TL;DR: Can two rest-servers (one regular and one in --append-only
mode) use the same repository at the same time, or is that somehow problematic? Would it be any different from two restic instances using the same repository at the same time?
I have a user. The user has two systems. One of them is his “trusted” main computer under his own physical control, and the other one is a “less trusted” remote virtual machine hosted by a third party.
I want both of these systems to back up to the same repository, as they mostly contain very similar data and after all it’s the user’s data I back up, not individual systems’ data.
I’m thinking of having two rest-servers running, one in regular mode and one in --append-only
mode. The “trusted” computer would back up to the regular rest-server and therefore be able to execute forget+prune, and the “less trusted” VM would back up to the --append-only
rest-server in order to not be able to modify or delete the repository. The rest-servers would therefore use separate password databases, so that the two systems can’t access the wrong rest-server.
Here’s the possibly weird thing; I’m thinking of having both of these rest-servers reference/use/access the very same directory for the user’s repository. That is, both rest-servers use e.g. /data/restic/username
as the effective repository path for the user’s two restics.
This would mean that both the computer and the VM might back up to this repository at the same time, which AFAIK should be fine and just like any other repository that multiple clients back up to at the same time. Also, if the “trusted” computer does forget+prune or any other modifying action, it would use locking as usual, to signal to other users of the repository that something fishy is going on.
Now, I ask for a sanity check:
- Is this a completely stupid idea for some reason?
- Am I missing something, or should the fact that the rest-servers just relay reads/writes/etc from the restic clients mean that it’s fine that these two rest-servers use the same repository storage/directory?
Perhaps there’s some small race condition possible, but the time frame for it is probably so small that it’s not a practical problem.
PS: I need a regular rest-server and an --append-only
rest-server for other clients as well, so they will both exist regardless of this single user’s two systems. The question is only if I can use them the way I’m thinking for this user’s systems.