Enabling Time Machine Backups on OpenWRT for GL.iNet Routers
As a digital nomad, having good backups is paramount to success. However, I have always felt it was a bad idea to keep a USB drive connected to my computer to use Time Machine. If my computer is stolen, or even the bag with my computer in it, my local backup would also be gone! My goal, therefore, has always been to have a network attached backup drive that could travel with me. I have previously tried and failed multiple times to get this working. Fortunately, I recently purchased a GL.iNet model GL-MT3000 router that has the amount of CPU power and Memory on it to make this work reliably! Let’s dig in to how I got this setup.
USB Drive Setup
First step is to setup your USB drive. Personally, I recommend partitioning the drive such that each person using it for backups has their own partition. This limits any necessary quota manipulation in the config, and instead each user is only allowed access to their partition with their backups. For me, that was two partitions, one that is 550 GB and the other is 375 GB (using a full ‘1 TB’ drive). Set the format to EXT4, or, if you can’t from you Mac (like me), keep it as the default and reformat after connecting to the router.
Plug the USB drive into the router, then login via SSH. If you could not set the format to EXT4 above, format each partition at this time. To do so, you’ll need to add the “kmod-fs-ext4” plug-in to your router (Admin panel -> sidebar -> Applications -> Plug-ins -> search for “ext4” -> Install). Once you have that, you can run the following command for each partition, where # needs to be replaced by the proper id for each partition (my USB drive partitions are sda2 and sda3) and {username} needs to be replaced by each user’s username (for easy choosing when you browse to it). NOTE: this will destroy all data on the drive!
mkfs.ext4 -L {username} /dev/sda#
For example:
mkfs.ext4 -L nabeards /dev/sda3
Verify you can write data to each partition:
echo "test" >>/tmp/mountd/disk1_part#/test.txt
If you don’t get an error and can then view that file, e.g., cat /tmp/mountd/disk1_part#/test.txt, then you are good! You can just remove that file now: rm /tmp/mountd/disk1_part#/test.txt.
Finally, we’re going to also create folders on each partition named the same as each username. This is just to make some config a little easier, but I like it.
mkdir /tmp/mountd/disk1_part#/{username}
For example:
mkdir /tmp/mountd/disk1_part2/nabeards
OK, at this point, you have your USB drive connected to the router, you have created your partitions, formatted and labeled each partition for use, and created a target folder for the backups to live. The next part is to configure SMB sharing.
SMB Sharing Configuration
While still connected to SSH, we are going to modify the top of the /etc/samba/smb.conf.template file to look like the following:
[global]
netbios name = |NAME|
interfaces = |INTERFACES|
server string = |DESCRIPTION|
unix charset = |CHARSET|
workgroup = |WORKGROUP|
vfs objects = catia fruit streams_xattr
fruit:aapl = yes
fruit:metadata = stream
fruit:model = MacSamba
fruit:veto_appledouble = no
fruit:nfs_aces = no
fruit:wipe_intentionally_left_blank_rfork = yes
fruit:delete_empty_adfiles = yes
fruit:posix_rename = yes
fruit:time machine = yes
## This global parameter allows the Samba admin to limit what interfaces on a machine will serve SMB requests.
...
Once you have that saved, give the router a restart (you can just type reboot and hit return from the SSH connection), wait a couple of minutes for it come back online, then double-check that the /etc/samba/smb.conf.template file saved properly. If so, also verify that the /etc/samba/smb.conf file now has these same vfs and fruit settings in it. The top five settings in /etc/samba/smb.conf will be filled in the proper info (instead of the template strings, e.g., |NAME|), but just below those you should see the updated configs. Once you have verified this all looks good, continue to the next step.
You can exit your SSH session now! From the GL.iNet Admin Panel (setup on v4.6.9), on the sidebar, expand “Applications” then click on “Network Storage”. About halfway down the page, under “File Services”, flip the switch to “Enable Samba” and click “Apply”.
Next, click the “User Management” tab two choices over from “File Services”. Create a user for each backup user you want. I recommend matching their username here to their username on their Mac. Be sure to set a password for the user of course.
Next, click the “Shared Folders” tab between “File Services” and “User Management”. Click the “+ Add” button on the right, and browse to the first backup folder and enable sharing. Disable Anonymous Access, assign the proper user as “Read-Write User”, and leave “Read-only User” blank, then click “Apply”.
I recommend giving the router another restart at this point to make sure all settings are sticking. From the top right of the Admin Panel, you can click the Reboot button next to the help question mark. Once the router comes back online, verify the settings in the sidebar -> “Applications” -> “Network Storage” are still there and look good.
Enable Time Machine
Now you can enable Time Machine on each client Mac! On each computer, go to the Time Machine settings panel and click the + button to add a new destination. You should see the shared folders listed right away, just click on the matching share for each user and enter the login information.
I enabled Encrypted Backups for my use, and I set Time Machine to run once daily. I find hourly backups a bit busy over the network. Also, be sure to remove any unnecessary files from the backup using the “Options…” button in the Time Machine settings. I disable all VMs, don’t backup my pictures (because they are backed up a different way), and I use asimov to disable all coding packages (like node_modules). Also, I highly recommend doing the first backup with a phycial network cable instead of over WiFi, it’s much faster!