How I back up my servers using restic

https://angristan.xyz/backup-servers-using-restic-wasabi-object-storage/

Automatise the backups using bash and cron

On my servers, I have a backup script that looks like this:

#!/bin/bash

source .restic-keys
export RESTIC_REPOSITORY="s3:s3.wasabisys.com/{{ ansible_hostname }}-backup"

echo -e "\n`date` - Starting backup...\n"

restic backup /etc
restic backup /root --exclude .cache --exclude .local
restic backup /home/stanislas --exclude .cache --exclude .local
restic backup /var/log
restic backup /srv/some-website

mysqldump database | restic backup --stdin --stdin-filename database.sql

echo -e "\n`date` - Running forget and prune...\n"

restic forget --prune --keep-daily 7 --keep-weekly 4 --keep-monthly 12

echo -e "\n`date` - Backup finished.\n"

Easy right?

I execute the script at night with some nice and ionice:

0 4 * * * ionice -c2 -n7 nice -n19 bash /root/backup.sh > /var/log/backup.log 2>&1

And we’re done!

Bonus: an Ansible playbook to industrialise all of this

This is a custom playbook that suits my needs, but I share it with you guys since I find it very useful.

playbook.yml:

---
- name: Restic Playbook
  hosts: restic

  tasks:
  - name: Add Sid repository for restic
    apt_repository: repo='deb http://deb.debian.org/debian sid main' state=present filename='sid' update_cache='yes'

  - name: Add APT-pinning for Sid and Restic
    copy:
      src: ../../files/common/etc/apt/preferences.d/restic
      dest: /etc/apt/preferences.d/restic

  - name: Install Restic from Sid
    apt: name='restic' state='present' update_cache='yes'

  - name: Add backup cron at 4 AM every day
    cron:
      name: backup
      minute: "0"
      hour: "4"
      job: "ionice -c2 -n7 nice -n19 bash /root/backup.sh > /var/log/backup.log 2>&1"

  - name: Add backup.sh
    template:
      src: ../../files/common/home/backup.sh.j2
      dest: /root/backup.sh
      owner: root
      group: root
      mode: 0700

  - name: Set root:root and 0600 on .restic-keys
    file:
      path: /root/.restic-keys
      owner: root
      group: root
      mode: 0600

Note: I put the .restic-keys file manually on the servers. I think I will improve this using ansible-vault in the future.

An example backup.sh.j2:

#!/bin/bash

source .restic-keys
export RESTIC_REPOSITORY="s3:s3.wasabisys.com/{{ ansible_hostname }}-backup"

echo -e "\n`date` - Starting backup...\n"

# Common folders
restic backup /etc
restic backup /root --exclude .cache --exclude .local
restic backup /home/stanislas --exclude .cache --exclude .local
restic backup /var/log

# Specific folders per server
{% if ansible_host == 'server1' %}
restic backup /var/lib/munin 
{% elif ansible_host == 'server2' %}
restic backup /srv/cloud
{% elif ansible_host == 'server3' %}
restic backup /var/lib/tor
{% elif ansible_host == 'server4' %}
restic backup /srv/mastodon
{% elif ansible_host == 'server5' %}
restic backup /srv/ghost
{% endif %}

echo -e "\n`date` - Running forget and prune...\n"

restic forget --prune --keep-daily 7 --keep-weekly 12

echo -e "\n`date` - Backup finished.\n"

You can adapt this to your needs.

Enjoy

Leave a Reply