restic-backup/README.md

# Restic Backup

A script for executing [restic backups](https://restic.net) - see the [project repo](https://github.com/restic/restic) onto a remote (or local) server.

Backups are incremental, and stored encrypted on the backup server. You must have the password for each backup to view the content. This script stores 7 daily, 5 weekly, 12 monthly, and 7 yearly snapshots. It automatically cleans up after itself. 

This solution is far more efficient and faster than our past solution, Rdiff Backup (which uses rsync)... 

## Installation

First you need to [install restic](https://restic.readthedocs.io/en/stable/020_installation.html). Use your distribution's package manager if possible, otherwise, grab a [pre-compiled binary from the git repo](https://restic.readthedocs.io/en/stable/020_installation.html#official-binaries).

You'll need to clone this repo (or download and uncompress it) into a place on the machine you want to backup. By default, on my systems, I put it in `/home/data/scripts` in the directory `restic-backup`.

Then create a `site.conf` (`cp site.conf-example site.conf`) and replace the DST value (it can be either a local directory path or an SFTP-based address of a remote backup space).

You'll need to set up key-based SSH access from the local machine onto the remote machine. If you're not sure how to do that, [here's a howto](https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-server).

You'll need to initialise the backup space (whether it's local or remote). You'll run a command like (replacing $DST with the value you put into your site.conf)

`restic -r $DST init`

and you'll be asked to put in a password - *make sure you store the password*!! - I use a utility called `pwgen` (`sudo apt install pwgen` to install it on a Debian-esque Linux) and run, say, `pwgen -s 19 1` to get a 19 character password. *If you lose this password, you'll lose access to your backups*

Finally, you'll need to copy the `restic-cron` script into `/etc/cron.d/` to make sure it runs automatically. You may need to *tweak the path to your restic-backup directory* and you can also adjust when the backup runs... The format is

`Min Hr Day Month Day-of-week`

For example, I have set the default to
`30  4  *   *     *`

Which means, it runs a 04:30 every morning (every day of the week). Adjust to your requirements. 

## Todo

Create an initialisation and password generation function for this script.
Initial commit 2019-10-10 10:09:19 +13:00			`# Restic Backup`

Update README.md 2019-10-24 11:26:34 +13:00			`A script for executing [restic backups](https://restic.net) - see the [project repo](https://github.com/restic/restic) onto a remote (or local) server.`
Update README.md 2019-10-24 10:58:22 +13:00
			`Backups are incremental, and stored encrypted on the backup server. You must have the password for each backup to view the content. This script stores 7 daily, 5 weekly, 12 monthly, and 7 yearly snapshots. It automatically cleans up after itself.`

			`This solution is far more efficient and faster than our past solution, Rdiff Backup (which uses rsync)...`

Update README.md 2019-10-24 11:25:10 +13:00			`## Installation`

			`First you need to [install restic](https://restic.readthedocs.io/en/stable/020_installation.html). Use your distribution's package manager if possible, otherwise, grab a [pre-compiled binary from the git repo](https://restic.readthedocs.io/en/stable/020_installation.html#official-binaries).`

			You'll need to clone this repo (or download and uncompress it) into a place on the machine you want to backup. By default, on my systems, I put it in `/home/data/scripts` in the directory `restic-backup`.

			Then create a `site.conf` (`cp site.conf-example site.conf`) and replace the DST value (it can be either a local directory path or an SFTP-based address of a remote backup space).

			`You'll need to set up key-based SSH access from the local machine onto the remote machine. If you're not sure how to do that, [here's a howto](https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-server).`

			`You'll need to initialise the backup space (whether it's local or remote). You'll run a command like (replacing $DST with the value you put into your site.conf)`

			`restic -r $DST init`

			and you'll be asked to put in a password - make sure you store the password!! - I use a utility called `pwgen` (`sudo apt install pwgen` to install it on a Debian-esque Linux) and run, say, `pwgen -s 19 1` to get a 19 character password. If you lose this password, you'll lose access to your backups

			Finally, you'll need to copy the `restic-cron` script into `/etc/cron.d/` to make sure it runs automatically. You may need to tweak the path to your restic-backup directory and you can also adjust when the backup runs... The format is

			`Min Hr Day Month Day-of-week`

			`For example, I have set the default to`
			`30 4 * * *`

			`Which means, it runs a 04:30 every morning (every day of the week). Adjust to your requirements.`

			`## Todo`

			`Create an initialisation and password generation function for this script.`