Peerstash is a user-friendly project to securely send backups between friends (i.e. semi-trusted machines).
This project exists as a solution to backups between friends. While some tools exist to send backups to cloud providers or fully trusted remote NAS machines, there is currently no plug-and-play tool to handle sending backups to semi-trusted machines.
This project uses Docker to support a wide variety of operating systems. It consists of 2 docker containers: a storage container, and a control container.
-
Storage: SFTPGo is used as a fully featured SFTP server that has a built in user manager with configurable quotas.
-
Control: The control container is what is being developed. It will create and send the backups. A lightweight docker container will be created that will provide a simple CLI tool to schedule backups created using restic. Tailscale is embedded in this container and used to connect each device to each other, creating a unified and secure network.
PeerStash is currently in active development. The design specifications can be found here.
Infrastructure: A docker-compose.yml and example .env file is provided to connect the storage and control containers.
CI/CD Pipeline: GitHub Actions workflows are implemented to automatically build the Docker image for the control container. Commits to main trigger a stable build, while commits to dev trigger a development build for easy pushing and testing on local NAS devices. Development is done on the dev branch and tested before pushing to main.
CLI Tooling: A custom Typer-based CLI has been built in Python. Below are the most important commands.
peerstash setup: Sets up the necessary tailscale configurations from a short-lived API access token.peerstash id: Encodes the username and public key into a single base64 string for easy sharing.peerstash register: Decodes the base64 string and registers the connection by interfacing with the SFTPGo API and the local SQLite database.peerstash schedule: Schedules a backup to be run continuously.
Next Steps: Set up automated testing and proper PR workflows (i.e. get rid of the dev branch sequential change necessity and switch to creating temporary docker builds for each new PR).
Future Plans: Web UI and Erasure Coding
- A simple Web UI is planned for better UX than the CLI
- A "mesh" like system is planned so a group of users can set up storage with erasure coding, similar to RAID, but across the mesh.
