Passer au contenu principal

Backups

How

Autorestic

We chose autorestic over other backup tools (borg, restic, manual scripts) for its expressiveness.

It works with a yaml configuration file located in /etc/autorestic/, along with an environment file that stores repositories keys). That way sensitive information is kept separate from the configuration file, that can have broad access rights and be versioned.

Periodically, a cron job will parse the config and makes a backup if necessary. Commands are ran as root.

To setup backups:

mkdir -p /mnt/ssd/backup-working/db-dumps /mnt/ssd/backup-working/gitea
chmod 750 /mnt/ssd/backup-working /mnt/ssd/backup-working/db-dumps /mnt/ssd/backup-working/gitea
chown root:backup /mnt/ssd/backup-working
chown gitea:gitea /mnt/ssd/backup-working/gitea
chown root:backup /mnt/ssd/backup-working/db-dumps

sudo crontab -e
# and input
#PATH="/usr/local/bin:/usr/bin:/bin"
#00 * * * * /etc/autorestic/runcron
#30 3 1 * * /etc/autorestic/runforget

Be careful when first initializing a backend, autorestic will modify the config, removing comments and order. New keys and passwords will be added to the configuration so remember to put them in /etc/autorestic/.autorestic.env by referring to the docs.

Where

Local

For everyday backup and to protect against human mistakes, a local backup can be used. For this, follow this tutorial.

SFTP

For more important backups and to protect against hardware failure, without worrying too much about space or bandwidth, a distant backup is great. Restic and autorestic support sftp transfers out of the box. For this:

  • On the remote, create the user that will be connected to (e.g: autorestic-sagou.in)
  • On the remote, create the folder that will be used as storage (e.g: /var/backup-sagou.in)
  • Set-up password-less login for that user
  • Optionally, add an entry to the .ssh config if the ssh port is not 22
  • Follow this tutorial

Scaleway's Object Storage

Finally, for long term and rarer backups, object storage (or S3) is used. Here, the chosen provider is Scaleway but AWS or OVH could have been alternatives. In addition, Scaleway provides a really cheap Glacier tier meant for long-term and slow-changing data.

Because the S3 interface of restic is not fully compatible with scaleway, we use rclone:

  • Configure rclone following this tutorial
  • Create a bucket in scaleway interface (e.g: autorestic-sagou.in)
  • Configure the bucket to store away in the cold storage after n days (e.g: create a rule "Put-2-Glacier" with prefix "data/" and moving to glacier after 7 days)

What

Gitea

Gitea provides a tool for export/import that is run as a pre-hook when backuping gitea:

sudo -u gitea /opt/gitea/gitea dump
Retour en haut