Timemachine to Linux Server

01 Feb, 2021 (Updated: 30 Aug, 2021)

Here I document my setup of networked Time Machine backups to my linux server over Samba (SMB), which should be faster than AFS (photographylife.com). The data is stored on a USB disk connected to the server formatted with zfs.

Ideally I would be able to backup over network, and unplug the disk from the server to directly restore from it, however the networked Time Machine backup is of different structure than a backup to a directly connected disk, so that’s still on the wishlist.

Setup ¶

ZFS to protect against bitrot (not sure if this works on encrypted disk images, but let’s try anyway) and because we can
2 MacOS clients, one will get 1.2TB quota (MacBook Pro, mbp), the other 0.3TB (MacBook Air, mba).
1 Ubuntu 20.04 LTS server

Installation ¶

Prepare disk

Install ZFS on Ubuntu (ubuntu.com)
Partition disk (linuxhint.com) – NB ensure you use static labels (archlinux.org) or else your pools might disappear (benjaminrampe.de)! (If they did disappear, you debug sudo zdb, search sudo zpool import and import them again (stackexchange.com): zpool import -d /dev/disk/by-id <pool-name>)
```
blkid
parted /dev/disk/by-id/
mklabel GPT
q
```
Create pool sudo zpool create pool0 /dev/disk/by-id/

Create datasets (arstechnica.com)

sudo zfs create pool0/timemachinembp
sudo zfs set quota=1200G pool0/timemachinembp
sudo zfs create pool0/timemachinemba
sudo zfs set quota=300G pool0/timemachinemba
zfs list

Automatic spin-down of USB disk (openmediavault.org) (old hd-idle (sourceforge.net), new hd-idle (github.com)), run at reboot from crontab, tell logrotate we want the log files to rotate.

sudo hd-idle -t disk/by-id/wwn-0x3e41415851524c4a # optionally test once

Either run via system service

cat << EOF | sudo tee --append /etc/default/hd-idle
# TvW 20210313 Setting up hd-idle for USB disk
HD_IDLE_OPTS="-i 0 -a disk/by-id/wwn-0x3e41415851524c4a -i 3600 -l /var/log/hd-idle.log"
START_HD_IDLE=true
EOF
sudo service hd-idle start
grep hd-idle /var/log/syslog

Or run via crontab

(sudo crontab -l 2>/dev/null; echo "@reboot hd-idle -a disk/by-id/wwn-0x3e41415851524c4a -i 3600 -l /var/log/hd-idle.log";) | sudo crontab -

In both cases, set-up logrotate for hd-idle:

cat << EOF | sudo tee /etc/logrotate.d/hd-idle
/var/log/hd-idle.log {
  missingok
  notifempty
  compress
  delaycompress
}
EOF

Create backup users

No new homedir, point to datasets instead. Don’t allow shell login. No password needed on system level.

sudo useradd --no-create-home --home-dir /pool0/timemachinembp --shell /usr/sbin/nologin backupmbp
sudo useradd --no-create-home --home-dir /pool0/timemachinemba --shell /usr/sbin/nologin backupmba

Set zfs dataset permissions & umask

sudo chown backupmbp:backupmbp /pool0/timemachinembp
sudo chown backupmba:backupmba /pool0/timemachinemba
sudo chmod o-rx /pool0/timemachine{mbp,mba}

Set-up file server using Samba v3 (photographylife.com)

Install Samba >4.8.0 (kirb.me) for file serving and avahi-daemon for discovery sudo apt install samba avahi-daemon

Allow users

openssl rand -base64 20
sudo smbpasswd -a backupmbp
sudo smbpasswd -e backupmbp
openssl rand -base64 20
sudo smbpasswd -a backupmba
sudo smbpasswd -e backupmba

Configure Samba in /etc/samba/smb.conf:

[timemachinembp]
    comment = Time Machine MBP
    path = /pool0/timemachinembp
    valid users = backupmbp
    browseable = yes
    writeable = yes
    create mask = 0600
    directory mask = 0700
    spotlight = yes
    vfs objects = catia fruit streams_xattr
    fruit:aapl = yes
    fruit:time machine = yes
[timemachinemba]
    comment = Time Machine MBA
    path = /pool0/timemachinemba
    valid users = backupmba
    browseable = yes
    writeable = yes
    create mask = 0600
    directory mask = 0700
    spotlight = yes
    vfs objects = catia fruit streams_xattr
    fruit:aapl = yes
    fruit:time machine = yes

Disable printing (serverfault.com) (because we don’t serve printers)

load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes

Restart Samba and check if all OK

sudo systemctl restart smbd
tail -n 50 /var/log/samba/log.smbd

should show

daemon_ready: daemon 'smbd' finished starting up and ready to serve connections

Check if stuff is working with sudo smbstatus, check users known to samba with sudo pdbedit -L -v (from stack (askubuntu.com))

Debugging zfs in case something goes wrong, I still don’t really get how zfs works :p. Also see here (askubuntu.com).
```
zpool status
sudo zpool import -c /etc/zfs/zpool.cache
sudo zpool import <id>
sudo zpool import pool0
sudo zpool status
sudo zfs umount pool0
```
1. See also https://superuser.com/questions/685882/zpool-pool-i-o-is-currently-suspended (superuser.com)

Configuration on Mac ¶

Based on this (kirb.me) this (macworld.com) and this (lifehacker.com) guides.

Create sparse encrypted disk image using Disk Utility on network (Samba) share, naming as NAME_MACADDRESS.sparsebundle (NAME from scutil --get ComputerName and MACADDRESS from ifconfig en0 | grep ether sans colons), with fixed size to constrain Time Machine disk use.
Mount said disk image, store password in Keychain to allow MacOS Time Machine to mount/unmount by itself (maybe this is not necessary)
Tell Time Machine to use the network volume: sudo tmutil setdestination -a /Volumes/{network-drive}
Enter network share credentials & disk image password

If you accidentally delete the Time Machine destination ¶

Tell Time Machine to use the network volume again: sudo tmutil setdestination -a /Volumes/{network-drive}
Tell Time Machine to use the existing backup.