Setting Up Restic Backups to Wasabi S3-Compatible Storage on Debian 12 Bullseye

Backups are essential for ensuring data security. In this guide, I will walk you through setting up Restic, a fast and secure backup tool, to work with Wasabi S3-compatible storage on Debian 12 Bullseye.

This tutorial uses the Wasabi region Osaka (ap-northeast-2) and a bucket named bucket-osaka-sandbox.

We will organize backups using subdirectories and tags for each virtual machine.

Step 1.1 : Install Restic

First, install Restic using the package manager.

sudo apt update
sudo apt install restic -y

sudo apt update

sudo apt install restic -y

Verify the installation:

restic version

1 2	restic version

Step 1.2 : Install AWS CLI

Next, install AWS CLI using the package manager.

sudo apt update
sudo apt install aws-cli -y

sudo apt update

sudo apt install aws-cli -y

Setup the access key and secret key using value from Wasabi:

aws configure

1 2	aws configure

Step 2: Set Up Environment Files

Create a directory to store Restic configuration files:

sudo mkdir -p /etc/restic.d
sudo chmod 700 /etc/restic.d

sudo mkdir -p /etc/restic.d

sudo chmod 700 /etc/restic.d

2.1 Create the `.restic-env` File

This file stores environment variables for Restic. Use the following template:

sudo vi /etc/restic.d/.restic-env

1 2	sudo vi /etc/restic.d/.restic-env

Add the following content:

SERVER_NAME=vm-osaka-1
LOCAL_REPOSITORY=/var/app
AWS_ACCESS_KEY_ID=your_wasabi_access_key
AWS_SECRET_ACCESS_KEY=your_wasabi_secret_key
RESTIC_REPOSITORY=s3:https://s3.ap-northeast-2.wasabisys.com/bucket-osaka-sandbox

SERVER_NAME=vm-osaka-1

LOCAL_REPOSITORY=/var/app

AWS_ACCESS_KEY_ID=your_wasabi_access_key

AWS_SECRET_ACCESS_KEY=your_wasabi_secret_key

RESTIC_REPOSITORY=s3:https://s3.ap-northeast-2.wasabisys.com/bucket-osaka-sandbox

Replace your_wasabi_access_key and your_wasabi_secret_key with your Wasabi credentials.

Secure the file:

sudo chmod 600 /etc/restic.d/.restic-env

1 2	sudo chmod 600 /etc/restic.d/.restic-env

2.2 Create the `.restic-password` File

This file stores the encryption password for your backups.

sudo vi /etc/restic.d/.restic-password

1 2	sudo vi /etc/restic.d/.restic-password

Add a strong password:

your_secure_password

1 2	your_secure_password

Secure the file:

sudo chmod 600 /etc/restic.d/.restic-password

1 2	sudo chmod 600 /etc/restic.d/.restic-password

Step 3: Create the Restic Script

Next, create a bash script to handle Restic operations.

sudo vi /etc/restic.d/.restic.sh

1 2	sudo vi /etc/restic.d/.restic.sh

Add the following content:

#!/bin/bash

source /etc/restic.d/.restic-env

# Option 0 - Change password
#restic -r "$RESTIC_REPOSITORY/$SERVER_NAME" key passwd

# Option 1 - Init repository
#restic -r "$RESTIC_REPOSITORY/$SERVER_NAME" init --password-file "/var/app/secret/.restic-password"

# Option 2 - Backup
restic -r "$RESTIC_REPOSITORY/$SERVER_NAME" backup "$LOCAL_REPOSITORY" --tag "$SERVER_NAME" --password-file "/etc/restic.d/.restic-password" --verbose

# Option 3 - List snapshots
restic -r "$RESTIC_REPOSITORY/$SERVER_NAME" snapshots --password-file "/etc/restic.d/.restic-password" --verbose

# Option 4 - Housekeeping
restic -r "$RESTIC_REPOSITORY/$SERVER_NAME" forget --keep-last 7 --keep-daily 7 --keep-weekly 4 --keep-monthly 6 --prune --password-file "/etc/restic.d/.restic-password" --verbose

#!/bin/bash

source /etc/restic.d/.restic-env

# Option 0 - Change password

#restic -r "$RESTIC_REPOSITORY/$SERVER_NAME" key passwd

# Option 1 - Init repository

#restic -r "$RESTIC_REPOSITORY/$SERVER_NAME" init --password-file "/var/app/secret/.restic-password"

# Option 2 - Backup

restic -r "$RESTIC_REPOSITORY/$SERVER_NAME" backup "$LOCAL_REPOSITORY" --tag "$SERVER_NAME" --password-file "/etc/restic.d/.restic-password" --verbose

# Option 3 - List snapshots

restic -r "$RESTIC_REPOSITORY/$SERVER_NAME" snapshots --password-file "/etc/restic.d/.restic-password" --verbose

# Option 4 - Housekeeping

restic -r "$RESTIC_REPOSITORY/$SERVER_NAME" forget --keep-last 7 --keep-daily 7 --keep-weekly 4 --keep-monthly 6 --prune --password-file "/etc/restic.d/.restic-password" --verbose

Make the script executable:

sudo chmod +x /etc/restic.d/.restic.sh

1 2	sudo chmod +x /etc/restic.d/.restic.sh

Step 4: Initialize the Restic Repository

Run the script to initialize the repository.

sudo bash /etc/restic.d/.restic.sh

1 2	sudo bash /etc/restic.d/.restic.sh

Uncomment the Init repository line in the script (Option 1) and re-run the script to initialize:

restic -r "$RESTIC_REPOSITORY/$SERVER_NAME" init --password-file "/var/app/secret/.restic-password"

1 2	restic -r "$RESTIC_REPOSITORY/$SERVER_NAME" init --password-file "/var/app/secret/.restic-password"

Step 5: Perform a Backup

To perform a backup, ensure the Backup section (Option 2) in the script is uncommented, then execute:

sudo bash /etc/restic.d/.restic.sh

1 2	sudo bash /etc/restic.d/.restic.sh

The backup will store data from /var/app to s3://bucket-osaka-sandbox/vm-osaka-1 with the tag vm-osaka-1.

Step 6: List Snapshots

To list snapshots, uncomment the List snapshots line (Option 3) and run the script:

sudo bash /etc/restic.d/.restic.sh

1 2	sudo bash /etc/restic.d/.restic.sh

Step 7: Perform Housekeeping

Housekeeping removes old backups and optimizes the repository. Uncomment the Housekeeping line (Option 4) and run the script:

sudo bash /etc/restic.d/.restic.sh

1 2	sudo bash /etc/restic.d/.restic.sh

This setup keeps:

Last 7 snapshots
7 daily snapshots
4 weekly snapshots
6 monthly snapshots

Step 8: Automate Backups with Systemd

To schedule backups, create a systemd service and timer.

Create the Systemd Service

sudo vi /etc/systemd/system/restic-backup.service

1 2	sudo vi /etc/systemd/system/restic-backup.service

Add the following:

&#91;Unit]
Description=Restic Backup Service
Wants=restic-backup.timer

&#91;Service]
Type=oneshot
ExecStart=/bin/bash /etc/restic.d/.restic.sh

[Unit]

Description=Restic Backup Service

Wants=restic-backup.timer

[Service]

Type=oneshot

ExecStart=/bin/bash /etc/restic.d/.restic.sh

Create the Systemd Timer

sudo vi /etc/systemd/system/restic-backup.timer

1 2	sudo vi /etc/systemd/system/restic-backup.timer

Add the following:

&#91;Unit]
Description=Run Restic Backup Daily

&#91;Timer]
OnCalendar=*-*-* 02:00:00
Persistent=true

&#91;Install]
WantedBy=timers.target

[Unit]

Description=Run Restic Backup Daily

[Timer]

OnCalendar=*-*-* 02:00:00

Persistent=true

[Install]

WantedBy=timers.target

Enable and start the timer:

sudo systemctl enable restic-backup.timer
sudo systemctl start restic-backup.timer

sudo systemctl enable restic-backup.timer

sudo systemctl start restic-backup.timer

Summary

With this setup, Restic will securely back up your files to Wasabi S3 storage. The use of subdirectories and tags makes it easy to manage backups for multiple virtual machines.

Automating the process with systemd ensures your data remains secure with minimal effort.

diditho.com

Setting Up Restic Backups to Wasabi S3-Compatible Storage on Debian 12 Bullseye

Step 1.1 : Install Restic

Step 1.2 : Install AWS CLI

Step 2: Set Up Environment Files

2.1 Create the `.restic-env` File

2.2 Create the `.restic-password` File

Step 3: Create the Restic Script

Step 4: Initialize the Restic Repository

Step 5: Perform a Backup

Step 6: List Snapshots

Step 7: Perform Housekeeping

Step 8: Automate Backups with Systemd

Create the Systemd Service

Create the Systemd Timer

Summary

Leave A Comment Cancel reply

Step 1.1 : Install Restic

Step 1.2 : Install AWS CLI

Step 2: Set Up Environment Files

2.1 Create the .restic-env File

2.2 Create the .restic-password File

Step 3: Create the Restic Script

Step 4: Initialize the Restic Repository

Step 5: Perform a Backup

Step 6: List Snapshots

Step 7: Perform Housekeeping

Step 8: Automate Backups with Systemd

Create the Systemd Service

Create the Systemd Timer

Summary

Related posts:

Leave A Comment Cancel reply

2.1 Create the `.restic-env` File

2.2 Create the `.restic-password` File