Set up Backups with Restic ¶
Install restic-snapshot command ¶
Install the emergence/restic-snapshot command:
hab pkg install emergence/restic-snapshot
Provision bucket ¶
Create a bucket and obtain access credentials at a low-cost cloud object storage host:
- Provision B2 bucket - Select Private - Enable Object Lock
- Provision B2 app key - Use same name as bucket - Only allow access to created bucket - Select Read and Write access - Do not allow listing all bucket names - Do not set file name prefix or duration
Build restic environment ¶
Create a secure file to store needed environment variables for the restic client to read and write to the encrypted repository bucket:
RESTIC_REPOSITORY=s3:us-east-1.linodeobjects.com/restic-myhost
RESTIC_PASSWORD=
# Access Key:
AWS_ACCESS_KEY_ID=
# Secret Key:
AWS_SECRET_ACCESS_KEY=
RESTIC_REPOSITORY=b2:restic-myhost
RESTIC_PASSWORD=
# keyID:
B2_ACCOUNT_ID=
# applicationKey:
B2_ACCOUNT_KEY=
- Create
/etc/restic.envfrom above template - Tailor
RESTIC_REPOSITORYto created bucket - Generate
RESTIC_PASSWORDand save to credential vault - Fill storage credentials
- Secure configuration:
sudo chmod 660 /etc/restic.env
Initialize repository ¶
Load the environment into your current shell to run Restic’s one-time init command to set up the encrypted repository structure within the bucket:
set -a; source /etc/restic.env; set +a
hab pkg exec emergence/restic-snapshot restic init
Create backup script ¶
-
Create
/etc/cron.daily/emergence-restic-backup#!/bin/bash /bin/hab pkg exec emergence/restic-snapshot snapshot -
Max executable:
chmod +x /etc/cron.daily/emergence-restic-backup
Run manually ¶
To verify the configuration and create an initial snapshot:
/etc/cron.daily/emergence-restic-backup
Verifying backups ¶
-
Load environment:
set -a; source /etc/restic.env; set +a -
List snapshots:
hab pkg exec emergence/restic-snapshot restic snapshots -
Examine contents of an SQL dump:
hab pkg exec emergence/restic-snapshot restic dump ced0825f /database.sql | grep '^CREATE'