Hey everyone,

During my vacation, I found some time to tackle the offsite backups thing. So let me break it down:

- We now have an offsite backup location provided by rsync.net and based in Switzerland.

- Access the account data from the vault.

- You all should have SSH access already via SSH keys (we have full authorized_keys file access)

- All current machines were configured to use this offsite backup.

- The offsite backup step runs as a separate backup right after the first one.

- The offsite backups were tested and it appears to be working fine on all machines.

- Payment-wise everything is managed by SPI directly (no reimbursements required) and I'm currently the rsync.net liaison and point of contact. This should be changed to a generic private mail that we can point to in order to mitigate the bus factor.

- We should consider how to do 2FA with rsync.net in a DevOps meeting.

- I had to do quite some Ansible gymnastics in order to configure the rsync.net machine as it doesn't have Python and is, in general, a pretty restricted environment so we have a new role next to borg-server called rsync_net.

- During all of this I cleaned up a few things surrounding borg and I mostly/fully made it so that we can fairly easily add more different offsite locations.

- Giancarlo reviewed my changes. Thanks!

I might have forgotten somethings but this is pretty much the most important bit.

Enjoy,

Sven