Hi,
I recently set up an OPNsesnse box to automatically save updates to a NextCloud instance. However, I'm not seeing an option to rotate those backups. Is there some method built in, to delete older backup files, or do they just slowly pile up until I run out of disk space and start getting errors?
I suppose I could try to write up a bash script to purge the old ones and run it via cron, but I'm not really sure how I would actually do that safely.
Thank you!
Retention can be configured in nextcloud itself This way, OPNsense does not need to know anything about your retention period or implementation.
Umm...how? I can set a size allocation for the backup account, but I'm not aware of a NextCloud feature which automatically deletes old files. Are you talking about a core feature, or a plugin?
I do see a "retention" plugin, but that only acts on tagged files. Then I would need to try to cobble together something with zip ties and duct tape to auto-tag new files with an auto-deletion tag, and hope I get it right, and only affect each individual account. Then if this firewall goes offline for an extended time, the time-based deletion polices purge all of its backups, even though it hasn't been able to make new ones.
I would much prefer to have OPNsense "know...about [my] retention period or implementation" than risk having the whole thing fall apart. If I couldn't trust the platform to protect DR policies, how could I trust it to protect a network?
You can set automatic retention in Nextcloud using Flow and the Retention app. You create 2 tags, name them anything but for example opnsense-backup and opnsense-backupdelete. Tag your target folder with the first of the tags. Then in Flow create an automated tagging flow, with:
When file is changed; File system tag; is tagged with (that tag you tagged the target folder with); tag with (the other tag you created above)
Then add a File retention rule that uses the second tag you created, set your preferred retention time and you're done.
Files that end up in the target folder will automatically be tagged with the second tag and then the retention rule will be applied in due time.