Best Practices for restic repo security

Getting Help
21

Hi Nuno, I am interested and suggest you put the scripts in a github repo or similar for the benefit of all, including you.
Thanks!
/Martin

1 Like
22

Hello @martinleben,

I keep my stuff in my self hosted GitLab instance. But Iā€™ll gladly share it. Let me think how.

Nevertheless, my backup scripts evolved a lot since then. I replaced all the bash scripts (which are hard to maintain and run) with a much simpler and much better Ansible playbook. Much to my surprise it was simpler to implement and has shown clear advantages over the bash scripts, in terms or reliability, observability and security.

I have no intention of using these bash scripts ever again and even archived my git repository. So I wonā€™t be making a public repository for them. But Iā€™ll gladly share them with you. Send me a DM if youā€™re interested.

Nevertheless, I strongly advise you to try my new approach based on Ansible. It is currently not in a state where I can easily share it because itā€™s not very generic. But Iā€™ll try to come up with a way to make it reusable and then Iā€™ll share it and will update here.

Cheers,
Nuno

1 Like
23

Did you ever get around to tidying up your ansible to something to share? Even if it could go onto a pasteboard or something thatā€™d be cool to checkout.

24

Hi @d3wy and @martinleben,

Creating reusable roles is in my TODO list but I donā€™t see it happening anytime soon tbh. Iā€™m working on too many things at the same time, some of them other open source projects.

But I stripped my private repo from all personal and private data, simplified the configuration to keep some examples and created a repo which, while not being reusable as-is, is easily adapted just by changing the inventory (production) and configuration (group_vars and host_vars).

If you donā€™t know it already, youā€™ll definitely need to learn how to run Ansible playbooks.

Here it is:

I hope you find it useful.

I can tell you that Iā€™ve been using it successfully for all my monthly backups without any issues for many months now.

Cheers,
Nuno

25

This. Or using snapshots on the repository serverā€™s filesystems (e.g. ZFS snapshots).