Restic

From Leo's Notes
Last edited on 21 November 2022, at 18:12.

Restic is an open source backup program written in Golang and can run on Linux, Windows, and Mac.

Download: https://github.com/restic/restic/releases/latest

Cheat sheet[edit | edit source]

Description Command
Initialize a new repository restic init
Backup files restic backup /path/to/files
Backup files using a file list restic backup --files-from=$filelist
Backup files with a specific tag restic backup --tag $tag /path/to/files
Show available snapshots and their snapshot IDs restic snapshots
Restore a snapshot to the given destination restic restore $snapshotid -t $destination
Restore a specific file from a specific snapshot restic restore $snapshotid -t $destination -i $path_to_file
Mount a snapshot (to explore/restore) restic mount $mountpoint
Delete all snapshots and prune backend storage restic forget --prune
Delete all snapshots except a specific tag restic forget --keep-tag=$tag

To automate restic, you may want to pass in the repository password in the RESTIC_PASSWORD environment variable.

Setup[edit | edit source]

Automate backups with cron[edit | edit source]

Add a cronjob:

# crontab -e
## Add:
## */15 * * * * . ~/.restic.env ; /usr/local/bin/restic backup --files-from=/root/restic.files --tag automated 2>> ~/restic.err >> ~/restic.log

S3 compatible backend[edit | edit source]

A S3 backed repository can be created by defining the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables and then initializing a new repository using a s3 endpoint.

  1. Set up the two environment variables.
export AWS_ACCESS_KEY_ID="***"
export AWS_SECRET_ACCESS_KEY="***"

On Oracle Cloud Infrastructure (OCI), you need to generate the AWS access key id and secret under Identity & Security -> Users -> your account -> Customer Secret Keys. The S3 repository on OCI follows this format: https://<namespace>.compat.objectstorage.<region>.oraclecloud.com, where <namespace> is given under your bucket information and region is found in your dashboard's URL. On AWS, you will need to set up a new user under IAM with a 'programmatic access' access type. You will then have to allow this account access (DeleteObject, GetObject, PutObject, ListBucket, GetBucketLocation) to this S3 resource. Once the account is created, you should be able to see its Access key ID and Secret access key.

  1. Initialize the repository to use your S3 bucket.
# export RESTIC_REPOSITORY="s3:https://s3-server/bucket-name"
# restic init

## Or, without defining RESTIC_REPOSITORY, specify the repository with -r
# restic -r s3:https://s3-server/bucket-name init
  1. Provider a password to your new repository

AWS storage tiers[edit | edit source]

Restic backups to Amazon S3 will use the STANDARD storage class and supports some of the other instant retrieval storage classes. Restic does not officially support the slower retrieval storage classes including S3 Glacier Deep Archive since the program expects quick retrieval times to function. It also may incur additional early deletion fees when it tries to prune data blobs because it likely will need to rewrite (ie. delete and re-upload) data.

Restic only supports the following storage classes:

  1. STANDARD,
  2. STANDARD_IA, Standard-Infrequent Access. Minimum 30 day storage duration.
  3. ONEZONE_IA, One Zone-Infrequent Access. Costs 20% less than S3 Standard-IA. Stores data in only one availability zone vs. the standard minimum of three. Minimum 30 day storage duration.
  4. INTELLIGENT_TIERING, Intelligent-Tiering. Costs $2.5 per 1,000,000 objects per month. Infrequently accessed data (older than 180 days / 6 months) gets stored on the infrequent access tier at a reduced price ($0.0125 vs the standard $0.023 per GB/mo).
  5. REDUCED_REDUNDANCY

See: https://aws.amazon.com/s3/storage-classes/