My apologies for a somewhat longer (first) question, which is: is there a tutorial somewhere that discusses restic via docker and that pays good attention to security?
Context:
I am looking at improving my backup situation as part of a re-architecting of my landscape. I run a small SoHo setup with a few systems and servers, both Linux (new) and macOS (existing). I provide mail (postfix, dovecot, etc.) and I also am the backup backend provider (MinIO) for family members (who all use macOS clients running Duplicati).
Basically, I’ve always had somewhat limited trust in Duplicati as I had too many corruption issues over the years. These were all solved with some backup (but no data) loss, but still… The central macOS server is therefore still backed up using CrashPlan for that reason. Crashplan has been reliable and good at dedup, but it has become a worse experience in what it forbids you to backup (even locally) over the years. ANd because of unexpected behaviour, I actually did lose data (though this was not a technical glitch).
I have looked around and have decided I will try to set up a new backup architecture using restic, which seems the best option after looking around. I will run restic and restic-server as a docker container on Ubuntu (22.04 LTS).
My main focus for now is security. Storage will be on a local internal SSD and a local RAID, both are encrypted when turned off, mainly to make sure that if someone takes off with my hardware, they don’t take off with my data. Linux file systems are all ext4, btw.
I want to keep users as separate as can be (for instance, I currently run fully separate MinIO instances for each family user on my macOS MinIO backend), but in the case of restic I might opt for a maximum in terms of deduplication (though I have not decided, as having multiple repositories does provide some extra robustness).
After reading I wondered if I could completely drop Duplicati and my own MinIO and use restic and restic server.
In the restic documentation, I did not find information on how to run restic and restic server via docker, only install. But running a docker container securely comes with its own special areas of attention.