the whole thing without keeping the still-needed data, or if this is a design flaw in Borg somehow?
Last, I tried Pika-Backup but it just complained about a missing Gnome Keyring (I’m using KDE Plasma). Mind you, this was on the Flatpak version where you’d think everything is included. Also, I never had this problem with Deja-Dup or Vorta Backup.
But as multiple people here have specifically recommended Pika-Backup, I might give it another try and just format my external disk with LUKS encryption and then do the actual backup without password. That way the data is still protected, and Pika shouldn’t have to complain about Gnome Keyring.
What I tend to do is use syncthing to my server (that helps if a disk failed or couldn’t be detected) then rsync to external disk from there (luks encrypted).