⚠️ This post is archived from my phlog in Gopherspace. Please read my post on the Gopher Protocol to get started!
Let’s make a backup of the entire server.
I like restic.
I think it’s used by the LHC or something to store/move like… an exabyte of data?
I found out about it because of DeAndre Queary’s guides on YouTube:
https://www.youtube.com/@DreQueary
Install:
sudo apt-get install restic
Initialize the repo
Restic backups are referred to as “repositories.” These repos will contain versions of files.
Initialize the repository:
restic init -r /media/root/BackupRAID/server-backups/restic-simulacra-entire-server-start-2024-10-13
It will ask you for a password for the new repository, in order to encrypt the contents. This is not required.
Create the password file
Time to store a password in plaintext (yikes!), just put your password into /etc/restic-password (make sure no extra spaces or newlines, etc., or you’ll get wrong password/no key found errors). Then set the permissions so only root has access:
sudo chown root:root /etc/restic-password
sudo chmod 600 /etc/restic-password
You will then reference this file with the environmental variable RESTIC_PASSWORD_FILE.
The reason I’m not too worried about this kind of set up is someone with the permission to access the file, will have access to all the things we are backing up, anyway, but there may be a better way, anyway. This is also a security feature for if I move the backup to a tape or RDX.
Run the backup
Here we will create the first backup manually, before adding it to cron. Note all the directories I am excluding. I think having a blacklist for backups, rather than a whitelist, is a better idea.
sudo RESTIC_PASSWORD_FILE=/etc/restic-password /usr/bin/restic backup / --exclude /home/baudrillard/.bitmonero --exclude /root/.bitmonero --exclude /nix --exclude /mnt --exclude /tmp --exclude /run --exclude /var/tmp --exclude /lost+found --exclude /media --exclude /sys --exclude /proc --exclude /dev -r /media/root/BackupRAID/server-backups/restic-simulacra-entire-server-start-2024-10-13
Test the backup
sudo RESTIC_PASSWORD_FILE=/etc/restic-password restic check -r /media/root/BackupRAID/server-backups/restic-simulacra-entire-server-start-2024-10-13
You can also get stats on the repo:
sudo RESTIC_PASSWORD_FILE=/etc/restic-password restic stats -r /media/root/BackupRAID/server-backups/restic-simulacra-entire-server-start-2024-10-13
Automate the backup (cron)
I made a script for backups (/usr/local/bin/restic-backup.sh [make sure to mark it as executable]):
#!/bin/bash
LOG_FILE="/var/log/restic-backup.log"
export RESTIC_PASSWORD_FILE=/etc/restic-password
/usr/bin/restic backup / --exclude /home/baudrillard/.bitmonero --exclude /root/.bitmonero --exclude /nix --exclude /mnt --exclude /tmp --exclude /run --exclude /var/tmp --exclude /lost+found --exclude /media --exclude /sys --exclude /proc --exclude /dev -r /media/root/BackupRAID/server-backups/restic-simulacra-entire-server-start-2024-10-13 > "$LOG_FILE" 2>&1
if [ $? -eq 0 ]; then
DATE=$(date "+%Y-%m-%d %H:%M:%S")
echo "Backup completed successfully at $DATE" >> "$LOG_FILE"
else
DATE=$(date "+%Y-%m-%d %H:%M:%S")
echo "Backup failed at $DATE" >> "$LOG_FILE"
fi
I also created a script to check the integrity and prune restic (/usr/local/bin/restic-maintain.sh):
#!/bin/bash
LOG_FILE="/var/log/restic-maintain.log"
export RESTIC_PASSWORD_FILE=/etc/restic-password
export RESTIC_REPOSITORY=/media/root/BackupRAID/server-backups/restic-simulacra-entire-server-start-2024-10-13
# Check integrity and prune
restic check > $LOG_FILE
restic forget --prune --keep-daily=7 --keep-weekly=4 --keep-monthly=12 >> $LOG_FILE
# Appends a timestamp to the log
date "+%Y-%m-%d %H:%M:%S" >> $LOG_FILE
Let’s simply add the script to root’s crontab:
sudo crontab -e
Add these entries (backup daily at 2am, maintain weekly Saturday at 6am):
0 2 * * * /usr/local/bin/restic-backup.sh
0 6 * * 6 /usr/local/bin/restic-maintain.sh
Restore from backup (when needed)
List snapshots
restic snapshots -r /media/root/BackupRAID/server-backups/restic-simulacra-entire-server-start-2024-10-13
View files in a specific snapshot:
restic ls [snapshot-id] -r /path/to/repo
Example:
restic ls latest -r /media/root/BackupRAID/server-backups/restic-simulacra-entire-server-start-2024-10-13
Restoring
Restore a specific file or directory:
restic restore latest --target /restore/path --include /home/user/docs -r /path/to/repo
Restore and overwrite:
restic restore latest --target / --include /etc/hosts --overwrite -r /path/to/repo
Original content in gopherspace: gopher://gopher.someodd.zip:70/0/phlog/restic_entire_server.gopher.txt