Setting up Restic to backup on a crontab job using a hard disk on USB on the local network.
Comments and suggestions are more than welcome 
There are two servers :
• Server A : where yunohost runs and has an IP= 192.168.1.aa
• Server B: where the hard disk is connected to the USB port.( in my case a iMac computer) has an IP= 192.168.1.bb
Create a user “$YUNOHOST” on server B with a password we shall call $B_YUNOPSSWD in what follows.
On server B, format a hard disk in NTFS format (it can be write/read by linux and macOS using Tuxera NTFS).
I did not try any other file system but FAT32 should work too.
Mount it on /Volumes/bup where “bup” is the disk label on the server B (an iMac in my case).
(This may work in Windows but the terminal commands for Windows are completely different to Unix systems)
0. SERVER A: set up the backup repo on SERVER B by issueing:
sudo restic init --repo sftp:$YUNOHOST@192.168.1.bb:/Volumes/bup
Here you enter the password for the repository we call $A_REPO_PSSWD
- SERVER A: Create password file in /home/admin/.restic-backup like this:
nano /home/admin/.restic-backup.sh
export RESTIC_REPOSITORY="sftp:$YUNOHOST@192.168.1.bb:/Volumes/bup"
export RESTIC_PASSWORD=“$A_REPO_PSSWD”
Here $YUNOHOST is the user login for the server B and the password $A_REPO_PSSWD for the repository on server B (iMac) on /Volumes/bup once you have setup the Restic app properly (see Restic documentation ) .
- SERVER A: The Restic app was installed on server A by using “apt-get install restic” NOT as a yunohost app.
The following script will backup the /home/yunohost.backup/archives folder to the disk on USB of the server B (iMac) under 192.168.1.bb:/Volumes/bup
Create a script for Restic backup in /home/admin/restic-backups.sh like this:
#!/bin/bash
source /home/admin/.restic-backup
restic backup -r $RESTIC_REPOSITORY /home/yunohost.backup/archives --tag yunohost
#restic backup /home/admin/ --tag home
# any other backups you want
Type Ctl+x —> y-> save
- SERVER A: Created a crontab job by copying the “restic-backups.sh” script to /etc/cron.daily without the .sh extension
sudo cp /usr/local/sbin/restic-backups.sh /etc/cron.daily/restic-backups
- SERVER A: Setup of PASSWORDLESS ssh log in to Server B 192.168.1.bb for user $YUNOHOST:
ssh-keygen -t rsa
ssh-copy-id -i ~/.ssh/id_rsa.pub $YUNOHOST@192.168.1.bb
chmod 600 ~/.ssh/authorized_keys
chmod 700 ~/.ssh/
Check by issueing
ssh yunohost@192.168.1.bb
5. SERVER A: Change owner and permissions on restic-backups script by typing
chown admin /etc/cron.daily/restic-backups.sh
chmod 755 restic-backups.sh
/etc/cron/daily/restic-backups should now run without sudo password required: test it!
B. Setting up regular backup of yunohost (SERVER A) using a script called /usr/local/sbin/bupyuno.sh
- SERVER A:
This script is from Daily Automated Backups using Restic with many thanks.
sudo nano /usr/local/sbin/bupyuno.sh
#!/bin/bash
#
# Creates a backup and removes some of the previous backups
# Put script in /etc/cron.daily/ and make sure it can be executed (o+x)
# Backups are created with the following prefix
PREFIX="automatic-"
# All backups with the previous prefix are deleted except the following dates
TODAY=`date '+%Y-%m-%d'`
YESTERDAY=`date -d "yesterday" '+%Y-%m-%d'`
DAY_BEFORE_YESTERDAY=`date -d "2 days ago" '+%Y-%m-%d'`
LAST_SUNDAY=`date -d "last Sunday" '+%Y-%m-%d'`
SUNDAY_BEFORE_LAST=`date -d "last Sunday -7 days" '+%Y-%m-%d'`
BEGINNING_OF_MONTH=`date '+%Y-%m-01'`
BEGINNING_OF_LAST_MONTH=`date -d "last month" '+%Y-%m-01'`
yunohost backup create -n $PREFIX$TODAY
cd /home/yunohost.backup/archives
# Remove some archives with exceptions listed above
rm `ls | grep $PREFIX | grep -v "$TODAY\|$YESTERDAY\|$DAY_BEFORE_YESTERDAY\|$LAST_S$
echo "Removing all except these dates :" " $TODAY\|$YESTERDAY\|$DAY_BEFORE_YESTERD$
echo "Removed these :"
echo | ls | grep -v "$TODAY\|$YESTERDAY\|$DAY_BEFORE_YESTERDAY\|$LAST_SUNDAY\|$$
#Print the list of backups on yunohost
yunohost backup list
- SERVER A: Give ownership to root of bupyuno.sh
sudo chown root /usr/local/sbin/bupyuno.sh
- SERVER A: Test it running
sudo /usr/local/sbin/bupyuno.sh
-
SERVER A: Setup a cron job to run bupyuno.sh every hour
By copying the script to /etc/cron.daily without the .sh extension.cp /usr/local/sbin/bupyuno.sh /etc/cron.daily/bupyuno
All scripts in /etc/cron.daily have to have no extension. Only (^[a-zA-Z0-9_-]+$) are allowed
-
Setup passwordless login for SERVER A (yunohost) to connect to SERVER B (iMac):
-
SERVER A: Enter
ssh-copy-id -i /root/.ssh/id_rsa.pub yunohost@192.168.1.aa
Then try
ssh yubohost@192.168.1.aa
and it should login directly
-
SERVER A: And finally check that they are both run by
sudo run-parts --test --report /etc/cron.daily/ -
To restore a snapshot use these commands :
List the snapshots first:source /home/admin/.restic-backup && restic -r $RESTIC_REPOSITORY snapshots
Restore one of the snapshots to a folder called /restoreYUNO on server A (yunohost):
source /home/admin/.restic-backup && restic -r $RESTIC_REPOSITORY restore f815dba5 --target /restoreYUNO
Copy the backup archive to the yunohost archives on server A (yunohost) :
cp /restoreYUNO/automatic* /home/yunohost.backup/archives/
Then restore the backup by using the web admin or the yunohost command in terminal.
