Tim's blah blah blah

Timemachine to Linux Server

(Updated: )

Here I document my setup of networked Time Machine backups to my linux server over Samba (SMB), which should be faster than AFS. The data is stored on a USB disk connected to the server formatted with zfs.

Ideally I would be able to backup over network, and unplug the disk from the server to directly restore from it, however the networked Time Machine backup is of different structure than a backup to a directly connected disk, so that’s still on the wishlist.

Setup

Installation

  1. Prepare disk
    1. Install ZFS on Ubuntu
    2. Partition disk – NB ensure you use static labels or else your pools might disappear! (If they did disappear, you debug sudo zdb, search sudo zpool import and import them again: zpool import -d /dev/disk/by-id <pool-name>)
      blkid
      parted /dev/disk/by-id/
      mklabel GPT
      q
      
    3. Create pool sudo zpool create pool0 /dev/disk/by-id/
    4. Create datasets
      sudo zfs create pool0/timemachinembp
      sudo zfs set quota=1200G pool0/timemachinembp
      sudo zfs create pool0/timemachinemba
      sudo zfs set quota=300G pool0/timemachinemba
      zfs list
      
    5. Automatic spin-down of USB disk (old hd-idle, new hd-idle), run at reboot from crontab, tell logrotate we want the log files to rotate.
      sudo hd-idle -t disk/by-id/wwn-0x3e41415851524c4a # optionally test once
      (sudo crontab -l 2>/dev/null; echo "@reboot hd-idle -a disk/by-id/wwn-0x3e41415851524c4a -i 3600 -l /var/log/hd-idle.log";) | sudo crontab -
      cat << EOF | sudo tee /etc/logrotate.d/hd-idle
      

/var/log/hd-idle.log { missingok notifempty compress delaycompress } EOF ```

  1. Create backup users
    1. No new homedir, point to datasets instead. Don’t allow shell login. No password needed on system level.
      sudo useradd --no-create-home --home-dir /pool0/timemachinembp --shell /usr/sbin/nologin backupmbp
      sudo useradd --no-create-home --home-dir /pool0/timemachinemba --shell /usr/sbin/nologin backupmba
      
    2. Set zfs dataset permissions & umask
      sudo chown backupmbp:backupmbp /pool0/timemachinembp
      sudo chown backupmba:backupmba /pool0/timemachinemba
      sudo chmod o-rx /pool0/timemachine{mbp,mba}
      
  2. Set-up file server using Samba v3
    1. Install Samba >4.8.0 for file serving and avahi-daemon for discovery sudo apt install samba avahi-daemon
    2. Allow users
      openssl rand -base64 20
      sudo smbpasswd -a backupmbp
      sudo smbpasswd -e backupmbp
      openssl rand -base64 20
      sudo smbpasswd -a backupmba
      sudo smbpasswd -e backupmba
      
    3. Configure Samba in /etc/samba/smb.conf:
      [timemachinembp]
          comment = Time Machine MBP
          path = /pool0/timemachinembp
          valid users = backupmbp
          browseable = yes
          writeable = yes
          create mask = 0600
          directory mask = 0700
          spotlight = yes
          vfs objects = catia fruit streams_xattr
          fruit:aapl = yes
          fruit:time machine = yes
      [timemachinemba]
          comment = Time Machine MBA
          path = /pool0/timemachinemba
          valid users = backupmba
          browseable = yes
          writeable = yes
          create mask = 0600
          directory mask = 0700
          spotlight = yes
          vfs objects = catia fruit streams_xattr
          fruit:aapl = yes
          fruit:time machine = yes
      
    4. Disable printing (because we don’t serve printers)
      load printers = no
      printing = bsd
      printcap name = /dev/null
      disable spoolss = yes
      
    5. Restart Samba and check if all OK
      sudo systemctl restart smbd
      tail -n 50 /var/log/samba/log.smbd
      

      should show

      daemon_ready: daemon 'smbd' finished starting up and ready to serve connections