I’ve been using the same backup strategy for over a decade now. I loopback mount an encrypted container, rsync some folders to it and finally rsync the container to an offsite host. The host I use is quite expensive so I’ve started looking for other hosts. Unfortunately S3, B2 and similar cloud storage solutions doesn’t support rsync so I need some other setup.
Restic is one option that came up while googling. It’s part of the “holy grail of backups” family. The problem I have with all of them is that they roll their own encryption. I realize that restic’s encryption is better than dm-crypt aes-xts assuming the implementation is sound but I’m hesitant to entrust by data to a new tool. An idea I had is to keep using my encrypted container and use restic to backup the container itself. That should be as safe as my old setup but allows me to use regular cloud storage solutions.
What are the downsides to this setup?
-
It uses more local space because I need to store the regular data + the container + some restic cache. The container is currently 50Gb so it’s not that much more.
-
The backup takes more time because restic must read the entire container each backup.
-
Restic only sees the encrypted data so compression doesn’t work… but restic doesn’t support compression anyway.
-
It uses more host storage. If I delete files in the container the container itself stays the same size and restic doesn’t know which parts has been deleted.
Any other downsides?
One thing I could do is run fstrim on the container’s filesystem before unmounting it. That will send trim commands down the stack and eventually the trimmed areas will be made sparse in the container file. Restic will then see them as ranges of zeros and can compress them… but restic doesn’t support compression. But it could deduplicate them if they are large enough? The average blob size is 1 MiB and most of the files are a lot smaller so I guess that won’t work so well?
What filesystem would be appropriate to use in the container? Ext4 can be used without the journal so I don’t have to waste space backing up that change each time. Using rsync --inplace on ext4 should really overwrite file in place resulting in smaller diff between snapshots. Is there any other filesystem with a particularly good layout of metadata suitable for this?
What happens if data gets damaged on the host? Damage to the keys and config file means instant loss of all data right? What about the data and index files? If a backed up file is partially corrupt can restic restore the good parts of it and leave the broken parts unwritten? That’s important since I only plan to backup one file.
Is the backed up data always consistent even with power failure, OOM kills, network loss and similar problems?
Which storage provider is “the best”. That means cheapest option that fulfills my needs. I live in Europe and have 10Mbit upload. How sensitive is restic to round trip delays? Backblaze B2 is cheap but it seems like some operations on B2 is so slow it’s easier to sync to a local filesystem and then use rclone. Restic 0.8 Prune still very slow
That would waste another 50Gb of local space. If that is the case I could just as well use borg+rclone since it supports compression. What other unexpected gotchas are there I should be aware of?
To get compression I would have to add that inside the container. One possibility is to use btrfs with compression instead of ext4 but I don’t want to do that because I don’t think btrfs is stable or reliable enough to trust it with my data. But if I don’t trust btrfs should I trust restic? The FAQ in the docs talks about a bug that is so common it needs it’s own FAQ entry but it also says “The cause of this bug is not yet known”. The bug might be benign but it still looks bad. How reliable is restic? Yes, trying to quantify reliability difficult.