Restic: Difference between revisions
m Category:Applications Category:Backup. Link to restic. |
Add clarification to further modifications needed for wrapper |
||
(2 intermediate revisions by one other user not shown) | |||
Line 1: | Line 1: | ||
[https://restic.net/ Restic] is a fast and secure backup program. | [https://restic.net/ Restic] is a fast and secure backup program. NixOS packages both <code>restic</code> client (program used to make backups) and <code>restic-rest-server</code> (one of the backends to store the backups remotely, "repositories" in restic parlance). | ||
== Installing == | == Installing == | ||
If you want to manually create restic backups, add <code>restic</code> to <code>environment.systemPackages</code> like so: | |||
<syntaxHighlight lang=nix> | <syntaxHighlight lang=nix> | ||
Line 10: | Line 10: | ||
]; | ]; | ||
</syntaxHighlight> | </syntaxHighlight> | ||
== Configuring == | |||
=== Restic === | |||
NixOS provides options to create a systemd timer and a service that will create the backups. See [https://search.nixos.org/options?channel=unstable&from=0&size=50&sort=relevance&type=packages&query=services.restic.backups services.restic.backups options] and "[https://restic.readthedocs.io/en/stable/040_backup.html Backing up]" in the restic documentation. | |||
Note that NixOS includes an option to automatically create the repository by specifying <code>services.restic.backups.<name>.initialize = true</code>; | |||
=== Restic Rest Server === | |||
Restic Rest Server is one of the options for a remote repository<ref>https://restic.readthedocs.io/en/latest/030_preparing_a_new_repo.html#rest-server</ref>. It can be installed by enabling the <code>services.restic.server.enable</code> option. By default the server requires either providing it with <code>htpasswd</code> file or running it without authentication. If provided, the username and password pairs <code>htpassd</code> file will be used to authenticate the restic clients connecting to the server. To run the server without authentication, you can pass the flag using the <code>extraFlags</code> option like this: <code>services.restic.server.extraFlags = [ "--no-auth" ];</code> | |||
Passing the <code>htpasswd</code> file should be done using one of the [[Comparison of secret managing schemes|secret management methods]]. | |||
== Security Wrapper == | == Security Wrapper == | ||
Line 28: | Line 40: | ||
}; | }; | ||
</syntaxHighlight> | </syntaxHighlight> | ||
Note that you will have to set your Restic configuration to use the wrapper using the [https://search.nixos.org/options?channel=unstable&show=services.restic.backups.%3Cname%3E.package&from=0&size=50&sort=relevance&type=packages&query=services.restic.backups services.restic.backups.<name>.package] option, for example <ref>https://github.com/NixOS/nixpkgs/issues/341999#issuecomment-2558504576</ref>, | |||
<syntaxHighlight lang=nix> | |||
services.restic.backups.foo = { | |||
# ... | |||
user = "restic"; | |||
package = pkgs.writeShellScriptBin "restic" '' | |||
exec /run/wrappers/bin/restic "$@" | |||
''; | |||
}; | |||
</syntaxHighlight> | |||
[[Category:Applications]] | [[Category:Applications]] | ||
[[Category:Backup]] | [[Category:Backup]] |