Created
August 4, 2014 20:14
-
-
Save david415/58cd168a8600bf42f338 to your computer and use it in GitHub Desktop.
Basic Tails Backups
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Basic Backup Strategy for Tails users using Tahoe-LAFS | |
| requirements: | |
| - Tails 1.1 or higher | |
| - connecting information to a Tahoe-LAFS grid: | |
| A Tahoe-LAFS introducer FURL looks like this: | |
| pb://TubID@MyOnion:OnionPort/swissnum | |
| procedure : | |
| 0. Install Tahoe-LAFS and create your configuration | |
| 0a. | |
| sudo apt-get install tahoe-lafs | |
| tahoe client-create ~/Persistent/.tahoe | |
| ln -s ~/Persistent/.tahoe ~/.tahoe | |
| 0b. replace ~/Persistent/.tahoe/tahoe.cfg with a config file like this: | |
| [node] | |
| nickname = client | |
| web.reveal_storage_furls = true | |
| web.port = tcp:7657:interface=127.0.0.1 | |
| web.static = public_html | |
| tub.location = client.fakelocation:1 | |
| [client] | |
| introducer.furl = pb://MyTubID@myHiddenService.onion:HiddenPort/introducer | |
| shares.needed = 3 | |
| shares.happy = 5 | |
| shares.total = 5 | |
| [storage] | |
| enabled = false | |
| [helper] | |
| enabled = false | |
| [drop_upload] | |
| enabled = false | |
| [client-server-selection] | |
| NOTE: you'll want to adjust the shares.needed/happy/total appropriately for your grid! | |
| NOTE: You absolutely must use the "tub.location" option otherwise | |
| Tahoe-LAFS will attempt to deanonymize your IP to the Introducer node. | |
| NOTE: Take notice that the web.port is set to "tcp:7657:interface=127.0.0.1" | |
| This is set like this because the Tails ferm firewall and | |
| foxyproxy configurations allow the browser to retreive this url: | |
| http://127.0.0.1:7657/ | |
| 1. start your Tahoe-LAFS client | |
| usewithtor tahoe start | |
| the tahoe node directory defaults to ~/.tahoe... | |
| so you must either setup a symlink or | |
| you can specify the tahoe node directory in the tahoe command: | |
| usewithtor tahoe start elsewhere/.tahoe | |
| 2. use tahoe | |
| 2a. create a backup alias | |
| tahoe create-alias tails_backup | |
| 2b. perform backups! | |
| Perform the backup using the "tails_backup" alias like this: | |
| tahoe backup --verbose ~/.ssh tails_backup:dotssh | |
| tahoe backup --verbose ~/.gnupg tails_backup:dotgnupg | |
| tahoe backup --verbose ~/Persistent tails_backup:Persistent | |
| I ammend the last command to exclude some files like this: | |
| tahoe backup --verbose --exclude='ansible-tahoe-base*' --exclude='incidents*' --exclude='twistd.log' --exclude='projects*' --exclude='tahoe-lafs*' --exclude='Music*' --exclude='virtenv-*' --exclude='virtualenv-*' --exclude='go*' --exclude='*.iso' ~/Persistent tails_backup:Persistent | |
| 3. restore data | |
| Generally you can restore your data like this to restore | |
| from the latest snapshots: | |
| tahoe cp --verbose -r tails_backup:dotssh/Latest ~/.ssh | |
| tahoe cp --verbose -r tails_backup:dotgnupg/Latest ~/.gnupg | |
| tahoe cp --verbose -r tails_backup:Persistent/Latest ~/Persistent | |
| Or you might want to restore from an old snapshot in the archives: | |
| tahoe cp --verbose -r tails_backup:Persistent/Archives/2014-07-27_12:11:41Z ~/Persistent | |
| Of course to restore data from a total system data loss you will have to have | |
| an accessible backup of either your Tahoe-LAFS nodeDir (e.g. ~/.tahoe) or | |
| the Introducer FURL and any Tahoe capability aliases you used to store data on. | |
| I've got an operational security procedure designed around encapsulating this | |
| data in a tiny symmetrically encrypted blob that I then hide right before I | |
| wipe my drives in preparation to get on an airplane; thus temporarily locking | |
| myself out of all infrastructure and private key materials in case of | |
| search and seizure. Here's my attempt to automate much of this procedure: | |
| https://github.com/david415/hidden-tahoe-backup | |
| 4. Repair a Tahoe-LAFS data : | |
| After performing this backup... if you want to be extra safe before a restore situation arises then | |
| it would be advisable to perform a repair on the data: | |
| tahoe deep-check --repair --add-lease --verbose tails_backup:dotssh | |
| tahoe deep-check --repair --add-lease --verbose tails_backup:dotgnupg | |
| tahoe deep-check --repair --add-lease --verbose tails_backup:Persistent | |
| or perhaps you only care about repairing the latest snapshot: | |
| tahoe deep-check --repair --add-lease --verbose tails_backup:dotssh/Latest | |
| tahoe deep-check --repair --add-lease --verbose tails_backup:dotgnupg/Latest | |
| tahoe deep-check --repair --add-lease --verbose tails_backup:Persistent/Latest | |
| 5. additional considerations for Tails users | |
| amnesia@amnesia:~$ ls -la /live/persistence/TailsData_unlocked/dotfiles/.tahoe | |
| lrwxrwxrwx 1 root root 31 Jul 24 21:55 /live/persistence/TailsData_unlocked/dotfiles/.tahoe -> /home/amnesia/Persistent/.tahoe | |
| amnesia@amnesia:~$ | |
| As root add "tahoe-lafs" to /live/persistence/TailsData_unlocked/live-additional-software.conf | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment