Restic is a well known backup software. It's simple enough to be ported to any OS, and that's probably why it doesn't come with a full example setup on an average Linux system. Let's fix it with this post.
Let's set the problem as follows:
- Automatic backup runs daily.
- The backup only stores important files and data.
- The backup also includes the contents of the PostgreSQL databases, which can be restored
psql -f
.
/ systemd, restic CAP_DAC_READ_SEARCH
, PostgreSQL pg_dumpall
.
This assumes that the backup is done on an Ubuntu Server 20.04 machine and is being performed on a rest-server running on 192.168.1.200
. However, the configuration is trivially adaptable to any cloud provider. It also assumes that the repository has already been initialized by the command restic -r rest:http://192.168.1.200/your-repo/ init
.
Backing up files / directories
It is undesirable to run software with superuser rights unnecessarily, so let's create a separate user for our tasks restic
without a group and command shell:
# useradd -m -N -s /usr/sbin/nologin restic
We need the following systemd service with a parameter and a timer to it:
/etc/systemd/system/restic@.service
:
[Unit] # @, # systemctl start restic@your-repo.service # %I "your-repo" Description=Restic backup on %I After=syslog.target After=network-online.target [Service] Type=oneshot User=restic # /etc/restic/your-repo.files ExecStart=/usr/local/bin/restic backup --files-from /etc/restic/%I.files # /etc/restic/your-repo.env EnvironmentFile=/etc/restic/%I.env # restic capability DAC_READ_SEARCH, # Linux, # , # AmbientCapabilities=CAP_DAC_READ_SEARCH [Install] WantedBy=multi-user.target
/etc/systemd/system/restic@.timer
:
[Unit] # , @ # (restic@your-repo.timer), restic@your-repo.service Description=Run Restic at 12:00 AM [Timer] # restic 12 OnCalendar=*-*-* 12:00:00 [Install] WantedBy=timers.target
/etc/restic/your-repo.env
. systemd root, /etc/restic/
(.. 700 root
):
RESTIC_PASSWORD=your_repo_password RESTIC_REPOSITORY=rest:http://192.168.1.200/your-repo/
/ /etc/restic/your-repo.files
:
/var/lib/docker /etc/postgresql /etc/restic ...
PostgreSQL
Restic , , pg_dumpall
. systemd ExecStart
execve(3)
, /usr/local/bin/pgdump.sh
:
#!/usr/bin/env bash
set -euo pipefail
/usr/bin/sudo -u postgres pg_dumpall --clean \
| gzip --rsyncable \
| /usr/local/bin/restic backup --host $1 --stdin \
--stdin-filename postgres-$1.sql.gz
/etc/systemd/system/restic-pg@.service
:
[Unit] Description=Restic PostgreSQL backup on %I After=syslog.target After=network-online.target After=postgresql.service Requires=postgresql.service [Service] Type=oneshot User=restic ExecStart=/usr/local/bin/pgdump.sh %I EnvironmentFile=/etc/restic/%I.env [Install] WantedBy=multi-user.target
/etc/systemd/system/restic-pg@.timer
:
[Unit] Description=Run Restic on PostgreSQL at 12:00 AM [Timer] OnCalendar=*-*-* 0:00:00 [Install] WantedBy=timers.target
Let's start the timers and enable their autoload:
# systemctl enable --now restic@your-repo.timer restic-pg@your-repo.timer
Let's check if the built system works:
# systemctl start restic@your-repo.service # systemctl start restic-pg@your-repo.service
This set of units allows you to back up to an unlimited number of repositories, you just need to create the appropriate ones /etc/restic/repo-name.{env,files}
.
Links
- PostgreSQL backup recipe in the container from which the script in the post grew.
- Systemd documentation: systemd.service , systemd.timer .
- This post on my blog is in English .