examples | ||
tests | ||
.gitignore | ||
aether-gen.bash | ||
aether-gen.service | ||
aether-gen.timer | ||
aether.bash | ||
aether.service | ||
aether.timer | ||
installscript | ||
LICENSE | ||
make-user.bash | ||
Makefile | ||
PKGBUILD | ||
README.md | ||
remote-backup |
The Aether project is a way to back up server configuration, source code, and file lists to remote locations. These remote locations should be securely controlled by the same administrative staff as the server owner.
Etymology
The Aether project is the AniNIX's implementation of the "cloud." While its admins consider the computing cloud to be Computers Living On Unknown Datacenters, aka. with unknown controls and thereby insecure, distributing backups to many locations makes the AniNIX more resilient.
Dictionary.com translates Aether as the Greek personification of the clear sky, and this project lives a wide array of locations across the nebulous Internet, giving it no physical form to hold onto.
Installing
You have two options to install this project:
- Arch Linux and related distributions: Install with
makepkg
or from AniNIX/Maat - Other operating systems: Run
make install
Initial setup
To create the aether and aether.pub files, run "make keys". This should not be repeated.
Adding backup configurations
Individual projects wanting to be backed up by the Aether system should add a file to their package into /usr/local/etc/Aether/backups/
.
Tracking Nodes
A SIEM filter should be set up to search for successful logins of the aether
user.
Relevant Files and Software
Aether installs a script for rsync-based remote backups. We implement this policy through the two 8TB hard-drives, at least one of which is always off-site, that can be plugged into a hot-swap bay of a hypervisor along with a virtual machine that mounts the ArchLinux iso and the drive. Admins use the included ssh daemon in the iso to present the drive as a backup target, or the backup drive can be mounted directly onto Core via a SATA cage
An additional backup is the generated /home/aether/aether.enc
file. This is a more targeted backup of databases and file indexes.
Keep in mind that all of AniNIX/Foundation is naturally a backup solution -- so long as anyone has a clone of the repo, the data survives. Aether should only be used to back up databases, such as the following:
- Anope DB
- PostgreSQL
- Elasticsearch
One should have significant care before using the aether.enc solution for tools like AniNIX/Yggdrasil or AniNIX/Foundation.
Available Clients
The only client is direct server access on one of the client nodes.
Equivalents or Competition
Equivalent services are DropBox, Google Drive, iCloud, or OneDrive.
Notes
Those deploying Aether should track the /home/aether/.ssh/authorized_keys
file strongly on the generating server, so that all keys are specifically tracked for their origin & who handles them.