Linux-based Time Machine backup server using Netatalk and ZFS
ℹ️ This is a “scratchpad post”: a quick and rough dump of notes to aid internet travelers like yourself (and future me)
For a while I used an external USB hard drive to store Time Machine backups from my MacBook. I wanted something more convenient, so I decided to set up a server on my home network to host backups, mainly for Time Machine on Macs.
I used a PC running Ubuntu 22.04 with an SSD for primary storage and a dedicated HDD (on /dev/sda) for backup storage. The commands below create multiple ZFS datasets:
/backup |
Root dataset optimized for archive data |
/backup/encrypted |
Encrypted dataset for non-Time Machine backups |
/backup/time-machine |
Unencrypted dataset optimized for Time Machine data (see below) |
/backup/time-machine/mbp |
Dedicated dataset for Macbook Pro backup |
/backup/time-machine/mba |
Dedicated dataset for Macbook Air backup |
Choices
Why leave the Time Machine datasets unencrypted?
Time Machine conveniently supports applying encryption on the client side (the computer creating the backup). There’s no need for the backup data to be double-encrypted (once by the backup client and again by the server).
Why Netatalk/AFP instead of Samba?
I read some online discussions describing Time Machine backups to Samba shares being unreliable and/or slow in newer macOS versions. Netatalk/AFP is also simpler to configure and more natively supports certain macOS features.
Why ZFS instead of ext4/btrfs/XFS/others?
Some quick online research indicated ZFS being the best combination of mature, flexible, and optimized for NAS-type storage.
Partition backup HDD
sudo parted /dev/sda
(parted) mklabel GPT
(parted) q
Set up ZFS
sudo apt update && sudo apt install zfsutils-linux
sudo zpool create \
-m /backup \
-O atime=off \
-O dnodesize=auto \
-O acltype=posixacl \
-O xattr=sa \
-O setuid=off \
-O exec=off \
-O devices=off \
backup /dev/sda
sudo zfs create \
-o encryption=on \
-o keylocation=prompt \
-o keyformat=passphrase \
-o compression=lz4 \
backup/encrypted
sudo zfs create \
-o compression=zle \
backup/time-machine
sudo zfs create backup/time-machine/mbp
sudo zfs create backup/time-machine/mba
Create users
sudo useradd --no-create-home --home-dir /backup --shell /usr/sbin/nologin backup_mbp
sudo useradd --no-create-home --home-dir /backup --shell /usr/sbin/nologin backup_mba
sudo chown backup_mbp:backup_mbp /backup/time-machine/mbp
sudo chown backup_mba:backup_mba /backup/time-machine/mba
sudo chmod og-rwx /backup/time-machine/mbp /backup/time-machine/mba
Set up AFP
sudo apt update && sudo apt install -y netatalk
sudo tee -a /etc/netatalk/afp.conf << EOF
[tm_mbp]
path = /backup/time-machine/mbp
time machine = yes
valid users = backup_mbp
[tm_mba]
path = /backup/time-machine/mba
time machine = yes
valid users = backup_mba
EOF
sudo service netatalk restart