Easy and Secure Backup with Restic

In a previous article, we saw that how to make a custom script for backing up files and automating the process using crontab. However, files were not encrypted and using home made scripts can be prone to error. In this article we will explore restic an easy solution for secure …


In a previous article, we saw that how to make a custom script for backing up files and automating the process using crontab. However, files were not encrypted and using home made scripts can be prone to error. In this article we will explore restic an easy solution for secure backups.

Restic the way to backup

As restic homepage indicates

Restic is a fast and secure backup program.

It encrypts each file and folder, and facilitates backing up multiple versions of files and folders, as well as reverting to any given version.

Installation

For Linux users, installation should be straightforward. The package is called 'restic.' For example, if you're using Arch, the installation command would be:

pacman -S restic

More installation options can be found on the official website.

How to perform a backup locally

First of all lets create the backup folder using the command:

$ restic init -r <path to backup folder>

Attention: set up a strong password

This should result in an output similar to:

$ restic init -r backup
enter password for new repository: 
enter password again: 
created restic repository 5719ab6046 at backup

Please note that knowledge of your password is required to access
the repository. Losing your password means that your data is
irrecoverably lost.

Now lets backup a folder:

$ restic backup -r <path to backup folder> <folder/file to backup>

This should provide an output like:

$ restic backup -r backup folder1
enter password for repository: 
repository 5719ab60 opened (version 2, compression level auto)
created new cache in /home/test/.cache/restic
found 1 old cache directories in /home/test/.cache/restic, run `restic cache --cleanup` to remove them
no parent snapshot found, will read all files

Files:           0 new,     0 changed,     0 unmodified
Dirs:            1 new,     0 changed,     0 unmodified
Added to the repository: 390 B (390 B stored)

processed 0 files, 0 B in 0:00
snapshot 7f7e93a5 saved

After modifying a file in our folder and executing the backup command again, we can view the different snapshots:

$ restic snapshots -r backup
enter password for repository: 
repository 5719ab60 opened (version 2, compression level auto)
found 1 old cache directories in /home/test/.cache/restic, run `restic cache --cleanup` to remove them
ID        Time                 Host        Tags        Paths
------------------------------------------------------------------------
7f7e93a5  2023-08-01 11:12:59  test                 /tmp/test/folder1
c54bf8a1  2023-08-01 11:18:31  test                 /tmp/test/folder1
9427fa27  2023-08-01 11:20:02  test                 /tmp/test/folder2
------------------------------------------------------------------------
2 snapshots

All previous snapshots (and their corresponding paths) are visible, retrievable, and can be restored.

To restore a snapshot:

restic restore -r <backup folder> --target <restore folder> <snapshot id>

Now you know how to perform a backup with restic and how to restore it.

How to backup on a remote server

This is quite easy, you first need a server with ssh and your public key saved in it.

A quick reminder how to do it here:

## on server
useradd -m -s /bin/bash <username> # create user
passwd <username> # set up pwd 
mkdir -p /path/to/backup # create backup directory
sudo chown -R <username>:<username> /path/to/backup # change ownership
## on local
ssh-keygen # generate ssh key
ssh-copy-id <username>@<server ip> # copy public key to remote server

You can configure ssh to automaticaly use the correct private key and then use restic with:

restic <restic cmd> -r sftp:<host>@<ip>:<backup folder>

Or you can use the command you want in a one line (without configuration file) with:

restic <restic cmd> -r sftp:<host>@<ip>:<backup folder> -o sftp.command="ssh -i <private key path> <host>@<ip> -s sftp"

You can also use crontab to automatize such tasks.

Cheatsheet

# create backup folder
restic init -r </path/to/backup/folder>

# backup folder
restic backup -r </path/to/backup/folder> </folder/to/backup>

# list snapshots
restic snapshots -r </path/to/backup/folder>

# compare snapshots
restic -r /srv/restic-repo diff 5845b002 2ab627a6

# restore folder
restic restore -r </path/to/backup/folder> --target </path/to/restore/folder> <snapshot id>

# restore specific file
restic restore -r </path/to/backup/folder> --target </path/to/restore/folder> <snapshot id> --include <file>

# mount folder
restic -r </path/to/backup/folder> mount </path/to/mount>

# dry run
restic -r </path/to/backup/folder> backup </path/to/restore> --dry-run

# exclude files
restic -r </path/to/backup/folder> backup </path/to/restore/folder> --exclude="*.c" --exclude-file=excludes.txt
restic -r </path/to/backup/folder> backup </path/to/restore/folder> --exclude-larger-than 1M

# add backup tags 
restic -r /srv/restic-repo backup --tag projectX --tag foo --tag bar ~/work

Conclusion

Backing up important data is important to avoid any future problem. There are tools to do it easily. So just do it! Use restic and backup your data easily and securely. Thank you for reading this article. Hope to see you soon.

Sinople.

Some Links