duplicacy icon indicating copy to clipboard operation
duplicacy copied to clipboard

Published 20 hours ago verified publisher icon gilbertchen

Official build for mips64

Open countextreme opened this issue 7 years ago • 2 comments

Hello, I run duplicacy on my EdgeRouters to back up their /config dir (we've had to replace a couple of the first gen ones that failed in the field and due to Murphy's Law the issue has always been bad flash that's corrupted the config, and of course it's always the ones with the most complex firewall ruleset that fail). I'm currently building from source myself, but would appreciate the inclusion of a mips64 build if possible. Thanks!

countextreme avatar Sep 28 '17 06:09 countextreme

Wow, I didn't realize that Go was working on mips/mips64 -- that's cool.

On a related note: EdgeOS has built-in configuration revision archiving/backup (to a remote server) ... It would certainly be a lot lighter weight than installing a Go-based binary on the device. (While Go is great in that the binaries are -typically- static which avoids any form of "DLL Hell" - I guess the *NIX equivalent would be "SO hell" or maybe "libhell" :grin: -- the resultant binaries are HUGE... While an ER would have plenty of storage for one or two, a 50MB binary would end up being a significant percentage of the entire system image...)

Anyhoo - check it out: https://help.ui.com/hc/en-us/articles/204960084-EdgeRouter-Archiving-and-Managing-the-Configuration-Files#2

Of course this will only backup the configuration file and not any custom things you stick in /config (ipsec keys/certificates, etc.)... But, for things like certs/keys, the private keys should be generated on the device and never leave the device - if you need a signed cert, generate the key, make a CSR, transfer the CSR, sign it, and return the signed certificate. If the device goes bad, make a new key. (Which should be done regularly anyway -- I have to imagine that there's some form of SCEP client around...)

danieldjewell avatar Jun 17 '20 20:06 danieldjewell

I've since simplified things both in terms of backing up with UNMS and configuring them with in-house tools, but it was annoyingly difficult to back up /config in an automated manner back in 2017 when this was opened (or perhaps I lacked the knowledge back then - if set system config-management commit-archive has been around for a long time I should be facepalming right now), and at the time I was backing up some rather intricate tinc and firewall configs (still the software I'm using today to reliably mesh about 10 sites together without incident - rock solid for 5-10 years now, no need to open ports or get direct public IPs or anything, just plug in to internet and it works) and I wanted to put them in the same repo that the rest of this client's servers and other stuff was getting backed up to.

In any case, back when I was doing things that way I looked at it like this: if someone was able to get their hands on a backup that had a VPN private key in it, that means I have a root or personal keychain compromise and I have a lot bigger issues than someone spoofing a VPN node. It's not that much different in my opinion than e.g. backing up a VM with a web server on it; if you're doing full images on those you're going to capture the SSL keys also.

countextreme avatar Jul 01 '20 03:07 countextreme