# Encrypted incremental backups in QubesOS with BorgBackup => gemini://kenogo.org Homepage => gemini://kenogo.org/blog/ Blog ## Introduction The official backup tool of QubesOS does not support incremental backups. Just to backup my around 180GB of data to an external hard drive, it takes over 7 hours. Incremental backups are /much/ faster. [Borg] is my preferred backup tool, supporting encrypted incremental backups to a disk or to an SSH server. I make encrypted backups to [borgbase.com] and created a [qrexec] service for this purpose. It enables remote, encrypted, incremental backups even of network-isolated qubes. This blog post describes my approach. => https://www.borgbackup.org/ Borg => https://borgbase.com borgbase.com => https://www.qubes-os.org/doc/qrexec/ qrexec ## Architecture ```Architecture for creating qubes backups with Borg +----------------+ | sys-backup-mnt | +----------------+ ^ | qrexec v +------------+ split SSH +------------+ | sys-backup |<----------->| ssh-backup | +------------+ +------------+ ^ | SSH v +--------------+ | borgbase.com | +--------------+ ``` I don't run Borg directly from my app qubes, because that would mean having to enter the encryption password into a potentially untrusted qube. Instead, I use a disposable qube called sys-backup-mnt, which is network isolated. I mount the app qube's data in sys-backup-mnt using `qvm-block attach'. Then, I can run Borg from sys-backup-mnt. Since sys-backup-mnt is network isolated, I need an additional qube called sys-backup, which has SSH access to borgbase.com, using [split SSH] for authentication. The next section describes the qrexec service used for communication between sys-backup-mnt and sys-backup. Note that sys-backup only receives data from sys-backup-mnt which has already been encrypted by Borg and simply sends it on to borgbase.com over SSH. This is an important feature, since sys-backup is connected to the internet and thus should not be able to see the sensitive data of network isolated qubes. => https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/split-ssh.md split SSH # qrexec service The qrexec service can be created in the template qube of sys-backup, by creating the executable file `/etc/qubes-rpc/qubes.Ssh' with the following contents: ``` #!/bin/bash read args socat - "EXEC:ssh -o 'StrictHostKeyChecking=no' $args" ``` The client script can be created in the template qube of sys-backup-mnt, by creating the executable file `/usr/bin/qubes-ssh-client' containing: ``` #!/bin/bash { echo "$@"; cat } | socat - 'EXEC:qrexec-client-vm sys-backup qubes.Ssh' ``` # Using the service with borg Backups can be created with the qrexec service described above by following these steps: * Start sys-backup-mnt * Mount the LVM image of your app qube to sys-backup-mnt (see QubesOS documentation) * Run borg as usual from sys-backup-mnt, with the environment variable `BORG_RSH=/usr/bin/qubes-ssh-client' * Restart sys-backup-mnt before backing up another app qube. Since sys-backup-mnt is disposable, this ensures you start from a trusted environment. => https://www.qubes-os.org/doc/mount-lvm-image/ QubesOS documentation: Mount LVM images Of course this process can be automated by writing a script in dom0 that does the above steps for all the app qubes you want to back up. This is left as an exercise to the reader :-)