Skip to content

Instantly share code, notes, and snippets.

@niklaskeerl

niklaskeerl/backup.md

Last active May 24, 2024 10:00
Show Gist options
  • Save niklaskeerl/4a60d3baec7ae38a218bcdf549f21403 to your computer and use it in GitHub Desktop.
Save niklaskeerl/4a60d3baec7ae38a218bcdf549f21403 to your computer and use it in GitHub Desktop.
Download ZIP
Encrypted backup using an external hard drive with luks and timeshift
Raw
backup.md

Encrypted backup

Credits to https://lobotuerto.com/blog/how-to-setup-full-disk-encryption-on-a-secondary-hdd-in-linux/ .

Setup

  1. Identify your device name. This is usually easy by comparing the sizes of the drives. Usually, the system device name is sda. So, external devices names start with sdb.
lsblk

In my case, the device name usually is sdd. So, I will use it from now on. If yours is different, just change the value in the next step accordingly.

  1. Securely erase all data from the hard drive. This step is optional.
sudo dd if=/dev/zero of=/dev/sdd bs=1M status=progress conv=fdatasync
  1. Create the GPT Partition table
sudo fdisk /dev/sdd
g
w
sudo fdisk /dev/sdd
n
# Press Enter to accept all default values
w
  1. Encrypt the device

Get yourself a secure password for your disk encryption. You will be asked to write it down two times.

sudo cryptsetup -v -y luksFormat /dev/sdd1
YES
passphrase
passphrase
  1. Create a new ext4 filesystem
sudo cryptsetup luksOpen /dev/sdd1 encrypteddrive
passphrase
sudo mkfs.ext4 /dev/mapper/encrypteddrive

Now, you are good to go. You can mount the new partition now.

mkdir ~/mynewdrive
sudo mount /dev/mapper/encrypteddrive ~/mynewdrive/
sudo chown -R $USER:$USER ~/mynewdrive/

After that, you can unmount and secure your data.

sudo umount /dev/mapper/encrypteddrive
sudo cryptsetup luksClose /dev/mapper/encrypteddrive

Using the encrypted drive with timeshift

More setup

Find the device name using lsblk. In my case, I am using sdd. Now, you can open the luks partition.

sudo cryptsetup luksOpen /dev/sdd1 encrypteddrive
passphrase

Now, do NOT mount the drive.

Install timeshift using your favorite package manager. It should be available on all distributions.

Start the program like any other GUI application. If it prompts you that you do not have crontab installed, you can install cronie.

Select rsync, and then open the luks partition on the drive. After that, you could setup automatic backups but this is optional.

Now, you can start your first backup clicking in the top left corner. Everything else is automatic.

Once you are done, close the timeshift GUI and then you can unmount and close the partition.

sudo umount /dev/mapper/encrypteddrive
sudo cryptsetup luksClose /dev/mapper/encrypteddrive

Normal usage

If you already setup everything and start a next backup, all you need to do is to find your device name and open the luks partition.

lsblk
sudo cryptsetup luksOpen /dev/sdd1 encrypteddrive
passphrase

After that, you can start the timeshift program and start your backup like before.

Once you are done, close the timeshift GUI and then you can unmount and close the partition.

sudo umount /dev/mapper/encrypteddrive
sudo cryptsetup luksClose /dev/mapper/encrypteddrive
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment