hippogrief/pobsync
1
0
Fork 0
Code Issues 21 Pull Requests Actions Packages Projects Releases 3 Wiki Activity
Files
98d152da06923a9b514c325c6fae21b45d8e01ff
pobsync/README.md
Peter van Arkel c7cfb603b0 (bugfix) Improve SSH credential validation feedback 
Normalize pasted private keys before validation and detect common SSH
credential mistakes, including public keys pasted into the private key
field and public keys that do not match the supplied private key.

Translate OpenSSH libcrypto parse failures into a clearer user-facing
message and disable browser spellcheck/autocomplete on SSH key fields.

Document the native update flow as git pull followed by the
non-interactive installer so deployments refresh cleanly.
2026-05-19 18:35:39 +02:00

174 lines
4.9 KiB
Markdown
Raw Blame History

# pobsync
`pobsync` is a pull-based backup service. It runs on a central backup server and pulls data from remote machines via
rsync over SSH.
The current refactor is Django-first and SQL-backed:
- The Django control panel is the primary interface for setup and operations.
- The database is the source of truth for hosts, schedules, runs, snapshots, credentials, and retention settings.
- SQLite is the default database; MariaDB is optional.
- Backups use the existing rsync snapshot engine internally.
- Scheduling is handled by a Django scheduler service, not host cron.
- SSH keys can be managed from Django and selected globally or per host.
## Recommended Production Install
The recommended production deployment is native systemd services on the backup server. Docker Compose remains available
for development and disposable test installs, but native systemd avoids Docker friction around SSH, filesystem mounts,
large backup storage, and host-level service logs.
Recommended layout:
```
/opt/pobsync/app # installed app checkout
/opt/pobsync/venv # Python virtualenv
/etc/pobsync/pobsync.env # settings and secrets
/var/lib/pobsync # SQLite database, state, runtime SSH key files, static files
/backups # backup storage, or set another absolute path
```
From a checked-out copy of this repository, run:
```
sudo scripts/install-systemd
```
When run from a terminal, the installer asks for the important paths and settings with sensible defaults already filled
in. It can also create the first Django superuser and prints the next steps when installation is complete.
The installer will, by default:
- install required Debian/Ubuntu OS packages with `apt-get`
- copy the checkout to `/opt/pobsync/app`
- create `/opt/pobsync/venv`
- write `/etc/pobsync/pobsync.env` if it does not exist
- create `/var/lib/pobsync`, `/var/log/pobsync`, and the backup root
- install Python dependencies
- run migrations and collect static files
- install and start `pobsync-web`, `pobsync-worker`, and `pobsync-scheduler`
- guide you through the first login and setup steps
Common overrides:
```
sudo scripts/install-systemd \
--backup-root /mnt/backups/pobsync \
--allowed-hosts backup.example.com,localhost,127.0.0.1 \
--csrf-trusted-origins https://backup.example.com
```
Use `--no-install-os-packages` if you want to manage system packages yourself. Use `--force-env` only when you want the
installer to rewrite an existing `/etc/pobsync/pobsync.env`.
Use `--non-interactive` for scripted installs.
For MariaDB support, add:
```
sudo scripts/install-systemd --install-extras mariadb
```
## Services
The installer creates:
- `pobsync-web.service`: Gunicorn Django control panel on `127.0.0.1:8010`
- `pobsync-worker.service`: queued backup worker
- `pobsync-scheduler.service`: SQL-backed schedule dispatcher
Check service state and logs:
```
systemctl status pobsync-web pobsync-worker pobsync-scheduler
journalctl -u pobsync-worker -f
```
Restart after configuration changes:
```
sudo systemctl restart pobsync-web pobsync-worker pobsync-scheduler
```
## Reverse Proxy
Use an existing reverse proxy by forwarding to:
```
http://127.0.0.1:8010
```
To install a starter nginx site file:
```
sudo scripts/install-systemd --with-nginx --server-name backup.example.com
```
For HTTPS behind a reverse proxy, set:
```
POBSYNC_DJANGO_ALLOWED_HOSTS=backup.example.com,localhost,127.0.0.1
POBSYNC_DJANGO_CSRF_TRUSTED_ORIGINS=https://backup.example.com
```
## Django UI
After install, open the control panel through your reverse proxy or directly at:
```
http://127.0.0.1:8010/
```
Create a superuser if needed:
```
sudo -u pobsync /opt/pobsync/venv/bin/python /opt/pobsync/app/manage.py createsuperuser
```
The UI includes:
- dashboard and host detail pages
- global and per-host config forms
- schedule editing
- manual backup queueing
- snapshot discovery
- SQL retention planning and apply flow
- Django-managed SSH keys
- `/self-check/` for runtime checks
## SSH Keys
SSH keys can be managed from `/ssh-credentials/`. Add a private key, optionally paste `known_hosts` entries, and select
the credential either as the global default or as a per-host override.
When a backup starts, the worker writes the selected key to:
```
$POBSYNC_HOME/state/ssh-credentials/<id>/identity
```
The key file is written with `0600` permissions and injected into the rsync SSH command with `IdentityFile`.
## Updates
From a fresh checkout or the existing app directory:
```
git pull
sudo scripts/install-systemd --non-interactive
```
The installer preserves an existing `/etc/pobsync/pobsync.env` unless you pass `--force-env`. It refreshes the installed
app, Python dependencies, migrations, static files, and systemd services.
Then check:
```
systemctl status pobsync-web pobsync-worker pobsync-scheduler
```
## Development
Development, Docker, maintainer tooling, and architecture notes live in:
- [docs/development.md](docs/development.md)
Reference in New Issue View Git Blame Copy Permalink