netinvent/npbackup
1
1
Fork 0
mirror of https://github.com/netinvent/npbackup.git synced 2025-11-09 21:51:41 +08:00
Code Issues Projects Releases Packages Wiki Activity

Update README

Browse source
This commit is contained in:
deajan 2024-04-18 00:41:00 +02:00
parent d08e8ce753
commit 251ac5ae96
1 changed files with 22 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
README.md
View file

@ -47,7 +47,11 @@ Works on x64 **Linux** , **NAS** solutions based on arm/arm64, **Windows** x64 a
- Windows pre-built executables
- Windows installer
- Additional security
- repository uri / password, http metrics and upgrade server passwords are AES-256 encrypted
- Repository uri / password, http metrics and upgrade server passwords are AES-256 encrypted
- Repository permissions allowing to limit clients
- Backup only permission
- Backup, list and restore permissions
- Full permissions including destructive operations
- Encrypted data viewing requires additional password
- AES-256 keys can't be guessed in executables thanks to Nuitka Commercial compiler
- Easy configuration via YAML file (or via GUI)
@ -167,6 +171,12 @@ The current NPBackup dashboard:
While admin user experience is important, NPBackup also offers a GUI for end user experience, allowing to list all backup contents, navigate and restore files, without the need of an admin. The end user can also check if they have a recent backup completed, and launch backups manually if needed.
## CLI usage
`--group-operation [operation]` allows to run an operation on multiple repos. This paramater also requires `--repo-group` or `--repo-name` parameter. For operations requiring arguments, provide the argument to the original operation parameter.
`--repo-name` allows to specify one or multiple comma separated repo names
`--repo-group` allows to specify one or multiple comme separated repo group names
## Security
NPBackup inherits all security measures of it's backup backend (currently restic with AES-256 client side encryption including metadata), append only mode REST server backend.
@ -174,6 +184,17 @@ NPBackup inherits all security measures of it's backup backend (currently restic
On top of those, NPBackup itself encrypts sensible information like the repo uri and password, as well as the metrics http username and password.
This ensures that end users can restore data without the need to know any password, without compromising a secret. Note that in order to use this function, one needs to use the compiled version of NPBackup, so AES-256 keys are never exposed. Internally, NPBackup never directly uses the AES-256 key, so even a memory dump won't be enough to get the key.
## Permission restriction system
By default, npbackup is allowed to execute all operations on a repo.
There are some situations where an administrator needs to restrict repo operations for end users.
In that case, you can set permissions via the GUI or directly in the configuration file.
Permissions are:
- full: Set by default, allows all including destructive operations
- restore: Allows everything backup does plus restore, check and dump operations
- backup: Allows, backup and snapshot/object listing operations
## Upgrade server
NPBackup comes with integrated auto upgrade function that will run regardless of program failures, in order to lessen the maintenance burden.