jkocon/hassio-addons
1
0
Fork 0
mirror of https://github.com/jkocon/hassio-addons.git synced 2026-02-24 05:14:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
db4db10ba20e3367b3f7365bda35b1bb2af8043d
hassio-addons/minio_backup/DOCS.md
Jan Kocoń db4db10ba2 Create DOCS.md
2025-12-09 16:58:01 +01:00

135 lines
5.2 KiB
Markdown
Raw Blame History

# How to create a bucket and get an Access key and Secret key
## Scaleway (70GB free then €0.01/GB/month) --> Best choice
Create an account at : https://console.scaleway.com/register or login if you already have one.
Go to : https://console.scaleway.com/object-storage/buckets
And then create a bucket with :
Bucket name : unique identifier
Region : Paris / Amsterdam / Warsaw
Set bucket visibility : private
Now head to : https://console.scaleway.com/project/credentials
and generate a new API key :
Fill a little description for your memory sake and just copy and paste the access key and secret key in your addon configuration. (Beware, your secret key will only be shown once)
## AWS (No free tiers but and depending on which region, but for example in Frankfurt : $0.0245 per GB)
Create an AWS account or login at :https://console.aws.amazon.com/
Then go to : https://s3.console.aws.amazon.com/s3/ and click create bucket :
Bucket Name : unique bucket name
Region : Region of your choice
Let ticket "Block public access"
Versionning : Disable (if enable, you will not be able to delete older backups without tricky API calls)
Tags : As your will
Default Encryption : You can disable it if you encrypt in client side with GPG (better in term of privacy)
Then head to : https://console.aws.amazon.com/iam/home?#/policies
Click create policy, go on json tab and paste :
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucketMultipartUploads",
"s3:AbortMultipartUpload",
"s3:CreateBucket",
"s3:ListBucket",
"s3:DeleteObject",
"s3:ListMultipartUploadParts"
],
"Resource": [
"arn:aws:s3:::your-bucket-name",
"arn:aws:s3:::your-bucket-name/*"
]
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "*"
}
]
}
```
Then create a group at : https://console.aws.amazon.com/iam/home?#/groups with the previously created policy
Then create a user attached to the previously created group. Here you will find the access key and secret key. *Note the name of the created user*
Making these IAM configuration will ensure that if your access key and secret key are stolen, the only ressource it can access is this s3 bucket.
In the addon configuration fill your "accessKey" and "secretKey" and the s3 bucket URL followed by the previously created user name.
Like this : s3://s3.region-name.amazonaws.com/bucket-name/created-user-name
## Backblaze B2 (10GB free then $0.005 /GB/month and $0.01 /GB/download)
Create Backblaze account with B2 enabled
First, you have to create a Backblaze account and enable B2. If you already have a Backblaze account, login, visit "My Settings" and enable "B2 Cloud Storage" on your account under "Enabled Products"
Second, create an Private bucket in your B2 account.
Third, retrieve your Master Application Key and KeyID.
Use the keyId and the Master application key to build the bucket url b2://[accessKey]:[secretKey]@[B2 bucket name].
1. Start the add-on.
2. Check the add-on log output to see the result.
If the log doesn't end with an error, the add-on has successfully
accessed your git repository. Examples of logs you might see if
there were no errors are: `[Info] Nothing has changed.`,
`[Info] Something has changed, checking Home-Assistant config...`,
or `[Info] Local configuration has changed. Restart required.`.
If you made it this far, you might want to let the add-on automatically
check for updates by setting the `active` field (a subfield of `repeat`)
to `true` and turning on "Start on boot."
# How to generate GPG key (Optionnal) to encrypt locally before upload
```shell
gpg --gen-key
```
You will be asked a series of questions to configure your keys:
Type of key. Select (1) RSA and RSA (default).
Size of key. Pressing ENTER will confirm the default size of 2048 bits.
Key expiration date. By entering 1y, we will create a key that expires after one year.
Confirm your choices. You can do this by entering y.
User ID/Real name. Enter your name.
Email address. Enter your email address.
Comment. Here, you can enter an optional comment that will be visible with your signature.
Change (N)ame, ©omment, (E)mail or (O)kay/(Q)uit? Type O if you are ready to proceed.
Enter passphrase. You will be asked to enter a passphrase here. Be sure to take note of this passphrase. We will refer back to it throughout the rest of this tutorial as your-GPG-key-passphrase.
```bash
Output
...
gpg: /home/sammy/.gnupg/trustdb.gpg: trustdb created
gpg: key your-GPG-public-key-id marked as ultimately trusted
public and secret key created and signed.
...
```
your-GPG-public-key-id is the GPGFingerprint to put in your configuration
and the GPGPassphrase is the password you typed during the key generation
--> See full details here : https://www.digitalocean.com/community/tutorials/how-to-use-duplicity-with-gpg-to-back-up-data-to-digitalocean-spaces
Reference in New Issue View Git Blame Copy Permalink