Off-site Backup Solution

Quite a while ago I set up a backup solution that works for me but isn’t ideal. I have an external hard drive that I plug into my workstation, run my usual backup command using restic, and disconnect it again.
This works, but it’s not handy. Getting the drive, connecting it, running the command, waiting for it to finish, ejecting the drive, and unplugging it is tedious and so I only do this about once a month.

Add to this that the backup lives essentially right next to the workstation, so it only protects me from malware or oopsies on my end. If my workstation ends up in flames, the house collapses, a thief breaks in, or similar, the backup is of no use.
As a “soft backup”, a lot of my important files are on my Nextcloud instance. I call it a “soft backup” because this is live data, not a backup, but it can act as one; although this is not recommended.

A few days ago, I set up a backup solution that uses off-site storage to store my backups. Precisely, it’s the Storage Box BX11 from Hetzner, which gives me 1TB of storage for a little less than 4€ a month. Crucially, it supports SFTP, a protocol that restic can use as a backend to interact with a repository.
After a long first backup I now feel like my data is safe. It’s not perfect, but it’s good enough.

What I still have to figure out, though, is how I guarantee that a backup is made daily, because that is what I want. I can’t just create a cronjob for 3am because I shut my workstation down if I don’t use it to not waste any power. But I also don’t use my workstation at the same time each day, so I really can’t ensure that a backup is run daily with cron.
Alternatively, as I am using Arch Linux which comes with systemd, I could set up a systemd service that fires when my workstation boots, but since I don’t want to use systemd and it could be that I start the system more than once a day, this doesn’t seem like a good option.

Again, I still have to figure out how to automatically run the backup, but for now, just running my script is fine:

#!/bin/sh -eu

exec >> /var/log/backup/remote.log 2>&1
date

# backup home directory to external server using restic.
# steps:
#   1. backup
#   2. keep last x snapshots

. "${XDG_CONFIG_HOME:-${HOME}/.config}/backup/remote/config.rc"

backup() {
	printf "Backing up ${BACKUP_DIRECTORY} to remote ${REMOTE_HOSTNAME}\n"

	restic "${RESTIC_OPTIONS}" \
		backup \
		--exclude-file "${EXCLUDE_FILE_PATH}" \
		--files-from "${FILES_FROM_PATH}" \
		"${BACKUP_DIRECTORY}"
}

forget() {
	printf "Running forget, keeping last ${REMOTE_FORGET_KEEP} snapshots\n"

	restic "${RESTIC_OPTIONS}" \
		forget \
		--keep-last="${REMOTE_FORGET_KEEP}"
}

backup
forget

My configuration file looks like this:

REMOTE_PROTOCOL="sftp"
REMOTE_USERNAME="user"
REMOTE_HOSTNAME="backup.example.org"
REMOTE_URL="${REMOTE_PROTOCOL}:${REMOTE_USERNAME}@${REMOTE_HOSTNAME}"
REMOTE_REPOSITORY_PATH="./workstation/backup"
REMOTE_FORGET_KEEP="30"

CONFIG_HOME="${XDG_CONFIG_HOME:-${HOME}/.config}"
CONFIG_PATH="${CONFIG_HOME}/backup/remote"

REPOSITORY_PASSWORD="supersecretpassword"
EXCLUDE_FILE_PATH="${CONFIG_PATH}/excludes.txt"
FILES_FROM_PATH="${CONFIG_PATH}/files_from.txt"
BACKUP_DIRECTORY="${HOME}"

RESTIC_OPTIONS="--quiet"

export RESTIC_REPOSITORY="${REMOTE_URL}:${REMOTE_REPOSITORY_PATH}"
export RESTIC_PASSWORD="${REPOSITORY_PASSWORD}"

Feel free to use both if you have any use for them.

Update 2023-02-06

I have now successfully set up daily automatic backups with anacron(8), which works like cron(8) but doesn’t assume that the machine it is running on is running continuously.
Thanks to rkta for mentioning this!

Do you have a comment on one of my posts? Feel free to send me an E-Mail: witcher@wiredspace.de
To participate in a public discussion, use my public inbox: ~witcher/public-inbox@lists.sr.ht
Please review the mail etiquette.

Posted on: February 05, 2023

Articles from blogs I read

Understanding the XDG access portal

The upcoming version of Firefox 116 will use Pipewire for camera access. This sparked my curiosity and I wanted to know if my setup would work for this. In recent times, Firefox has been moving rather quickly, adding dependency on these Flatpak portals (e…

via Hugo Barrera's site June 20, 2023

Reforming the free software message

Several weeks ago, I wrote The Free Software Foundation is dying, wherein I enumerated a number of problems with the Free Software Foundation. Some of my criticisms focused on the message: fsf.org and gnu.org together suffer from no small degree of incompreh…

via Drew DeVault's blog June 19, 2023

Status update, June 2023

Howdy! This monthly status came a bit late, but nevertheless, here it is. Husky-related news, the implementation for UnifiedPush support is going well. Husky is able now to get notifications not polling each N minutes but using a UnifiedPush provider from now…

via captainepoch's log June 15, 2023

Generated by openring