Hello,

I am looking for recommendations for a service provider of immutable backup that has options for a homelab user.

My research has led me to services with expensive options, or no pricing at all unless you ask for a quote.

Thank you

  • schizo@forum.uncomfortable.business
    link
    fedilink
    English
    arrow-up
    11
    ·
    edit-2
    5 months ago

    How immutable do you need?

    S3 offers a flag that prevents modification or deletion for a set period, and afaik basically every S3-compatible provider offers that.

    I use that along with a lifecycle rule to maintain my backup buckets on iDrive.

    If you need a ‘you cannot touch this and the provider has no way of allowing it’ then you’re talking specialized corporate talk-to-a-sales-person-for-a-quote, as you found out.

    Edit: if you don’t need cloud, there’s options for WORM media from the humble BluRay to fancy SSDs that don’t allow deletion.

    • Croquette@sh.itjust.worksOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      5 months ago

      My goal is that if for whatever reason, my homelab is compromised, I will be able to at least restore my important data.

      If i can modify the data on the other end, but cannot from my proxmox, then its fine.

      I would like a offsite solution in the future, but for now it’s going to be a cloud for data blob only.

    • Croquette@sh.itjust.worksOP
      link
      fedilink
      English
      arrow-up
      4
      ·
      5 months ago

      Thanks, from another link in this thread, Borg seems to have wrapper options as a complement to its features.

  • ubergeek77@lemmy.ubergeek77.chat
    link
    fedilink
    English
    arrow-up
    7
    ·
    5 months ago

    I use Backblaze B2, but stored in an encrypted Restic container, set up using this guide:

    https://helgeklein.com/blog/restic-encrypted-offsite-backup-with-ransomware-protection-for-your-homeserver/

    Restic has been great for automating backups, and even letting me mount the encrypted storage to grab individual files. I like doing it this way since I don’t have to trust Backblaze isn’t reading my data - I know for sure that they can’t.

    Performance of storage that is both remote and encrypted is about what you would expect, but I don’t need access to the data unless something bad happens.

    • Croquette@sh.itjust.worksOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      5 months ago

      Thats a great link, it lists a lot of options and gives a good explanation on how to setup the author’s choices.

      • explore_broaden@midwest.social
        link
        fedilink
        English
        arrow-up
        3
        ·
        5 months ago

        I use backblaze storage with Kopia, which supports using object lock. Every time a backup is made the objects for it are locked for a configurable amount of time. I use 30 days, so an attacker would have to compromise my backup software for a month before being able to erase my backups.

          • explore_broaden@midwest.social
            link
            fedilink
            English
            arrow-up
            2
            ·
            5 months ago

            Also only differences are stored, so if your files don’t change much each backup costs very little. I keep hundreds of backups for the previous year of changes, and it uses less than double the amount of storage the files take up. You can also enable compression, which I do, so it’s even smaller.

  • Shimitar
    link
    fedilink
    English
    arrow-up
    2
    ·
    5 months ago

    Restic or Borg on your side, a safe and remote destination on the other side.

    use restic, with backrest web GUI, and cannot be happier.

    As for remote site, I use a remote machine I rent, but there are plenty of providers around, shop a bit… Or find a friend for reciprocal backup?

    • Croquette@sh.itjust.worksOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      5 months ago

      My plan is to build a second server that I will leave at my inlaws’ house and use that, but for now, I will rent a cloud while this happens.