Backups are essential for ensuring data security. In this guide, I will walk you through setting up Restic, a fast and secure backup tool, to work with Wasabi S3-compatible storage on Debian 12 Bullseye.

This tutorial uses the Wasabi region Osaka (ap-northeast-2) and a bucket named bucket-osaka-sandbox.

We will organize backups using subdirectories and tags for each virtual machine.

Step 1.1 : Install Restic

First, install Restic using the package manager.

sudo apt update
sudo apt install restic -y

Verify the installation:

restic version

Step 1.2 : Install AWS CLI

Next, install AWS CLI using the package manager.

sudo apt update
sudo apt install aws-cli -y

Setup the access key and secret key using value from Wasabi:

aws configure

Step 2: Set Up Environment Files

Create a directory to store Restic configuration files:

sudo mkdir -p /etc/restic.d
sudo chmod 700 /etc/restic.d
2.1 Create the .restic-env File

This file stores environment variables for Restic. Use the following template:

sudo vi /etc/restic.d/.restic-env

Add the following content:

SERVER_NAME=vm-osaka-1
LOCAL_REPOSITORY=/var/app
AWS_ACCESS_KEY_ID=your_wasabi_access_key
AWS_SECRET_ACCESS_KEY=your_wasabi_secret_key
RESTIC_REPOSITORY=s3:https://s3.ap-northeast-2.wasabisys.com/bucket-osaka-sandbox

Replace your_wasabi_access_key and your_wasabi_secret_key with your Wasabi credentials.

Secure the file:

sudo chmod 600 /etc/restic.d/.restic-env
2.2 Create the .restic-password File

This file stores the encryption password for your backups.

sudo vi /etc/restic.d/.restic-password

Add a strong password:

your_secure_password

Secure the file:

sudo chmod 600 /etc/restic.d/.restic-password

Step 3: Create the Restic Script

Next, create a bash script to handle Restic operations.

sudo vi /etc/restic.d/.restic.sh

Add the following content:

#!/bin/bash

source /etc/restic.d/.restic-env

# Option 0 - Change password
#restic -r "$RESTIC_REPOSITORY/$SERVER_NAME" key passwd

# Option 1 - Init repository
#restic -r "$RESTIC_REPOSITORY/$SERVER_NAME" init --password-file "/var/app/secret/.restic-password"

# Option 2 - Backup
restic -r "$RESTIC_REPOSITORY/$SERVER_NAME" backup "$LOCAL_REPOSITORY" --tag "$SERVER_NAME" --password-file "/etc/restic.d/.restic-password" --verbose

# Option 3 - List snapshots
restic -r "$RESTIC_REPOSITORY/$SERVER_NAME" snapshots --password-file "/etc/restic.d/.restic-password" --verbose

# Option 4 - Housekeeping
restic -r "$RESTIC_REPOSITORY/$SERVER_NAME" forget --keep-last 7 --keep-daily 7 --keep-weekly 4 --keep-monthly 6 --prune --password-file "/etc/restic.d/.restic-password" --verbose

Make the script executable:

sudo chmod +x /etc/restic.d/.restic.sh

Step 4: Initialize the Restic Repository

Run the script to initialize the repository.

sudo bash /etc/restic.d/.restic.sh

Uncomment the Init repository line in the script (Option 1) and re-run the script to initialize:

restic -r "$RESTIC_REPOSITORY/$SERVER_NAME" init --password-file "/var/app/secret/.restic-password"

Step 5: Perform a Backup

To perform a backup, ensure the Backup section (Option 2) in the script is uncommented, then execute:

sudo bash /etc/restic.d/.restic.sh

The backup will store data from /var/app to s3://bucket-osaka-sandbox/vm-osaka-1 with the tag vm-osaka-1.

Step 6: List Snapshots

To list snapshots, uncomment the List snapshots line (Option 3) and run the script:

sudo bash /etc/restic.d/.restic.sh

Step 7: Perform Housekeeping

Housekeeping removes old backups and optimizes the repository. Uncomment the Housekeeping line (Option 4) and run the script:

sudo bash /etc/restic.d/.restic.sh

This setup keeps:

  • Last 7 snapshots
  • 7 daily snapshots
  • 4 weekly snapshots
  • 6 monthly snapshots

Step 8: Automate Backups with Systemd

To schedule backups, create a systemd service and timer.

Create the Systemd Service
sudo vi /etc/systemd/system/restic-backup.service

Add the following:

[Unit]
Description=Restic Backup Service
Wants=restic-backup.timer

[Service]
Type=oneshot
ExecStart=/bin/bash /etc/restic.d/.restic.sh
Create the Systemd Timer
sudo vi /etc/systemd/system/restic-backup.timer

Add the following:

[Unit]
Description=Run Restic Backup Daily

[Timer]
OnCalendar=*-*-* 02:00:00
Persistent=true

[Install]
WantedBy=timers.target

Enable and start the timer:

sudo systemctl enable restic-backup.timer
sudo systemctl start restic-backup.timer

Summary

With this setup, Restic will securely back up your files to Wasabi S3 storage. The use of subdirectories and tags makes it easy to manage backups for multiple virtual machines.

Automating the process with systemd ensures your data remains secure with minimal effort.

Related posts:

  1. Automate Bash Script Execution at System Boot on Debian 12 Using systemd There are many occasions when we need to run a...
  2. How to setup Docker and run Docker Compose for Managing multi-container on Debian 12 Bookworm Part 1, Install Docker and Docker Compose Here’s a step-by-step...
  3. How to Install Node.js v20.x on Debian 12 Node.js has become a critical component for building fast, scalable...
  4. Uninstall and ReInstall NGINX on Debian 12 The Right Way Certainly! Here’s the complete, revised set of steps to fully...
  5. How to Install Redis Master Slave on Debian 12 Bookworm To set up a Redis master-slave replication on Debian 12,...
  6. Mount Azure Blob Storage On Debian 11 or Debian 12 Using BlobFuse Linux versions of many Microsoft software products are supported and...
  7. Install RabbitMQ On Azure Debian 11 The script from the RabbitMQ official documentation is a good...
  8. MariaDB Master Slave Installation and Configuration on Linux Debian 12 Bookworm MariaDB is an open-source relational database management system (RDBMS) that...

Leave A Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.