Daily Automated Backups using Restic

Restic is a newer backup solution, but far easier to setup than Borg imho. This tutorial is to show you how easy it is to setup, and run daily on Yunohost.

I love Yunohost and wish to give a little back to this community with this walk-through that I hope will help some people.

What is restic?


1. Setup Your Backup Location

Prepare a your backup location (another computer on the LAN, or a USB hard drive, or an internal hard drive)

NOTE: This sort of backup doesn’t protect you against theft, fire, or flood. You should have an offsite backup as well as this local one.

In this example, I am using an internal hard drive that is mounted at: /mnt/backup

2. Install Restic

sudo apt-get install restic

You can also download the latest binary from the Github page, or even compile your own binary with Go.

After installing, check that it works with the command:
restic version

It will return something like this:
restic 0.12.1 compiled with go1.16.6 on linux/amd64

3. Setup the Repository
A repository (repo) can hold different backups (snapshots) from different users, or even different machines. They can all be backed up in the same repository as long as the user has the right password. In this example I’ve called the repository my-backups.

$ restic init --repo /mnt/backup/my-backups enter password for new repository: enter password again: created restic repository 085b3c76b9 at /mnt/backup/my-backups Please note that knowledge of your password is required to access the repository. Losing your password means that your data is irrecoverably lost.

NOTE: Make sure you save this password in a password manager. If you lose it, you lose access to all your backups.

More info about setting up repositories, if you want to make an offsite backup - look into using a REST-server.

4. Make a Backup
Now you will make a test backup of Yunohost Backups folder. You make regular backups using sudo yunohost backup right?

sudo restic backup /home/yunohost.backup/archives --verbose --tag yunohost

That’s it! If you run this command again, it will make another snapshot of those files, but it deduplicates the backup so only the files that have changed will be added to the repo.

5. Check your Backup
Make sure it all works!

$ sudo restic -r /mnt/backup/my-backups snapshots
enter password for repository: 
repository 9f935439 opened successfully, password is correct
ID        Time                 Host        Tags        Paths
c72d2899  2021-07-09 01:00:02  blah.com  yunohost        /home/yunohost.backup/archives
1 snapshot

6. Automate Your Backups
Since restic deduplicates backups it makes sense to make daily backups of your important data. If you automate your backups, you won’t forget to do it and you’ll have a backup when you really need it!

6.1 Setup Password File
Your server needs a password to your repo so it can automate your backups.

cd ~
nano .restic-backup
export RESTIC_REPOSITORY="/mnt/backup/my-backups"

6.2 Setup Script
It’s better to have a shell script holding all your backup tasks so they can run one after another because it’s hard to judge how long a backup will take.

nano restic-backups

Then paste the following:

source /home/admin/.restic-backup
restic backup /home/yunohost.backup/archives --tag yunohost
restic backup /home/admin/ --tag home
# any other backups you want

6.3 Setup a Cron Job

0 11 * * * root /home/admin/restic-backups

There you go, now you have a simple solution to make daily backups!
If you want to go further:

  • make a script to do ‘prune’ jobs (deleting old backups - i.e. snapshots)
  • get another computer, and setup an offsite backup using a REST-server (I am doing this and will make another tutorial in the future for it)

Thanks for reading! Any suggestions on how to improve this, please let me know. Any questions about running restic and Yunohost - ask away.

Put this on my blog for posterity.


Thanks for the tutorial :slightly_smiling_face:

One might wonder which tool is “the best one”. As far I know, both are more adapted to some use case. Here is some information about it:

1 Like

Like you said, it depends what tool is best for somebody and their use case but I think restic ticks lots of boxes:

  • space is so ‘cheap’, that compression doesn’t matter to most
  • the setup is so fast with restic, it’s better to have a backup, any backup, rather than no backup

I know I used borg for a few years but the setup was so onerous for me. I really disliked the user experience of it.

I don’t get this part, copying and pasting this command opens a blank nano…

ohhhhh now i see :smiley:

Thanks, I edited that block of code for more clarity.

Just a question: do you know about restic app for yunohost ?

We need a better doc for this app on : Restic | Yunohost Documentation

Thanks. I know of it, but I don’t need it. Also sftp is very slow compared to rest-server.

I am making offside restic backups using another computer running Debian 10. I’ve also installed wireguard, and rest-server on it. I have my yunohost backup to it every night over the wireguard connection using HTTP. I was going to make a quick tutorial on it at some later time.

Why use Rest Server?

Compared to the SFTP backend, the REST backend has better performance, especially so if you can skip additional crypto overhead by using plain HTTP transport (restic already properly encrypts all data it sends, so using HTTPS is mostly about authentication).

(from rest-server github page)

1 Like

So you are telling that I did a manual setup while it was already there?!

Thanks for the share!

1 Like

I’m still dazed and confused but trying to continue, however on which path should we create the file?

You can create it anywhere, as long as you remember where it is and call it later from that path in cron (step 6.3)

I created it in ~ (/home/admin directory). I actually made a ~/bin directory where I keep my scripts.

Yeah, I have undone the manual install and did the app version :wink: .

1 Like

Great thread! Thanks for the share!

1 Like

People reading this thread might be interested in my latest tutorial:

If you have an extra server somewhere, or are on good terms with a friend running a server :smiley: