Linux-based Time Machine backup server using Netatalk and ZFS
— linux, macos, backup, zfs, networking, scratchpad — 2 min read
ℹ️ This is a "scratchpad post": a quick and rough dump of notes to aid internet travelers like yourself (and future me)
For a while I used an external USB hard drive to store Time Machine backups from my MacBook. I wanted something more convenient, so I decided to set up a server on my home network to host backups, mainly for Time Machine on Macs.
I used a PC running Ubuntu 22.04 with an SSD for primary storage and a dedicated HDD (on /dev/sda) for backup storage. The commands below create multiple ZFS datasets:
/backup | Root dataset optimized for archive data |
/backup/encrypted | Encrypted dataset for non-Time Machine backups |
/backup/time-machine | Unencrypted dataset optimized for Time Machine data (see below) |
/backup/time-machine/mbp | Dedicated dataset for Macbook Pro backup |
/backup/time-machine/mba | Dedicated dataset for Macbook Air backup |
Choices
Why leave the Time Machine datasets unencrypted?
Time Machine conveniently supports applying encryption on the client side (the computer creating the backup). There's no need for the backup data to be double-encrypted (once by the backup client and again by the server).
Why Netatalk/AFP instead of Samba?
I read some online discussions describing Time Machine backups to Samba shares being unreliable and/or slow in newer macOS versions. Netatalk/AFP is also simpler to configure and more natively supports certain macOS features.
Why ZFS instead of ext4/btrfs/XFS/others?
Some quick online research indicated ZFS being the best combination of mature, flexible, and optimized for NAS-type storage.
Partition backup HDD
sudo parted /dev/sda(parted) mklabel GPT(parted) qSet up ZFS
sudo apt update && sudo apt install zfsutils-linuxsudo zpool create \ -m /backup \ -O atime=off \ -O dnodesize=auto \ -O acltype=posixacl \ -O xattr=sa \ -O setuid=off \ -O exec=off \ -O devices=off \ backup /dev/sdasudo zfs create \ -o encryption=on \ -o keylocation=prompt \ -o keyformat=passphrase \ -o compression=lz4 \ backup/encryptedsudo zfs create \ -o compression=zle \ backup/time-machinesudo zfs create backup/time-machine/mbpsudo zfs create backup/time-machine/mbaCreate users
sudo useradd --no-create-home --home-dir /backup --shell /usr/sbin/nologin backup_mbpsudo useradd --no-create-home --home-dir /backup --shell /usr/sbin/nologin backup_mba
sudo chown backup_mbp:backup_mbp /backup/time-machine/mbpsudo chown backup_mba:backup_mba /backup/time-machine/mba
sudo chmod og-rwx /backup/time-machine/mbp /backup/time-machine/mbaSet up AFP
sudo apt update && sudo apt install -y netatalksudo tee -a /etc/netatalk/afp.conf << EOF[tm_mbp]path = /backup/time-machine/mbptime machine = yesvalid users = backup_mbp
[tm_mba]path = /backup/time-machine/mbatime machine = yesvalid users = backup_mbaEOFsudo service netatalk restart