User:Rbuchberger/restic

From ArchWiki

Restic is a fast, efficient, secure backup program with support for Linux, macOS, Windows, and a few other Operating Systems.

Important features:

  • Snapshots are encrypted.
  • Snapshots are versioned.
  • All data is deduplicated.
  • Many backends are supported.
  • Multiple hosts can back up to the same repository.
  • Available as a standalone binary

Installation

Install restic. Optionally, install a helper; there are several which can be found by searching the AUR.

Configuration

Restic itself does not support configuration files; it is configured entirely through environment variables and command line arguments. Several helpers such as cresticAUR, resticprofileAUR, and rusticAUR have been created, though with a touch of scripting it is not remarkably difficult to do without.

Configuration without a helper

The following is one way you may consider managing restic backups:

  • Create configuration files in /etc/restic
  • Create a simple bash script in /usr/local/sbin
  • Create a systemd service & timer to call said script regularly.

This scheme requires no additional packages, is infinitely adaptable, and allows for checking & forgetting/pruning on a regular basis.

/etc/restic

Place any restic environment variables in /etc/restic/env.

Tip: You can source this file to run generic restic commands against your existing repository, for example when testing (or actually using!) backup restoration.
Warning: The env file contains encryption keys and access keys; you should remove non-root permissions for this file.
Example /etc/restic/env 
export RESTIC_REPOSITORY="b2:my-b2-bucket:/"
export RESTIC_PASSWORD="secret_password"
export RESTIC_CACHE_DIR="/var/cache/restic"
export B2_ACCOUNT_KEY="abc123"
export B2_ACCOUNT_ID="abc123"

List directories to be backed up in /etc/restic/include:

Example /etc/restic/include 
/home/
/etc/
/root/
/boot/

Similarly, list patterns to exclude in /etc/restic/exclude:

Example /etc/restic/exclude 
/home/me/downloads
**/tmp/
**/node_modules/

Backup script

Write a script to run the backups. Note that backup, check, and forget are operations which take an unknown amount of time and cannot be run concurrently. Deconfliction can be accomplished a number of ways, one of which is shown here:

 Example /usr/local/sbin/backup.sh 

#! /bin/bash

CONFIG_DIR="/etc/restic"

. "$CONFIG_DIR"/env

backup() {
     restic backup \
         --verbose \
         --exclude-caches \
         --one-file-system \
         --files-from "$CONFIG_DIR/include" \
         --exclude-file "$CONFIG_DIR/exclude"
}

check() {
    restic check --read-data-subset 2% --verbose
}

forget() {
    restic forget \
        --verbose \
        --keep-last 7 \
        --keep-daily 7 \
        --keep-weekly 4 \
        --keep-monthly 4 \
        --prune
}

# Mondays
should_check() {
    [ "$(date +%u)" = 1 ]
}

# Monday, every 4 weeks
should_forget() {
    should_check && [ $((10#$(date +%W) % 4)) == 0 ]
}

daily() {
    backup || exit 1

    should_forget && (forget || exit 1)
    should_check && (check || exit 1)
}

case $1 in
backup)
    backup
    ;;
check)
    check
    ;;
forget)
    forget
    ;;
daily)
    daily
    ;;
*)
    echo "Usage: $1 backup|check|forget|daily"
    ;;
esac

Systemd

Finally, schedule them with a systemd service & timer:

backup.service
[Unit]
Description="Daily backup"

[Service]
ExecStart=/usr/local/sbin/backup.sh daily
backup.timer
[Unit]
Description="Scheduled Nightly Backup"

[Timer]
OnCalendar=03:00:00
WakeSystem=true

[Install]
WantedBy=basic.target