Toolbox Aid

March 7th, 2026 11:11 PM Mr. Q Categories: Security

Overview

This guide explains how to configure incremental backups from a local Synology NAS 1 to a remote Synology NAS 2 using SSH keys and rsync. (I’m using Synology, this will work on most linux machines)

The script will:

• Exclude large runtime folders (wan, lan, dev)
• Only sync new docker_assistant_config_backup_*.tar.gz files
• Automatically delete backups older than 90 days on the remote NAS 1
• Run fully automated via Synology DMS 7.x Task Scheduler

---

1. Prepare SSH Keys

On the local NAS 1:

mkdir -p ~/.ssh/backup_keys
chmod 700 ~/.ssh/backup_keys

ssh-keygen -t ed25519 -f ~/.ssh/backup_keys/id_rsa_backup -C "docker_assistant_backup"
# Leave passphrase empty for automation

Copy the public key to the remote NAS 2:

ssh user@Synology-NAS2 "mkdir -p ~/.ssh && chmod 700 ~/.ssh"
cat ~/.ssh/backup_keys/id_rsa_backup.pub | ssh user@Synology-NAS2 "cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"

---

2. Prepare Remote Backup Folder

On NAS 2:

ssh user@Synology-NAS2 "mkdir -p /volume1/docker_assistant_zip/backup && chown user:users /volume1/docker_assistant_zip/backup && chmod 775 /volume1/docker_assistant_zip/backup"

---

3. Incremental rsync Script

Save as /volume1/docker_assistant/scripts/incremental_rsync_to_remote.sh:

#!/bin/bash

# ==============================
# CONFIGURATION
# ==============================
REMOTE_USER="user"
REMOTE_HOST="Synology-NAS2"
REMOTE_PORT="22"

REMOTE_DIR="/volume1/System-Backups/docker_assistant_zip"
LOCAL_DIR="/volume1/docker_assistant_zip"

SSH_KEY="$HOME/.ssh/backup_keys/id_rsa_backup"

EXCLUDES=()
ROTATE_DAYS=90

# ==============================
# BUILD EXCLUDES
# ==============================
RSYNC_EXCLUDE=""
for folder in "${EXCLUDES[@]}"; do
    RSYNC_EXCLUDE+=" --exclude=${folder}"
done

# ==============================
# RUN INCREMENTAL RSYNC
# ==============================
echo "Starting incremental rsync..."

rsync -avz \
    -e "ssh -p $REMOTE_PORT -i $SSH_KEY" \
    $RSYNC_EXCLUDE \
    --delete \
    "$LOCAL_DIR/" \
    "$REMOTE_USER@$REMOTE_HOST:$REMOTE_DIR/"

if [ $? -ne 0 ]; then
    echo "Rsync failed."
    exit 1
fi

echo "Rsync completed successfully."

# ==============================
# ROTATE OLD BACKUPS ON REMOTE
# ==============================
echo "Removing backups older than $ROTATE_DAYS days..."

ssh -p $REMOTE_PORT -i "$SSH_KEY" \
    "$REMOTE_USER@$REMOTE_HOST" \
    "find $REMOTE_DIR -type f -mtime +$ROTATE_DAYS -print -delete"

echo "Backup rotation complete."
echo "Incremental backup finished successfully."

---

4. Make Script Executable

chmod +x /volume1/docker_assistant/scripts/incremental_rsync_to_remote.sh

Test manually:

/volume1/docker_assistant/scripts/incremental_rsync_to_remote.sh

---

5. Automate with Task Scheduler

1. Go to Control Panel → Task Scheduler → Create → User-defined script
2. Set User to user
3. Paste the script path in Run command:/volume1/docker_assistant/scripts/incremental_rsync_to_remote.sh
4. Set schedule (daily, weekly, etc.)

Non-Synology machines will use CRON/CRONTAB.

---

✅ Notes

• Only new backup files are synced each run (incremental).
• Large folders (wan, lan, dev) are skipped/excluded.
• Backups older than 90 days are automatically deleted on the remote NAS 2 via RSYNC.
• Fully automated using SSH key authentication — no password prompts.