Which features of NAS servers are important / useful when backing up with restic? (e.g. when trying to get advanced protection against ransomware)
I plan to buy a 2-bay NAS server and would like to take your experiences / recommendations into account when looking for an appropriate model.
Thanks.
Docker is good, since you have to run restic from there.
So it would be best practice to run restic on the NAS server instead of the system(s) I want to backup? I hadn’t considered that by now…
I don’t know about docker but I would have called append-only mode, e.g. with rest-server, one of the things you might want to do. Another is probably making offline backups of some form, e.g. rsyncing to an additional, detachable disks from time to time or using tapes.
By the way: as far as I know, restic must be run on the client - which could be a backup server remotely mounting the drive to backup, e.g. via sshfs but that is awefully slow in my experience.
Thanks @nicnab .
So your advice would be to install rest-server on the NAS server and run restic on the computer I want to backup, correct? How may I distinguish NAS server models that allow this from those who don’t - due to architecture or resource limitations?
Is there a gerneral way to run NAS servers in a mode that just allows nothing but adding files (no modify, no delete operations)? Meaning sort of an append-only “guarantee” on an additional (i.e. NAS) level?
Sorry in case my question get too off-topic…
It’s not clear what you’re saying. You run Restic on the source. If your NAS is destination, it doesn’t need to run restic (sometimes the NAS itself has to be backed up, that’s a different situation). The source (and therefore restic) cannot prevent deletion of files from destination. The destination can enable snapshots, to restore from old versions.
Yes, you must run restic on the computer that is being backed up and rest-server allows you to be used in append-only mode.
I don’t know. Personally, I’m using small all-in-one PCs (like a Raspberry Pi or Lenovo AIO) running Linux as a NAS. That has clear limitations but it’s cheap and I have full control over my data. But a cloud server/storage might do the same and offer more advanced features.
I think that’s hard to generalize. I guess the concept to look for here is that the credentials on the client (running restic) do not allow modification of data already existing on the server (backup target). rest-server is one fast and efficient way to do this.
The whole topic is complex though. It involves more than just restic or rest-server and probably won’t fit into one post or even forum thread. Also, everyone probably has their own favorite way of doing things and I have a personal mistrust of proprietary NAS hardware and RAID protocols due to experience in the past so I tend towards open systems with off-the-shelf hardware and free/open software.
Can you explain this “personal mistrust of proprietary NAS hardware and RAID protocols,” a bit?
You mean there was a security issue or a reliability one, with Synology/Qnap/WD/etc?
In terms of reliability, RPI is cheapest hardware. So maybe you got ransomwared in Qnap?!
The more proprietary something is, the less are your chances of recovering data from it if shit hits the fan. Some NAS vendors use their own proprietary RAID technology, whereas some use open and standard technologies.
What @rawtaz said 
I had a nice two bay Drobo a long while ago and a whole lot of data on it. Someday it said it made a mistake with the disks but would not accept replacements. My data was gone. Had it been an open system, I would probably have been able to hook it up to a PC and get my data out.