A script for executing restic backups onto a remote (or local) server.
Find a file
2022-08-25 22:48:22 +00:00
.gitignore initial commit before setting up the remote 2019-10-14 02:54:32 +00:00
LICENSE Add LICENSE 2019-10-09 21:09:44 +00:00
README.md Update README.md 2019-10-23 22:26:34 +00:00
restic-cron created more sensible default path 2019-10-16 01:49:17 +00:00
run-restic.sh Assert the pruning step to ensure 'forgotten' snapshots are removed and don't use disk space. 2022-08-25 22:48:22 +00:00
site.conf-sample initial commit before setting up the remote 2019-10-14 02:54:32 +00:00

Restic Backup

A script for executing restic backups - see the project repo onto a remote (or local) server.

Backups are incremental, and stored encrypted on the backup server. You must have the password for each backup to view the content. This script stores 7 daily, 5 weekly, 12 monthly, and 7 yearly snapshots. It automatically cleans up after itself.

This solution is far more efficient and faster than our past solution, Rdiff Backup (which uses rsync)...

Installation

First you need to install restic. Use your distribution's package manager if possible, otherwise, grab a pre-compiled binary from the git repo.

You'll need to clone this repo (or download and uncompress it) into a place on the machine you want to backup. By default, on my systems, I put it in /home/data/scripts in the directory restic-backup.

Then create a site.conf (cp site.conf-example site.conf) and replace the DST value (it can be either a local directory path or an SFTP-based address of a remote backup space).

You'll need to set up key-based SSH access from the local machine onto the remote machine. If you're not sure how to do that, here's a howto.

You'll need to initialise the backup space (whether it's local or remote). You'll run a command like (replacing $DST with the value you put into your site.conf)

restic -r $DST init

and you'll be asked to put in a password - make sure you store the password!! - I use a utility called pwgen (sudo apt install pwgen to install it on a Debian-esque Linux) and run, say, pwgen -s 19 1 to get a 19 character password. If you lose this password, you'll lose access to your backups

Finally, you'll need to copy the restic-cron script into /etc/cron.d/ to make sure it runs automatically. You may need to tweak the path to your restic-backup directory and you can also adjust when the backup runs... The format is

Min Hr Day Month Day-of-week

For example, I have set the default to 30 4 * * *

Which means, it runs a 04:30 every morning (every day of the week). Adjust to your requirements.

Todo

Create an initialisation and password generation function for this script.