One of my two external backup drives died, so I had to buy and commission a new one. Here's the steps I had to follow.

https://jmtd.net/log/systemd_ext_backups/

prep the drive

  1. Format the new drive as a LUKS encrypted volume. Set a passphrase as the decryption key for now. I used luksformat before forgetting it defaults to putting a FAT32 filesystem on the device.

  2. Format the new device as an ext4 filesystem. My older drive was using xfs, in common with all my backup devices, because at one point my backup system was consuming files from Macs and xfs had a large enough space for extended attributes. I've never had a problem with xfs but I don't have that requirement any more, and I'm more experienced managing ext4 filesystems.

    Make sure the volume label matches the old drive (extbackup).

  3. Add a second decryption key to the device (a file that lives on the internal drives of my NAS). This means it can be mounted non-interactively when I plug it in.

initial sync and randomizing the drive

  1. Manually mount the filesystem and start an initial sync from my internal backup drive. This is going to take a long time.

  2. Once it's done, fill up the rest of the space on the drive with a file full of zeroes. This causes the whole drive to be written to, ensuring the underlying device doesn't have identifiable regions that are allocated or not. Once the drive is full, the all-zero file can be removed.

Reconfigure systemd

Systemd is used to initiate the backup when the drive is plugged in.

  1. Start re-configuring Systemd. My backup-exthdd.service is configure to be WantedBy a device corresponding to the failed drive. Update the device name to have the UUID of the new drive.

  2. My backup service depends upon triggering the drive decryption. This is done by having Requires and After relationships on a decryption service, systemd-cryptsetup@extbackup.service. As the name implies, this was once created automatically by the systemd generator that reads /etc/crypttab. However it is now managed manually. The main difference is I add StopWhenUnneeded=true. I could probably do that with an override file, instead of having a manually-managed .service file.

Comments

✏ comment on this page (Help on commenting) ⏳