Hello! Couldn’t find answers to some of the obscure aspects of Repository Server.
My use case is several semi-trusted hosts that backup some of their data to a single RS.
-
Is it safe to expose RS to internet with NGINX? (assuming good passwords on all accounts).
-
(TL;DR How safe it is to expose repository to untrusted hosts and users with default ACL rules?)
Consider following setup - there is a server (RS) and two of its clients (A and B). Both of the clients have no access to raw repository files and only can interact with RS. ACLs are default.
Let’s assume that client B is misbehaving. Either wildly inaccurate clocks (hours or even days out of sync), or it was captured by an evil virus that desperately want to wreak havoc on any data it could get (unlikely, but I’m theorizing here a bit
).
What kind of data corruption can (or cannot) happen as a result? Obviously I wouldn’t rely on snapshots from B, but what about previous data from A? Or integrity of a repo as a whole? Could B do something bad and screw something other than it’s own snapshots? -
I’m migrating from borg. It has option –exclude-if-present NAME which
exclude directories that are tagged by containing a filesystem object with the given NAME
So basically I could place some empty marker file NAME and it will ignore the entire directory that contains it.
Is there any alternative to it in kopia? Closest one I found is gitignore-like rules, but this requires marker files to contain said rules - empty ones won’t do as they are no-op. -
I have some snapshots (and their blobs) already in a repository, that were put there without any compression. Any way to compress those blobs after the fact?