My YunoHost server
Hardware: VPS bought online / Old laptop or computer / Raspberry Pi at home / Internet Cube with VPN / Other ARM board / …
YunoHost version: Latest
I have access to my server : Through SSH | through the webadmin | direct access via keyboard / screen | …
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no / yes
If yes, please explain:
Description of my issue
For its worth, I’d like to share my views and experience of Restic. I’m by no means an expert, I self-host everything on Yunohost, which in my view is fantastic. It’s great for those of us that do not script write and are big IT experts, “point and shoot” and it works. Yunohost does everything I need it to do. Very happy, so much so I have made contributions! Please do the same, it’s worth every penny!
Anyway despite the wonder of Yunohost, the bit missing for me is a good backup. I’m ready for the shouting but remember I’m just a user getting by here! The backup that comes with YNH is very good, I have used it once in anger and it did the job. What I’m looking for is a good “set it and leave it” backup. I don’t like tinkering and configuring too much, it always goes wrong when I do that.
So I tried installing the Borg YNH app because everyone said it was the one to have. It didn’t work, didn’t understand it despite the tutorials, etc, it was just too complicated for my small brain. As the app didn’t work I tried installing Borg using the CLI, that was an even more complicated arrangement.
Next, I tried the Restic app, again, “it’s the best thing ever” The same thing didn’t work so I tried the CLI route and that worked perfectly!!! Admittedly I needed help from the forum of course but, with that and the rest of the internet, I got Restic working using the CLI which has been a good experience as I have learned a lot about Restic and the commands, etc. I’m still learning of course but I’d like to share, if I may, what I did to get it working. Some of the experts might groan 
but that’s ok, we need experts, it’s the experts that gave us YNH so thanks to you all. If you see something wrong or you see a better way then please do say. But make it simple, please. ABC.
Anyway here goes. I wanted to back up to an external USB drive that was connected locally to a USB socket on my server, not on a LAN or to another remote server but to a dirty, basic, simple USB socket. This process does not need any of the YNH apps, which is a shame. 
-
login as admin using ssh then superuser.
-
Connect, set up automount, and format your USB drive, give the drive a name, in my case I called it ‘storage’ Lots of places on the internet show how to do this. Lots! (if you like I’ll do a step-by-step for this) navigate to your drive using the CLI, so mine is
/media/storagecreate a new directory inside storage,mkdir resticbackupThe storage directory was created when I formatted the USB drive at the beginning. That was the name I gave it at the format stage. -
Open terminal or whatever you use to ssh into YNH, log in as su (using your login details, type
suyou’ll be asked for the password again. -
Type:
apt-get install resticThis will install the latest version of Restic. Once it’s finished you’ll be returned to the prompt. -
Type:
restic versionthis will show that Restic is installed by confirming the version number that has been installed, you are then returned to the prompt.
The location that you are backing up to has to be initialised for Restic to use it, so in my case, my location is /media/storage/resticbackup
- Type:
restic init --repo /media/storage/resticbackup
This will initialise the location as a Restic repository by asking you for a password, you will be asked to confirm this password and told not to lose it, if you do you’ve basically had it!!! Once complete you will return to the prompt
Now let’s test to see if it works. Restic backup works with the destination location or repository first followed by the source or the directory you want to back up, so…
- Type:
restic -r /media/storage/resticbackup backup /var/www/wordpress --tag Restic_test
What’s going on here? So all Restic commands start with ‘restic’ followed by the destination or the location of the repo, in this case, it’s media/storage/resticbackup. The command “backup” is followed by the source files that you wish to back up. For this test it can be anything, I chose a wordpress instance for this test. You can backup any directory but for testing try and avoid system directories for now. —tag allows you to just tag the backup, useful if you have a lot of repositories with lots of directories. There are a lot of flags that can be added but we’ll forget those just for now.
Click return once you have put this command in. You will be asked for the password and then Restic will do its thing. It will show you the amount of data to be backed up and the ETA in minutes and seconds. Once it finishes you are returned to the prompt. That was easy?
We can now have a look and check if the snapshot happened.
Type: restic -r /media/storage/resticbackup snapshots
Again you will be asked for the password. NOTE: Keep the password in your clipboard, you will need it for anything in Restic.
You will see a nicely formatted table, showing a snapshot ID, Hostname, tags, and the path that was backed up.
If you see that you have succeeded in using Restic to back up a directory from your server. What we want to do now is to have that automated. I used CRON which is considered ‘old school’, so I’m old school. You can use Systemd.
using terminal (or other) go to /opt. Create a new folder in /opt called /backup (mkdir backup) you should now go into /opt/backup and…
Type: nano .secret (You can do this anywhere just make sure you include the path which will be /opt/backup/.secret)
The nano editor will pop up. Just put in here your Restic repository password, the one that you have to keep putting in every time you issue a Restic command!
Now set the permissions for that .secret file.
Type: chmod 600 /opt/backup/.secret
All good. Next, we need to set up the Cronjob so…
Type: crontab -u root -e
You will get a prompt, if you have never used CRON, asking you to choose the editor for editing cron. I chose nano, option 1. This will open a tmp file for you to edit. There is nothing in this file just instructions about how to use Cron so you will notice that every line has a hash, this is a commented line so there is no action.
Right at the bottom, I typed in the jobs that need doing with the time. So at the bottom, I put…
0 1 * * * restic --password-file /opt/backup/.secret -r /media/storage/resticbackup backup /var/www/ --tag Restic_test
This tells cron to run the Restic backup at 1 am, where to obtain the password from, where the repository is, and what to backup into that repository. Notice that this time I have asked for all the www directories to be backed up.
0 2 * * * restic --password-file /opt/backup/.secret -r /media/storage/resticbackup forget --keep-last 2 --prune
This tells cron to run Restic to ‘prune’ or delete any other backups other than the last 2 days at 2 am.
Save this (CTRL X/Yes)
So I waited for 12 hours, yes I could have changed the time in the script to an earlier time, say half an hour after saving the file, but I like a surprise! You can also put this .secret file where ever you want in the root.
The next morning I checked and sure enough, I got an email addressed to root@maydomain confirming that the backup had happened. The subject line was bit long-winded, Cron root@myhostname restic --password-file /opt/backup/.secret -r /media/storage/resticbackup backup /var/www/ --verbose --tag Restic_test
I checked using restic -r /media/storage/resticbackup snapshots and sure enough my snapshot was there recorded at 1 am.
You can look inside the snapshot with… Look at the snapshot ID
Type: - restic -r /media/storage/resticbackup ls repo_ID_here
Finally
It’s obviously a good idea to try and recover a file or folder, so I saved and deleted the www folder, and did a restore to the original location. Whew! that also worked.
There is a lot you can do with Restic but this was just to show how I got mine installed, checked, do a backup, automate it then restore it.
Thanks to @arkadi for his help and advice. Excellent. Also this site Adam the automator was very useful. It is mainly for remote backups so just ignore the ssh bit and delete anything with
(mailto:sftp:johndoe@172.16.1.150)
There are lots of examples of the commands used in Restic.
If there is anything I have missed or got wrong and shouldn’t be doing because of security then shout out, also if there is an easier way please say. All of the above worked for me.
What I’d like to do is find a way of backing up ALL of the server. do I just make the source ‘/’ ?
I do like the idea of just backing up the yunohost.archives folder. I have unattended_backup installed which means stuff gets backed up into this directory when there is a change, then use Restic to backup the yunohost.archive. This was from @arkadi, Like it.
I don’t know if this is help or harm, it is long-winded I know, but despite all the great help here, it was either disjointed or you had to have some other knowledge about something else to get anywhere and that is not a criticism. I’m just dense!!! So here is my step by step.
All the best
dj