Time Machine Backups on OpenBSD with Netatalk

May 22, 2019

Introduction

Apple’s automatic backup app Time Machine is a fantastic utility that does hourly, daily, and weekly backups of local snapshots. This enables you to restore the system to a previous state in the event of a catastrophic failure—a somewhat rare occurence on the ever-so-stable macOS. The caveat being that storage is limited to AFP (Apple Filing Protocol) compatible devices like the Apple AirPort Time Capsule. Fortunately, Netatalk provides an open source AFP file server that works flawlessly on OpenBSD, and setup is trivial.

Install Netatalk

Like most apps, installation is made super simple with OpenBSD’s pkg utility:

# pkg_add netatalk
quirks-3.124 signed on 2019-04-15T12:10:16Z
Ambiguous: choose package for netatalk
a    0: <None>
     1: netatalk-2.2.6
     2: netatalk-2.2.6-avahi
     3: netatalk-3.1.12
Your choice: 3
netatalk-3.1.12:libevent-2.0.22p1: ok
netatalk-3.1.12: ok
The following new rcscripts were installed: /etc/rc.d/netatalk
See rcctl(8) for details.

Choose the 3.1.x option, as at May 2019 that’s option 3.

Server Configuration

There are not a lot of steps involved; but we first need to enable the dameons before configuring some server side options. Use the rcctl utility:

# rcctl enable messagebus avahi_daemon netatalk
# rcctl order messagebus avahi_daemon netatalk

Netatalk is configured in /etc/netatalk/afp.conf and there are myriad options available so I advise you read the afp.conf man page but you can have a running setup with a fairly minimal configuration. I opted to create a new user specially for Time Machine, but this isn’t required:

[Global]
vol preset = default_for_all_vol
hostname = t420bsd
log file = /var/log/netatalk.log
mimic model = Xserver
keep sessions = yes

[default_for_all_vol]
file perm = 0664
directory perm = 0774
cnid scheme = dbd

[TimeMachine]
time machine = yes
path = /home/timemachine
vol size limit = 500000
valid users = timemachine

The options are mostly self-explanatory, and the afp.conf man page is quite exhaustive, but the gist of it is that global defaults are applied through the [default_for_all_vol] label that sets permissions and database access restrictions, then a specific TimeMachine service is created that maps to the /home/timemachine directory for the one user timemachine with a maximum disk size of 500 GB—this doesn’t need to be the actual disk size, in fact its purpose is to limit Time Machine to only using x amount of disk space otherwise it will use up the entire disk.

Then, run adduser to create the timemachine account that has authorised access to the fileserver:

# adduser
Use option ``-silent'' if you don't want to see all warnings and questions.

Reading /etc/shells
;
Check /etc/master.passwd
Check /etc/group

Ok, let's go.
Don't worry about mistakes. There will be a chance later to correct any input.
Enter username []: timemachine
Enter full name []: Time Machine
Enter shell bash csh ksh nologin sh [ksh]:
Uid [1002]:
Login group timemachine [timemachine]:
Login group is ``timemachine''. Invite timemachine into other groups: guest no
[no]:
Login class authpf bgpd daemon default pbuild staff unbound
[default]:
Enter password []:
Enter password again []:

Name:             timemachine
Password:    ****
Fullname:    Time Machine
Uid:      1002
Gid:      1002 (timemachine)
Groups:           timemachine
;
Login Class: default
HOME:             /home/timemachine
Shell:            /bin/ksh
OK? (y/n) [y]:
Added user ``timemachine''
Copy files from /etc/skel to /home/timemachine
Add another user? (y/n) [y]: n
Goodbye!

Now, simply start the daemons:

# rcctl start messagebus avahi_daemon netatalk

And that’s it for server side setup; time to move onto your macOS client.

macOS Client Setup

Drop into a terminal, and enter the following command to allow macOS to show unsupported—or non-proprietary Apple appliances such as the Time Capsule—network drives:

$ defaults write com.apple.systempreferences TMShowUnsupportedNetworkVolumes 1

Tip

If this will be the first time performing a snapshot and backup of your macOS system, it’s highly advisable you disable CPU throttling for low priority processes by entering the following in your terminal—it will speed up the process exponentially!

$ sudo sysctl debug.lowpri_throttle_enabled=0
Password:
debug.lowpri_throttle_enabled: 1 -> 0

Now open Time Machine, and when you hit Select Disk... you should find your file server available—in the abovementioned setup as t420bsd—for selection!

Caution

It’s equally advisable you re-enable throttling once your first backup is complete, as it also impacts other system processes—processes that you might not want consuming valuable system resources. This can be done with sysctl debug.lowpri_throttle_enabled=1. Alternatively, it will automatically reactivate next system restart.