Daily Automated Backups using Restic

arkadi · August 11, 2021, 3:13am

Restic is a newer backup solution, but far easier to setup than Borg imho. This tutorial is to show you how easy it is to setup, and run daily on Yunohost.

I love Yunohost and wish to give a little back to this community with this walk-through that I hope will help some people.

What is restic?

https://restic.readthedocs.io/en/stable/

1. Setup Your Backup Location

Prepare a your backup location (another computer on the LAN, or a USB hard drive, or an internal hard drive)

NOTE: This sort of backup doesn’t protect you against theft, fire, or flood. You should have an offsite backup as well as this local one.

In this example, I am using an internal hard drive that is mounted at: /mnt/backup

2. Install Restic

sudo apt-get install restic

You can also download the latest binary from the Github page, or even compile your own binary with Go.

After installing, check that it works with the command:
restic version

It will return something like this:
restic 0.12.1 compiled with go1.16.6 on linux/amd64

3. Setup the Repository
A repository (repo) can hold different backups (snapshots) from different users, or even different machines. They can all be backed up in the same repository as long as the user has the right password. In this example I’ve called the repository my-backups.

$ restic init --repo /mnt/backup/my-backups enter password for new repository: enter password again: created restic repository 085b3c76b9 at /mnt/backup/my-backups Please note that knowledge of your password is required to access the repository. Losing your password means that your data is irrecoverably lost.

NOTE: Make sure you save this password in a password manager. If you lose it, you lose access to all your backups.

More info about setting up repositories, if you want to make an offsite backup - look into using a REST-server.

4. Make a Backup
Now you will make a test backup of Yunohost Backups folder. You make regular backups using sudo yunohost backup right?

sudo restic backup /home/yunohost.backup/archives --verbose --tag yunohost

That’s it! If you run this command again, it will make another snapshot of those files, but it deduplicates the backup so only the files that have changed will be added to the repo.

5. Check your Backup
Make sure it all works!

$ sudo restic -r /mnt/backup/my-backups snapshots
enter password for repository: 
repository 9f935439 opened successfully, password is correct
ID        Time                 Host        Tags        Paths
----------------------------------------------------------------------------------------------------
c72d2899  2021-07-09 01:00:02  blah.com  yunohost        /home/yunohost.backup/archives
----------------------------------------------------------------------------------------------------
1 snapshot

6. Automate Your Backups
Since restic deduplicates backups it makes sense to make daily backups of your important data. If you automate your backups, you won’t forget to do it and you’ll have a backup when you really need it!

6.1 Setup Password File
Your server needs a password to your repo so it can automate your backups.

cd ~
nano .restic-backup
export RESTIC_REPOSITORY="/mnt/backup/my-backups"
export RESTIC_PASSWORD="YOURPASSWORDHERE"

6.2 Setup Script
It’s better to have a shell script holding all your backup tasks so they can run one after another because it’s hard to judge how long a backup will take.

nano restic-backups

Then paste the following:

#!/bin/bash
source /home/admin/.restic-backup
restic backup /home/yunohost.backup/archives --tag yunohost
restic backup /home/admin/ --tag home
# any other backups you want

6.3 Setup a Cron Job

0 11 * * * root /home/admin/restic-backups

There you go, now you have a simple solution to make daily backups!
If you want to go further:

make a script to do ‘prune’ jobs (deleting old backups - i.e. snapshots)
get another computer, and setup an offsite backup using a REST-server (I am doing this and will make another tutorial in the future for it)

Thanks for reading! Any suggestions on how to improve this, please let me know. Any questions about running restic and Yunohost - ask away.

Put this on my blog for posterity.

Lapineige · August 11, 2021, 7:23am

Thanks for the tutorial

One might wonder which tool is “the best one”. As far I know, both are more adapted to some use case. Here is some information about it:

Restic seems faster to operate (it’s multi-threaded), it supports more backends (not only ssh), and is able to run cross-servers deduplications (I guess that’s not important here as most of us don’t have dozens of servers ^^).
Borg is more space efficient (thanks to compression, Restic doesn’t have it yet Implement Compression · Issue #21 · restic/restic · GitHub), and older so the ecosystem around it is probably richer.
For the record, here is a (relatively recent) blog article comparing Borg and Restic pros/cons: https://it-notes.dragas.net/2020/06/30/searching-for-a-perfect-backup-solution-borg-and-restic/

arkadi · August 11, 2021, 7:33am

Like you said, it depends what tool is best for somebody and their use case but I think restic ticks lots of boxes:

space is so ‘cheap’, that compression doesn’t matter to most
the setup is so fast with restic, it’s better to have a backup, any backup, rather than no backup

I know I used borg for a few years but the setup was so onerous for me. I really disliked the user experience of it.

someonesusername · September 13, 2021, 12:04am

I don’t get this part, copying and pasting this command opens a blank nano…

ohhhhh now i see

arkadi · September 13, 2021, 1:12am

Thanks, I edited that block of code for more clarity.

ljf · September 13, 2021, 1:16am

Just a question: do you know about restic app for yunohost ?

We need a better doc for this app on : Restic | Yunohost Documentation

arkadi · September 13, 2021, 1:22am

Thanks. I know of it, but I don’t need it. Also sftp is very slow compared to rest-server.

I am making offside restic backups using another computer running Debian 10. I’ve also installed wireguard, and rest-server on it. I have my yunohost backup to it every night over the wireguard connection using HTTP. I was going to make a quick tutorial on it at some later time.

Why use Rest Server?

Compared to the SFTP backend, the REST backend has better performance, especially so if you can skip additional crypto overhead by using plain HTTP transport (restic already properly encrypts all data it sends, so using HTTPS is mostly about authentication).

(from rest-server github page)

someonesusername · September 13, 2021, 10:04am

So you are telling that I did a manual setup while it was already there?!

Irene.lewis94 · September 16, 2021, 5:30pm

Thanks for the share!

someonesusername · September 17, 2021, 4:07pm

I’m still dazed and confused but trying to continue, however on which path should we create the file?

arkadi · September 18, 2021, 11:56pm

You can create it anywhere, as long as you remember where it is and call it later from that path in cron (step 6.3)

I created it in ~ (/home/admin directory). I actually made a ~/bin directory where I keep my scripts.

someonesusername · September 19, 2021, 1:38pm

Yeah, I have undone the manual install and did the app version .

Irene.lewis94 · September 22, 2021, 6:19pm

Great thread! Thanks for the share!

arkadi · February 20, 2022, 9:50am

People reading this thread might be interested in my latest tutorial:

If you have an extra server somewhere, or are on good terms with a friend running a server

Bauerbyter · December 22, 2022, 12:08pm

@arkadi Thanks for this Tutorial, installation was pretty easy with that. But one question about WHAT to backup.
Should we backup the “yunohost backup” snapshots or everything in “/var/www”
I dont have enough diskspace ony my yunohost server for mulitple yunohost backups, so I would create one every day, send it via restic to the repo (another server), prune everything older than 7 days and delete the local yunohost backup. But with that every day I have a complete snapshot of my system, not only the changes, right?
If I would backup /var/www I would have only the changes.
Am i wrong?

Thanks in advance

lydra · December 22, 2022, 12:27pm

Hello,
Here is our little experience managing YunoHost instances for several customers now.
We have developed an Ansible collection to easily automate backup configuration for YunoHost (available here if you need).
Anyway, for each instance we have three daily backups:

One backup of YunoHost using a script that basically does yunohost backup. The archive is locally stored and the script removes all backups before the 3 last days so it’s not too much data.
One backup of the local archive on a remote Borg Backup server.
One backup of the local archive on a remote Restic bucket. In this case, some cloud providers give some free Go of S3 buckets. You can play with the retention policy of your Restic configuration to have “free backup storage”.

arkadi · December 22, 2022, 12:31pm

What to backup is up to you.

For myself, if I encounter a major system error, I will just reinstall. My data and bash scripts are the most important things for me. I don’t even use the yunohost backup stuff because I don’t really understand what it is doing or backing up.

drh · January 3, 2023, 6:26am

For those wanting to use restic with Backblaze B2 storage I had luck with this tutorial.

Luncheon3462 · October 7, 2023, 5:08pm

I also don’t know what to backup and would be grateful if someone could explain what is in Yunohost.backup and what is not in that folder? My biggest concern is nextcloud and Wordpress and all the photos, videos and documents used in each.

Thank you