My backup game is pretty bad, I only have my primary copy of my data and a cloud storage copy. I was trying to think of a cheap way to have another backup, and then realized I have an Orange Pi Zero 2 and a 1TB USD SSD lying around. So I was thinking of:
installing Debian on the OPZ2, and setting up key-authenticated SFTP (no password auth)
connect the OPZ2 on my home network and expose a non-standard (e.g. not 22) port for SFTP
have a subdomain point to my home network ip, and use DDNS to keep it in sync
using Restic to remotely push password-encrypted backups to the OPZ2 via SFTP using the subdomain
set a cron job to check diskhealth and send myself email on bad
enable auto updates on debian and email on fail
Is this setup a bad idea? Is this a security nightmare? Any better suggestions?
Debian is, in my opinion, oversized for an OPZ2. If it absolutely has to be Linux (does it?), Alpine or Void might be worth a closer look.
Why SFTP? Wouldn't SCP be enough?
Automatic updates are risky for a device that is supposed to run always. Instead, I would recommend sending update notifications and then manually applying an update from time to time. If the device no longer boots up, you often don't even notice it.
It's just what I'm familiar with, what would you suggest?
Why SFTP? Wouldn’t SCP be enough?
SFTP seemed like the simplest thing that Restic supported
Automatic updates are risky for a device that is supposed to run always. Instead, I would recommend sending update notifications and then manually applying an update from time to time. If the device no longer boots up, you often don’t even notice it.
Risky from a perspective of it crashing? I think I'm okay with that as I would notice it erroring out when I try and push the backups