A|S
DATA EXTREMES
HomeLab HQ.hub

Backup Strategies - The 3-2-1 Rule & Beyond

Master the fundamentals of reliable backup systems for your homelab.

Why Backups Matter

Data loss is not a matter of "if" but "when." Whether it's hardware failure, ransomware, accidental deletion, or a misconfigured script, your homelab data is at risk. A solid backup strategy is insurance against disaster.

The 3-2-1 Rule

The golden standard for backup strategy is the 3-2-1 rule:

  • 3 copies of your data (primary + 2 backups)
  • 2 different storage types (local disk + NAS, or SSD + HDD)
  • 1 offsite copy (cloud, remote server, or physical offsite drive)

This approach protects against single points of failure: if your NAS dies, you have local backups; if your house floods, you have offsite copies.

Backup Types

  • Full backup: Complete copy of all data. Slowest but simplest to restore. Good for weekly or monthly base snapshots.
  • Incremental backup: Only backs up changes since the last backup (any type). Fast and space-efficient; requires chain of backups for restore.
  • Differential backup: Backs up changes since the last full backup. Faster restores than incremental but uses more space over time.
  • Snapshot: Point-in-time copy using copy-on-write (ZFS, Btrfs, LVM). Instant creation, minimal space for unchanged data.

Tool Comparison

Popular backup tools for homelab use, each with different strengths:

  • Restic: Deduplication, encryption by default, supports S3/B2/SFTP. Excellent for offsite backups. Single binary, easy to script.
  • Borg Backup: Deduplication and compression, fast for local/SSH backups. Strong community, mature codebase. Append-only mode for ransomware protection.
  • Duplicati: Web UI, supports many cloud backends, encryption. Good for less technical users; can be resource-heavy.
  • rsync: Simple file-level sync. No deduplication or encryption built-in. Best for simple mirror copies or as a building block.
  • Proxmox Backup Server (PBS): Purpose-built for Proxmox VMs and CTs. Deduplication, incremental, built-in verification. Ideal if you run Proxmox.
  • ZFS Snapshots + zfs send: Native snapshots with efficient replication. Requires ZFS on both ends; excellent for TrueNAS-to-TrueNAS or Proxmox replication.

Choosing What to Back Up

Not everything needs the same backup frequency or retention:

  • Critical configs: Daily or on-change backups. Small footprint, fast restore. Examples: /etc, Docker Compose files, .env files, database configs.
  • User data: Daily incremental with weekly full. Documents, photos, projects.
  • VM/container images: Weekly full or snapshot-based. Can rebuild from config if needed.
  • Media libraries: Monthly or sync-based. Often replaceable; prioritize metadata and watch history.
  • Logs and caches: Usually not worth backing up. Exclude from backup jobs.

Automation Strategies

Backups only work if they run consistently. Automate everything:

  • Cron: Classic scheduler. Add entries to /etc/crontab or user crontabs.0 2 * * * /usr/local/bin/backup.sh runs at 2 AM daily.
  • systemd timers: Modern alternative to cron with better logging and dependencies. Create .timer and .service unit files.
  • Proxmox hooks: Pre/post backup scripts for application-consistent snapshots (e.g., freeze database before snapshot).
  • Webhook triggers: Fire backups on specific events via n8n, Home Assistant, or custom scripts.

Testing Restores

A backup that hasn't been tested is not a backup. Schedule regular restore tests:

  • Monthly: Restore a random file or config from backup. Verify contents match.
  • Quarterly: Restore a full VM or container to a test environment.
  • Annually: Full disaster recovery drill. Pretend primary storage is gone.

Document your restore procedures. When disaster strikes, you won't have time to figure it out.

Offsite Options

  • Backblaze B2: $6/TB/month, S3-compatible API. Pairs well with Restic and rclone.
  • Wasabi: $6.99/TB/month, no egress fees, S3-compatible. Good for frequent restores.
  • Self-hosted MinIO: S3-compatible object storage you control. Deploy at a friend's house or colo for true offsite.
  • Physical offsite: External drive in a fireproof safe at another location. Rotate drives monthly. Low-tech but effective.

Security Considerations

  • Encryption: Always encrypt backups, especially offsite. Restic and Borg encrypt by default; verify settings for other tools.
  • Access control: Backup accounts should have minimal privileges. Use append-only mode where supported to prevent ransomware deletion.
  • Key management: Store encryption keys separately from backups. Consider a password manager or hardware security module.
  • Network isolation: Run backup traffic over dedicated VLAN or VPN if crossing network boundaries.

Sample Backup Schedule

A practical starting point for a typical homelab:

  • Daily 2 AM: Incremental backup of configs and user data to NAS
  • Daily 4 AM: Sync NAS backup to B2/Wasabi (offsite)
  • Weekly Sunday: Full Proxmox Backup Server job for all VMs/CTs
  • Monthly: Verify backup integrity; test restore of one random VM
  • Retention: 7 daily, 4 weekly, 3 monthly, 1 yearly

Validation Checklist

  • Backups run on schedule without errors (check logs/notifications)
  • Offsite copies are current (check timestamps)
  • You can restore a file from backup within 10 minutes
  • You have documented restore procedures accessible offline
  • Encryption keys are safely stored and recoverable
  • At least one person besides you knows how to restore
< S3-Compatible Backup Mesh with Restic

- Crafted by Axiom|Spectre