Backups synced to a remote machine using rsync over SSH, with local copies in /home/user-data/backup/encrypted. These files are encrypted, so they are safe to store anywhere.
I use rsync, this sends my backup files to my NAS fine, but locally there are no backups to be found.
I’m fairly sure this is a feature, but I only know of it from others mentioning usage with S3-compatible services. This reduces the storage requirements of the MiaB server.
I prefer to have a remote server SSH into MiaB and rsync so I have the backup files in multiple locations.
So you make a backup to the box itself and then copy those files out?
Might be a better strategy for me too, as I am moving my box out of my own network to a vps. Either I tell my router to forward incoming MIAB/rsync to my NAS or I get my NAS to get the stuff from MIAB.
No idea how to make it do that, but I’ll research.
Duplicity saves the backup files in /home/user-data/backup/encrypted and I rsync that directory, not the entire box.
I do this with a user that does not have sudo privileges. If you really want to get serious, you could configure sshd on MiaB to chroot the user in the .../encrypted/ directory, but you will need to add the necessary files to support the chroot. However, I’m basically trusting that my NAS is at least as secure, likely more secure, than the desktop I use to log in with a user that has sudo privileges.
I also do this to simplify my networking management overhead, as you stated, because it’s outgoing instead of incoming.