Backup Considerations

2024-12-30

  1. preface
  2. two sides of the system
  3. my recent experience
  4. anticlimactic conclusion

preface

The last few days I’ve been working and battling with my backups and other recovery devices due to wanting to switch the main nvme drive on my thinkpad t470 that I use daily.

It was a nice way to ensure recoverability of my whole system on imaginable incidents that could happen, such as:

In the following I go through thoughts and the process of what I’ll change now to streamline the system to make it a faster recoverable and more reliant.

two sides of the system

There are two main sides that you want to consider when thinking about your computer:

  1. the OS-side: configuration, settings, programs, services, etc.
  2. the user-side: data

The user side you can easily take care of by just making backups, but for the OS side it takes some more.

Technically you could just make snapshots of your drive if you use zfs or btrfs but I don’t want to take everything with me on every reinstall, so that is not an option.

The much more reasonable option is to not use a imperatively declared operating system from the start. With this approach nothing really gets lost, you don’t just throw commands into your terminal to change things and instead you put the options you want to change just inside of a file and forget about it.

That way you can always “get back the progress you’ve had” and not go through the exactly same archwiki threads on every install of your system to get corny drivers to work.

my recent experience

The last days, as already previously said, I wanted to switch the sole drive in my daily driver, I thought about cloning it first to the other but came to the conclusion that I’d then never know if my backups worked out as I hoped they do.

I then let my laptop run some last backups and extracted them to see if everything is there, then I found some config dirs in there, added them to the exclude list of my borgbackup nix module and ran one last backup, switched the drives and then began figuring out how to do it.

My setup for the introduced OS- and data-side above is currently that nixOS takes care of the first and borgbackup together with a cheap 1TB Hetzner Storagebox of the later.

Of both I was sure that they work, I just did not have a streamlined way to deploy the whole config and to make e.g. a script I would have to start with figuring out what steps are even involved with installing everything.

In testing it I’ve found the following steps involved:

  1. Boot into nixOS live-iso
  2. Partition drive
  3. Install nixOS
  4. Clone [own nix config](https:/ /git.sr.ht/~d-rens/nixos-dotfiles)
  5. Renew hardware.nix
  6. Get age keys such that secrets can be deployed and system built
  7. Rebuild the config/system
  8. Retrieve the backup

Those are obviously too many steps, my ideal goal would be to install everything within one step and within 30 minutes.

I like the idea of getting robbed and not having to be concerned at all about giving the robber all my devices.

I could hand my thinkpad that has an encrypted drive without having to be concerned about security implications or me losing the data, knowing that within an hour I could completely recuperate from my losses.

But in that situation the following would also apply:

  1. No other host to retrieve the crypto keys from (age & gpg)
  2. No other host to install it from (shouldn’t solely rely on a remote install too)

Installing the whole system on only the host itself will require multiple steps and those are not scriptable as much as I’d like to due to having to retrieve crypto keys, the config and the backup from different places and in the middle of it also install nixos.

This makes me think there is no reasonable “one-command-solution” to streamline the whole process as it’d mean e.g. having all my crypto keys (even if encrypted) uploaded somewhere which I find uncomfortable.

=> I should just minimize the steps it takes.

anticlimactic conclusion

In conclusion, I will pick it up again when I want to procrastinate probably. I have currently things to do but already wanted to save my thoughts for later.