restic: what is it?
For those who still don’t know it, restic is a powerful open-source resource for making backups.
As it says on the official website:
Restic is a modern backup program that can back up your files:
- from Linux, BSD, Mac and Windows
- to many different storage types, including self-hosted and online services
- easily, being a single executable that you can run without a server or complex setup
- effectively, only transferring the parts that actually changed in the files you back up
- securely, by careful use of cryptography in every part of the process
- verifiably, enabling you to make sure that your files can be restored when needed
- freely - restic is entirely free to use and completely open source
The aforementioned description of restic—maybe briefly—illustrates all the software’s strengths.
Indeed:
- it is multi-platform (Linux, BSD, Mac and Windows);
- it allows backup on local media or in the cloud;
- it is simple to use;
- it works incrementally, saving only files that have been changed;
- it is secure due to the use of encryption at all stages of backup;
- you can easily and securely restore files and folders;
- it is open-source, so it is possible to examine the code.
We will not dwell on the description of restic as there is ample descriptive and operational documentation on the reference site.
Our experience on Mac
We tried restic on Mac M1 with macOS Sonoma (14.4.1), installing it via Homebrew with the command:
brew install restic
Following installation, we tried a successful backup on AWS S3, following the guide.
There was some disappointment at an early stage, basically because the attempt to back up the entire hard disk of the Macbook Pro had failed by presenting errors.
However, the handy comparison with other users on the Forum served, on the one hand, to make it clear that restic was probably not designed and developed to clone an entire hard disk and, on the other hand, to carry out further tests that led us to re-evaluate it on account of the excellent results obtained.
Everything worked very well, relatively quickly, and to our enormous satisfaction.
The flexibility of restic is both in the commands and the many variables you can use.
autorestic
What restic lacks is the scheduling of backups, so - after some research - we chose autorestic.
We chose autorestic, but resticprofile is also worth mentioning, although the project seems stuck in 2020 with the latest release.
Autorestic on the Mac can be installed conveniently with Homebrew and precisely:
brew install autorestic
As you can read, the documentation does not appear to be complete.
autorestic: the configuration
Autorestic requires the creation of its configuration file, which must be placed in .config/autorestic/.autorestic.yml, as indicated in the documentation.
However, it is also possible to place the configuration file in:
./.autorestic.yml.~/.autorestic.yml.~/.config/autorestic/.autorestic.yml.
We have chosen to place the file in .config/autorestic/.autorestic.yml.
Due to its setup, you must complete the file with the necessary parameters.
We used the healthchecks.io service for hooks and wanted to create a strong password we saved in a file we called restic.txt with the command
openssl rand -base64 2048 > restic.txt
However, you can generate the password with any other software, and you can choose not to save it in a file but to put it in the configuration file, an example of which is given below:
version: 2
global:
forget: prune
forget:
keep-within: 7
locations:
locationname01:
forget: prune
from: yourpathfrom
to: nameofthebackend
cron: '0 1 * * *' # Every day at 1am
hooks:
prevalidate:
- echo "Checks"
before:
- 'curl -m 10 --retry 5 -X POST -H "Content-Type: text/plain" --data "Starting backup for location: ${AUTORESTIC_LOCATION}" https://hc-ping.com/<code>/start'
after:
- 'curl -m 10 --retry 5 -X POST -H "Content-Type: text/plain" --data "Executed backup for location: ${AUTORESTIC_LOCATION}" https://hc-ping.com/<code>'
failure:
- 'curl -m 10 --retry 5 -X POST -H "Content-Type: text/plain" --data "Backup failed for location: ${AUTORESTIC_LOCATION}" https://hc-ping.com/<code>/fail'
success:
- 'curl -m 10 --retry 5 -X POST -H "Content-Type: text/plain" --data "Backup successful for location: ${AUTORESTIC_LOCATION}" https://hc-ping.com/<code>'
options:
forget:
keep-within: 7
backup:
tag: yourtag
locationname02:
forget: prune
from: yourpathfrom
to: yourbackend
cron: '0 1 * * *' # Every day at 1am
hooks:
prevalidate:
- echo "Checks"
before:
- 'curl -m 10 --retry 5 -X POST -H "Content-Type: text/plain" --data "Starting backup for location: ${AUTORESTIC_LOCATION}" https://hc-ping.com/<code>/start'
after:
- 'curl -m 10 --retry 5 -X POST -H "Content-Type: text/plain" --data "Executed backup for location: ${AUTORESTIC_LOCATION}" https://hc-ping.com/<code>'
failure:
- 'curl -m 10 --retry 5 -X POST -H "Content-Type: text/plain" --data "Backup failed for location: ${AUTORESTIC_LOCATION}" https://hc-ping.com/<code>/fail'
success:
- 'curl -m 10 --retry 5 -X POST -H "Content-Type: text/plain" --data "Backup successful for location: ${AUTORESTIC_LOCATION}" https://hc-ping.com/<code>/start'
options:
forget:
keep-within: 7
backup:
tag: yourtag
locationname03:
forget: prune
from: yourpathfrom
to: yourbackend
cron: '0 1 * * *' # Every day at 1am
hooks:
prevalidate:
- echo "Checks"
before:
- 'curl -m 10 --retry 5 -X POST -H "Content-Type: text/plain" --data "Starting backup for location: ${AUTORESTIC_LOCATION}" https://hc-ping.com/<code>/start'
after:
- 'curl -m 10 --retry 5 -X POST -H "Content-Type: text/plain" --data "Executed backup for location: ${AUTORESTIC_LOCATION}" https://hc-ping.com/<code>'
failure:
- 'curl -m 10 --retry 5 -X POST -H "Content-Type: text/plain" --data "Backup failed for location: ${AUTORESTIC_LOCATION}" https://hc-ping.com/<code>/fail'
success:
- 'curl -m 10 --retry 5 -X POST -H "Content-Type: text/plain" --data "Backup successful for location: ${AUTORESTIC_LOCATION}" https://hc-ping.com/<code>'
options:
forget:
keep-within: 7
backup:
tag: yourtag
locationname04:
forget: prune
from: yourpathfrom
to: aws
cron: '0 1 * * *' # Every day at 1am
hooks:
prevalidate:
- echo "Checks"
before:
- 'curl -m 10 --retry 5 -X POST -H "Content-Type: text/plain" --data "Starting backup for location: ${AUTORESTIC_LOCATION}" https://hc-ping.com/<code>/start'
after:
- 'curl -m 10 --retry 5 -X POST -H "Content-Type: text/plain" --data "Executed backup for location: ${AUTORESTIC_LOCATION}" https://hc-ping.com/<code>'
failure:
- 'curl -m 10 --retry 5 -X POST -H "Content-Type: text/plain" --data "Backup failed for location: ${AUTORESTIC_LOCATION}" https://hc-ping.com/<code>/fail'
success:
- 'curl -m 10 --retry 5 -X POST -H "Content-Type: text/plain" --data "Backup successful for location: ${AUTORESTIC_LOCATION}" https://hc-ping.com/<code>'
options:
forget:
keep-within: 7
backup:
tag: yourtag
backends:
yourbackendname:
type: s3
path: s3.amazonaws.com/yourbacket
key: pathofyourkeyfile
env:
AWS_ACCESS_KEY_ID: "account_id"
AWS_SECRET_ACCESS_KEY: "account_key"
Since we have added the parameter cron in the autorestic configuration file, it is necessary to set the cron on the Mac using the command:
crontab -e
and enter the following lines (for the PATH, check that it is correct according to the configuration)
# This is required, as it cannot find restic as a command otherwise.
PATH="/usr/bin:/opt/homebrew/bin/"
# Example running every day at 1 am
0 1 * * autorestic -c yourpath/.config/autorestic/.autorestic.yml --ci cron > /tmp/autorestic.log 2>&1
The values 0 1 * * indicate that the command will be executed daily at 1:00.
To check that you set cron correctly, you can run the command:
crontab -l
which should return the entered configuration.
At this point, you must initialize the backend with the command:
autorestic init
and when the process is finished, you can start the backup with the command:
autorestic backup -a
which performs the backup for all locations entered in the configuration file.
Next, the command
autorestic cron
At this point, autorestic should perform the backup according to the configuration set.
If this resource was helpful, you could contribute by
Or donate via
Follow us on Mastodon
Stay tuned!