On 11/20/2016 12:35 PM, Franz wrote:
On Sun, Nov 20, 2016 at 7:21 AM, Stickstoff <[email protected]> wrote:Hello dear new qubes family, I am having trouble designing a backup concept for my qubes workstation. My goal is to have a (daily) copy of the entire workstation on a trusted remote backup target (versioning, encryption, rotation is done remotely). Only a small part of the local data ("vault") would need to be encrypted before sending it on its way. My plan was to use a dedicated backup-vm, locked down to only connect to the remote target. - My first idea was to "mount --bind" the data to the backup-vm in read-only mode. It would then do a simple rsync to the remote backup target. This seems not to be possible, as I can't mount a directory from outside, dom0, into the filesystem of the backup-vm. Mounting a btrfs-snapshot would be a nice alternative, which doesn't seem to be possible neither.
That works. Just use qvm-block from dom0 to attach your other VMs to your backup VM. Then you can e.g. start rsync in your backup VM from dom0 using qvm-run.
The concrete dom0 command should be qvm-block -A [BACKUP_VM] dom0:/var/lib/qubes/appvms/[CLIENT_VM]/private.img and then mount etc. in your backup VM using e.g. qvm-run.read-only didn't work though the last time I tested it (you can write anyway - probably some bug).
-- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d9a9692a-102f-9c50-8006-11af7573cacf%40hackingthe.net. For more options, visit https://groups.google.com/d/optout.
smime.p7s
Description: S/MIME Cryptographic Signature
