Backup Infrastructure

Quick Overview

Purpose: Centralized backup strategy for all critical systems
Primary Storage: LortiNAS (Central Repository)
Secondary Storage: SYNLORTINAS (Archive & Media)
Backup Software: Duplicati, Proxmox VE, Native Tools
Status: 🟢 Operational

📋 Description

This comprehensive backup infrastructure ensures data protection across physical servers, virtual machines, containers, and NAS devices. The system implements a 3-2-1 backup strategy with automated schedules, versioning, and off-site replication capabilities.

🏗️ Architecture Overview

🖥️ Infrastructure Components

Storage Devices

Primary Storage: LortiNAS

Central Backup Repository

LortiNAS serves as the primary destination for all backup operations

Attribute	Value	Purpose
Type	NAS Server	Backup Storage
Capacity	20TB	Usable space
RAID Level	RAID 5	Data protection
Network	1 Gbps	Fast transfers
Location	On-premise	Local backups

Backup Types Stored:

• ✅ Daily Proxmox VM backups
• ✅ Duplicati file and database backups
• ✅ Container volume snapshots
• ✅ Configuration backups
• ✅ Yearly SYNLORTINAS archives

Secondary Storage: SYNLORTINAS

Attribute	Value	Purpose
Type	Synology NAS	Media & Archive
Capacity	40TB	Large storage
RAID Level	RAID 6	High redundancy
Primary Use	Active Storage	Live data
Backup Role	Source & Target	Dual purpose

Content Types:

• 📸 Historical photo archives
• 🎬 Media files and libraries
• 📁 Shared documents
• 🗄️ Long-term archives

Compute Resources

Proxmox VE Cluster

The main virtualization platform running critical workloads:

Host	Role	VMs/LXCs	Backup Schedule
LORTVMH1	Primary	8 VMs, 5 LXCs	Nightly @ 2 AM
LORTVMH2	Secondary	6 VMs, 3 LXCs	Nightly @ 3 AM

Virtual Machines

🏠 HASSIO (VM 420)

• Purpose: Home Assistant instance
• Backup: Daily snapshots + config export
• Retention: 7 daily, 4 weekly
• Critical Data: Automations, device configs

🐧 Ubuntu Docker VM (VM 100)

• Purpose: Main Docker host for services
• Backup: Daily full VM + Duplicati
• Retention: 7 daily, 4 weekly, 12 monthly
• Critical Data: Container volumes, databases

🔴 CentOS Docker VM (VM 101)

• Purpose: Legacy container workloads
• Status: ⚠️ Deprecated - Migration planned
• Backup: Weekly only
• Retention: 2 weekly snapshots

LXC Containers

Container	Purpose	Backup Frequency
Cloudflared	Secure tunnels	Daily
Nginx Proxy	Reverse proxy	Daily
Monitoring	Grafana/Prometheus	Weekly

Backup Software

Duplicati Configuration

Important Configuration

Duplicati handles critical application data backups

Ubuntu Docker VM Instance:

Container: duplicati
Port: 8200
WebUI: http://192.168.1.38:8200
Storage Backend: Local folder (NFS mount to LortiNAS)
Encryption: AES-256

Backup Jobs:

Job Name	Source	Schedule	Retention
Databases	/backup/databases	Daily 1 AM	30 days
Docker Volumes	/var/lib/docker/volumes	Daily 2 AM	14 days
Configurations	/backup/configs	Daily 3 AM	60 days
Documents	/backup/documents	Weekly	52 weeks

Proxmox Backup Configuration

# Backup Storage Configuration
Storage: backup-lortinas
Type: NFS
Server: 192.168.1.80
Path: /volume1/proxmox-backups
Content: VZDump backup file

# Default Backup Options
Mode: Snapshot
Compression: ZSTD
Encryption: Optional

📅 Backup Schedules

Automated Backup Timeline

Retention Policies

📊 Detailed Retention Matrix

Data Type	Daily	Weekly	Monthly	Yearly	Total Storage
VM Backups	7	4	12	2	~2TB
Databases	30	-	12	1	~500GB
File Backups	14	8	12	2	~1TB
Configurations	30	-	-	5	~50GB
Media Archives	-	-	-	∞	~15TB

🔄 Backup Procedures

Pre-Backup Scripts

Database Backup

/scripts/backup-databases.sh

#!/bin/bash
# Database backup script - runs before Duplicati

BACKUP_DIR="/backup/databases"
DATE=$(date +%Y%m%d_%H%M%S)

# Backup MySQL/MariaDB
echo "Backing up MySQL databases..."
docker exec mysql mysqldump --all-databases \
  --single-transaction \
  --quick \
  --lock-tables=false \
  > "$BACKUP_DIR/mysql_$DATE.sql"

# Backup PostgreSQL
echo "Backing up PostgreSQL databases..."
docker exec postgres pg_dumpall \
  -U postgres \
  > "$BACKUP_DIR/postgres_$DATE.sql"

# Backup MongoDB
echo "Backing up MongoDB..."
docker exec mongodb mongodump \
  --out "$BACKUP_DIR/mongodb_$DATE"

# Compress old backups
find "$BACKUP_DIR" -name "*.sql" -mtime +7 \
  -exec gzip {} \;

echo "Database backup completed!"

Container Backup

/scripts/backup-containers.sh

#!/bin/bash
# Container volume backup script

BACKUP_DIR="/backup/containers"
DATE=$(date +%Y%m%d)

# Stop containers for consistency
docker-compose -f /app/docker-compose.yml stop

# Backup volumes
for volume in $(docker volume ls -q); do
  echo "Backing up volume: $volume"
  docker run --rm \
    -v $volume:/source:ro \
    -v $BACKUP_DIR:/backup \
    alpine tar czf /backup/${volume}_${DATE}.tar.gz \
    -C /source .
done

# Restart containers
docker-compose -f /app/docker-compose.yml start

echo "Container backup completed!"

🔐 Security & Encryption

Backup Encryption

Security Requirements

All backups containing sensitive data MUST be encrypted

Backup Type	Encryption	Method	Key Storage
Duplicati	✅ Yes	AES-256	Vaultwarden
Proxmox	✅ Yes	AES-256-GCM	Local keystore
Database Dumps	✅ Yes	GPG	Secure vault
Media Files	❌ No	N/A	N/A

Access Control

Backup Administrators:
  - Full access to all backup systems
  - Can modify retention policies
  - Can initiate restores

Operators:
  - Read-only access to backup status
  - Can initiate test restores
  - Cannot modify configurations

Service Accounts:
  - Automated backup execution
  - Limited to specific paths
  - No interactive access

📊 Monitoring & Alerts

Health Checks

🔍 Monitoring Configuration

# Grafana Dashboard Metrics
Metrics:
  - backup_job_duration
  - backup_size_bytes
  - backup_success_rate
  - storage_usage_percent
  - last_successful_backup

# Alert Rules
Alerts:
  - name: Backup Failed
    condition: backup_success == 0
    severity: critical
    notification: email, slack
    
  - name: Storage Full
    condition: storage_usage > 85%
    severity: warning
    notification: email
    
  - name: Backup Overdue
    condition: time_since_backup > 48h
    severity: warning
    notification: slack

Verification Procedures

Regular Testing

Backup verification should be performed monthly

1. Automated Verification

   • Checksum validation
   • Test restore to sandbox
   • File integrity checks

2. Manual Testing

   • Quarterly DR drill
   • Random file restoration
   • Full VM recovery test

🚨 Disaster Recovery

Recovery Time Objectives

Service Level	RTO	RPO	Recovery Method
Critical	1 hour	1 hour	Hot standby
Important	4 hours	24 hours	VM restore
Standard	24 hours	48 hours	Manual restore
Archive	72 hours	1 week	Tape/cloud

Recovery Procedures

📋 VM Recovery Steps

1. Identify Failed System

   # Check VM status
   qm status <VMID>

2. Locate Latest Backup

   # List available backups
   pvesm list backup-lortinas

3. Initiate Restore

   # Restore VM from backup
   qmrestore /path/to/backup.vma.zst <NEW_VMID>

4. Verify Restoration

   • Check network connectivity
   • Verify services are running
   • Test application functionality

5. Update DNS/Load Balancer

   • Point traffic to restored instance
   • Monitor for issues

🔧 Troubleshooting

Common Issues

Backup Failures

Most backup failures are due to storage or network issues

❌ Duplicati Backup Fails

Symptoms: Backup job shows failed status

Solutions:

1. Check storage space: df -h /backup
2. Verify network mount: mount | grep lortinas
3. Check Duplicati logs: /config/logs/
4. Test connectivity: ping 192.168.1.80
5. Restart Duplicati container: docker restart duplicati

🔴 Proxmox Backup Timeout

Symptoms: VM backup exceeds time limit

Solutions:

1. Increase timeout in datacenter.cfg
2. Check I/O wait: iostat -x 5
3. Verify network bandwidth
4. Consider backup window adjustment
5. Enable backup throttling

📚 Related Documentation

• Duplicati User Guide
• Proxmox Backup Guide
• Disaster Recovery Plan
• Storage Architecture

---

Maintenance Information

Last Review: December 2024
Next Audit: March 2025
Contact: Infrastructure Team
On-Call: Check PagerDuty rotation