Home backups using Restic

April 19, 2020 · infra

I recently undertook a project at $work where I attempted to improve a rudimentary backup system used across the org. Few souls carry enough courage to volunteer transforming an org-wide backup system, and I’m not one of those folks. But I did have a little fire under my feet to spring me into action. You see, the old system was a very simple one: it archived up whatever directories you pointed it to, and copied the archive to the cloud. While it worked incredibly well, it had one drawback that was beginning to bite us: it was not incremental, and hence, its impact on the system grew with the size of the directories being backed up. Your’s truly happened to have one of those directories.

So, I set out to see what I would do about this predicament. I surveyed the internet for the latest and greatest tools in the space, and happened upon quite a few. However one gem won the gladiator match of performance and usability. You guessed it: Restic. Within no time at all, I was able to implement a backup solution for an org with Restic, which I think is testament to its ease of use. So impressed I was with this tool, I decided to use it at home.

Now, I never really personally put much stock in backing up personal data. Sure, I’d recommend it as a no-brainer if anyone asked me for themselves, but I never saw it as something important enough to invest the effort into implementing, personally. And, frankly, I still do not. The reason being that most of my data is already synced to various clouds: OneDrive, AWS S3, and Keybase. And I blindly trust these clouds to give me back at least some of my data after an apocalypse. Additionally, I really do not have that much critical data in the first place. If all my data vanished, maybe I pity myself for a few days, but its not the end of the world. Is that too dark?

Anyways, enough excuses. There is no reason to end up in that situation anymore. Here’s how I ended up safeguarding my bits of data without any effort at all.

Even though the way I sought to implement backups was going to be eezy peezy, it was important to put a bit of thought into it. It was important to know what bits of data I had, and what I wanted to backup. I had a head-start.

A long time ago I learned that its best to keep as much configuration described as code as possible when it comes to computers. Because of this, I ended up with a huge repository of code describing everything from the infrastructure for this website, to how to set up my laptop from scratch. It paid off. Since my configurations were all in one place, I could safely ignore that entire category and simply backup that repository.

The only other data I had on my computers, then, resided in folders in my home directory – my Documents, Pictures, etc. After a brief survey of my home directories on my computers, I put together this list:

• Desktop
• Documents
• Pictures
• Downloads
• Music
• Projects

Great! This is all the info I need to get the job done:

1. First, I installed the latest restic binary from Github.
2. Next, I added two files to my home directory:
   1. .restic-password which contains a strong password that encrypts my backups, and
   2. .restic-backups which contains the above list of directories I want backups of.
3. Lastly, I created a nighly crontab to run the backup and cleanup commands, which looked like:

    # crontab -e
    0 3 * * * .local/bin/restic -v -p .restic-password -r /keybase/private/wilrnh/backups backup --files-from .restic-backups 2>&1 | logger -t restic
    0 5 * * * .local/bin/restic -v -p .restic-password -r /keybase/private/wilrnh/backups forget --prune --keep-daily 14 --keep-weekly 5 --keep-monthly 12 --keep-yearly 75 2>&1 | logger -t restic
   
   

OK, what is going on here?

First, I should mention that my important computers run Ubuntu and OSX; no Windows, say for an old Surface tablet. Both restic and crontab works on both these systems.

Second, as is obvious from the crontab, I’m using Keybase as my backup store. I have Keybase installed and running on my computers, which exposes a directory /keybase/private/wilrnh that I can use like any other directory to store files on. I actually advise against using Keybase for restic backups since it a bit of CPU to encrypt and upload all the bits restic gives it, at least for me. I think Restic’s built-in encryption is sufficient for most people. A better choice would be something like AWS S3 or Google Cloud.

Which leads to me the third important note: I’m actually throttling both Keybase and Restic in the background with a great tool called Ananicy. (I’m going to PR my rules after I finish this post.) I mainly do this throttling because I have a few more tasks of higher priority scheduled at the same time, and want them to complete as soon as possible. Also, it would suck if I woke up at 3am and needed to use my computer for some emergency only to have to fight off ambitious crons.

With that out of the way, here’s whats happening in the crontab:

• I have two tasks scheduled: one for running the backup, and the other for running the cleanup. Each task sends all its output to logger which makes it available in my system log in case I need to investigate some issue. Each task runs restic which I have installed at $HOME/.local/bin/restic on all my computers.
• The backup task runs at 3am every morning, and simply does a backup of the directories listed in my $HOME/.restic-backups file.
• The cleanup task runs at 5am every morning, by which time the backup task should be done. It simply tells restic to delete old backups. In my case, I’m telling it to keep 14 of the most recent daily backups, 4 of the most recent end-of-week backups, 12 of the most recent end-of-month backups, and 75 of the most recent end-of-year backups. I think this is a great policy to start with.

And that’s it! It turns out I just needed to schedule a couple commands and my data is now safely stored somewhere out there, encrypted, waiting for future me after I survive an apocalypse and want to pick up where I left some old project off.