return to homepage
This is a tutorial for creating automated, versioned, deduplicated and encrypted remote backups on a linux machine. Let's define our assumptions and all 'em big words.
You have a strategy regarding what to store.
You want to backup less than 100GB.
You how how to use a unix command line, know how to
ssh and how to edit
Here are some things we want to achieve:
Therefore our backups are:
The general idea is simply to run this command regularly:
Now, with the full details, these commands can become too wordy:
So we are going to separate it into 3 files:
Let's do it:
There, create 3 files:
using the env command, a system() call or using inline shell scripts (e.g. RESTIC_PASSWORD=password restic …) might expose the credentials in the process list directly and they will be readable to all users on a system. Using export in a shell script file should be safe, however, as the environment of a process is accessible only to that user. Please make sure that the permissions on the files where the password is eventually stored are safe (e.g. 0600 and owned by root).
sftp:XXXXX@ab-x331.rsync.net:reponame will be different for you, of course. But we will come back to it.
or check the docs for excluding.
Before we keep going, do the installations and signing-up.
Install restic: https://restic.readthedocs.io/en/latest/020_installation.html
sign up at: https://www.rsync.net/products/restic.html
you will get a user with format
NNNNN and a server with format
ab-xNNN.rsync.net or something similar.
Your restic repository will now live at:
sftp:XXXXX@ab-x331.rsync.net:reponame, so make sure you update your config file above. Then follow their instructions to get ssh access with a key.
You are now ready to initialize the repo. Chose a name for it, here
myrepo and run in your local shell:
Chose your password and store it in your config file.
You can check that it works, for example with a small file:
Now we need to tell our computer to do this regularly.
user is not your username, it's the actual string
inside that directory create this file:
as well as:
Ok. All the infrastructure is set. We now need to start it:
Now, the backup should happen daily at the chosen time, or at the next available time if the computer is off. You can do the same process to prune your restic repos. You will create a
restic-prune.service and a
restic-prune.timer , with the only major difference being in:
which calls the same configuration file.
I have also set this backup system to make an encrypted backup to my external hard drives. To make it easier to create manual backups, I also created a bash script as seen below:
Of course, we haven't talk about restoring your backups, but restic makes it very easy. To check the consistency of your backup:
To fully restore:
But much more granular recovery of files and repos can be done.
return to homepage