Peter van Arkel
97797c574d
Canonicalize uploaded OpenSSH private keys before validation by normalizing line endings, removing whitespace from the base64 body, and re-wrapping it between the BEGIN and END markers. Add SSH credential tests that generate a real ed25519 key, damage its wrapping, and verify that validation succeeds after normalization. Return a clearer validation error for PEM private keys, which are not supported by the current credential flow.
pobsync
pobsync is a pull-based backup service. It runs on a central backup server and pulls data from remote machines via
rsync over SSH.
The current refactor is Django-first and SQL-backed:
- The Django control panel is the primary interface for setup and operations.
- The database is the source of truth for hosts, schedules, runs, snapshots, credentials, and retention settings.
- SQLite is the default database; MariaDB is optional.
- Backups use the existing rsync snapshot engine internally.
- Scheduling is handled by a Django scheduler service, not host cron.
- SSH keys can be managed from Django and selected globally or per host.
Recommended Production Install
The recommended production deployment is native systemd services on the backup server. Docker Compose remains available for development and disposable test installs, but native systemd avoids Docker friction around SSH, filesystem mounts, large backup storage, and host-level service logs.
Recommended layout:
/opt/pobsync/app # installed app checkout
/opt/pobsync/venv # Python virtualenv
/etc/pobsync/pobsync.env # settings and secrets
/var/lib/pobsync # SQLite database, state, runtime SSH key files, static files
/backups # backup storage, or set another absolute path
From a checked-out copy of this repository, run:
sudo scripts/install-systemd
When run from a terminal, the installer asks for the important paths and settings with sensible defaults already filled in. It can also create the first Django superuser and prints the next steps when installation is complete.
The installer will, by default:
- install required Debian/Ubuntu OS packages with
apt-get - copy the checkout to
/opt/pobsync/app - create
/opt/pobsync/venv - write
/etc/pobsync/pobsync.envif it does not exist - create
/var/lib/pobsync,/var/log/pobsync, and the backup root - install Python dependencies
- run migrations and collect static files
- install and start
pobsync-web,pobsync-worker, andpobsync-scheduler - guide you through the first login and setup steps
Common overrides:
sudo scripts/install-systemd \
--backup-root /mnt/backups/pobsync \
--allowed-hosts backup.example.com,localhost,127.0.0.1 \
--csrf-trusted-origins https://backup.example.com
Use --no-install-os-packages if you want to manage system packages yourself. Use --force-env only when you want the
installer to rewrite an existing /etc/pobsync/pobsync.env.
Use --non-interactive for scripted installs.
For MariaDB support, add:
sudo scripts/install-systemd --install-extras mariadb
Services
The installer creates:
pobsync-web.service: Gunicorn Django control panel on127.0.0.1:8010pobsync-worker.service: queued backup workerpobsync-scheduler.service: SQL-backed schedule dispatcher
Check service state and logs:
systemctl status pobsync-web pobsync-worker pobsync-scheduler
journalctl -u pobsync-worker -f
Restart after configuration changes:
sudo systemctl restart pobsync-web pobsync-worker pobsync-scheduler
Reverse Proxy
Use an existing reverse proxy by forwarding to:
http://127.0.0.1:8010
To install a starter nginx site file:
sudo scripts/install-systemd --with-nginx --server-name backup.example.com
For HTTPS behind a reverse proxy, set:
POBSYNC_DJANGO_ALLOWED_HOSTS=backup.example.com,localhost,127.0.0.1
POBSYNC_DJANGO_CSRF_TRUSTED_ORIGINS=https://backup.example.com
Django UI
After install, open the control panel through your reverse proxy or directly at:
http://127.0.0.1:8010/
Create a superuser if needed:
sudo -u pobsync /opt/pobsync/venv/bin/python /opt/pobsync/app/manage.py createsuperuser
The UI includes:
- dashboard and host detail pages
- global and per-host config forms
- schedule editing
- manual backup queueing
- snapshot discovery
- SQL retention planning and apply flow
- Django-managed SSH keys
/self-check/for runtime checks
SSH Keys
SSH keys can be managed from /ssh-credentials/. Add a private key, optionally paste known_hosts entries, and select
the credential either as the global default or as a per-host override.
When a backup starts, the worker writes the selected key to:
$POBSYNC_HOME/state/ssh-credentials/<id>/identity
The key file is written with 0600 permissions and injected into the rsync SSH command with IdentityFile.
Updates
From a fresh checkout or the existing app directory:
git pull
sudo scripts/install-systemd --non-interactive
The installer preserves an existing /etc/pobsync/pobsync.env unless you pass --force-env. It refreshes the installed
app, Python dependencies, migrations, static files, and systemd services.
Then check:
systemctl status pobsync-web pobsync-worker pobsync-scheduler
Development
Development, Docker, maintainer tooling, and architecture notes live in: