Title here
Summary here
Restic
Backup to S3 using systemd-timer
Prepare restic:
# create config folder
> umask 022
> mkdir /etc/restic> vi /etc/restic/s3.env
RESTIC_PASSWORD='<repo_password>'
RESTIC_REPOSITORY="s3:https://s3.example.com/restic-backup-bucket"
AWS_ACCESS_KEY_ID="<access_id>"
AWS_SECRET_ACCESS_KEY="<access_key>"
RETENTION_DAYS=7
RETENTION_WEEKS=4
RETENTION_MONTHS=6
RETENTION_YEARS=3
DG_CACHE_HOME=/mnt/datastore
HOME=/mnt/datastore/files> vi /etc/restic/s3.files
# include paths to backup
/mnt/datastore/files
/var/opt
/etc> vi /etc/restic/s3.exclude
# exclude paths from backup
/mnt/datastore/files/foo
/mnt/datastore/files/bar> vi /usr/local/bin//restic_d.sh
#!/bin/bash
source /etc/restic/s3.env
export $(cut -d= -f1 /etc/restic/s3.env)
exec restic "$@"> chown -R root:root /etc/restic
> chmod -R 0600 /etc/restic
> chmod 0700 /usr/local/bin/restic_d.shBackup files:
# initialize backup repository
> /usr/local/bin/restic_d.sh init
# backup files
> /usr/local/bin/restic_d.sh backupCreate unit files:
[Unit]
Description=Restic backup on %I
After=network-online.target
[Service]
Type=oneshot
ExecStart=/usr/bin/restic backup \
--files-from /etc/restic/%I.files \
--exclude-file /etc/restic/%I.exclude \
--exclude-caches \
--tag systemd.timer
ExecStartPost=restic forget \
--verbose \
--tag systemd.timer \
--group-by "paths,tags" \
--keep-daily $RETENTION_DAYS \
--keep-weekly $RETENTION_WEEKS \
--keep-monthly $RETENTION_MONTHS \
--keep-yearly $RETENTION_YEARS
EnvironmentFile=/etc/restic/%I.env
AmbientCapabilities=CAP_DAC_READ_SEARCH
WorkingDirectory=/mnt/datastore
[Install]
WantedBy=multi-user.target ssh-agent.service[Unit]
Description=Run Restic every hour
[Timer]
OnCalendar=*-*-* *:35:00
[Install]
WantedBy=timers.target# enable timer
> systemctl enable restic@s3.timer
# test backup via systemd
> systemctl start restic@s3.service