- Create a single LUKS container in a file stored on the backup storage.
- Mount the backup storage on your local VPS via SSHFS.
- Use Linux
cryptsetupto access the encrypted contained on your VPS.
- Mount a filesystem created inside it locally and rsync your backup data to it.
On a Debian-like system, install the following packages:
Note that it is probably convenient to have an SSH key without passphrase to automate things.
Creating the LUKS container
All paths below are matching the backup script and user
root is assumed, adapt to your needs.
umount /mnt/backup-crypt cryptsetup close backup fusermount -u /mnt/backup-soleus
Resizing the LUKS container
If you find that the LUKS container has too little space to contain your backups, it can fairly easily be resized. First mount the backup space, then extend the LUKS file, run the
resize command for the LUKS container, and then for the FS inside it:
This increases the backup container by 10GB.
After this setup, the shell script below should allow you to make backups. Of course the precise way and what to backup can be adapted in the
backup_run() function. You can for example create LVM snapshots of your logical volumes and backup these to guarantee a consistent state, or use hardlinks to keep full backups from multiple dates with little overhead, à la rsnapshot. I am doing both these things; feel free to contact me for more details.