Backup mit "Restic"

# dnf install epel-release
# dnf install restic

$ restic --help

restic is a backup program which allows saving multiple revisions of files and
directories in an encrypted repository stored on different backends.

Usage:
  restic [command]

Available Commands:
  backup        Create a new backup of files and/or directories
  cache         Operate on local cache directories
  cat           Print internal objects to stdout
  check         Check the repository for errors
  copy          Copy snapshots from one repository to another
  diff          Show differences between two snapshots
  dump          Print a backed-up file to stdout
  find          Find a file, a directory or restic IDs
  forget        Remove snapshots from the repository
  generate      Generate manual pages and auto-completion files (bash, fish, zsh)
  help          Help about any command
  init          Initialize a new repository
  key           Manage keys (passwords)
  list          List objects in the repository
  ls            List files in a snapshot
  migrate       Apply migrations
  mount         Mount the repository
  prune         Remove unneeded data from the repository
  rebuild-index Build a new index
  recover       Recover data from the repository not referenced by snapshots
  restore       Extract the data from a snapshot
  self-update   Update the restic binary
  snapshots     List all snapshots
  stats         Scan the repository and show basic statistics
  tag           Modify tags on snapshots
  unlock        Remove locks other processes created
  version       Print version information

Flags:
      --cacert file                file to load root certificates from (default: use system certificates)
      --cache-dir directory        set the cache directory. (default: use system default cache directory)
      --cleanup-cache              auto remove old cache directories
  -h, --help                       help for restic
      --insecure-tls               skip TLS certificate verification when connecting to the repo (insecure)
      --json                       set output mode to JSON for commands that support it
      --key-hint key               key ID of key to try decrypting first (default: $RESTIC_KEY_HINT)
      --limit-download int         limits downloads to a maximum rate in KiB/s. (default: unlimited)
      --limit-upload int           limits uploads to a maximum rate in KiB/s. (default: unlimited)
      --no-cache                   do not use a local cache
      --no-lock                    do not lock the repository, this allows some operations on read-only repositories
  -o, --option key=value           set extended option (key=value, can be specified multiple times)
      --password-command command   shell command to obtain the repository password from (default: $RESTIC_PASSWORD_COMMAND)
  -p, --password-file file         file to read the repository password from (default: $RESTIC_PASSWORD_FILE)
  -q, --quiet                      do not output comprehensive progress report
  -r, --repo repository            repository to backup to or restore from (default: $RESTIC_REPOSITORY)
      --repository-file file       file to read the repository location from (default: $RESTIC_REPOSITORY_FILE)
      --tls-client-cert file       path to a file containing PEM encoded TLS client certificate and private key
  -v, --verbose n                  be verbose (specify multiple times or a level using --verbose=n, max level/times is 3)

Use "restic [command] --help" for more information about a command.

$ ( umask 0377 ; pwgen -Bs 32 1 > "${HOME}/.secret/app=restic,Backup=Blog.public" )

$ mkdir /var/backup/andy/Blogs/Blog.public

$ restic --repo /var/backup/andy/Blogs/Blog.public --password-file "${HOME}/.secret/app=restic,Backup=Blog.public" init
created restic repository 6205507f55 at /var/backup/andy/Blogs/Blog.public

Please note that knowledge of your password is required to access
the repository. Losing your password means that your data is
irrecoverably lost.

$ restic --repo /var/backup/andy/Blogs/Blog.public --password-file "${HOME}/.secret/app=restic,Backup=Blog.public" backup --tag andy --tag blog --tag initial Makefile content/ theme theme.mediumfox/
repository 6205507f opened successfully, password is correct
created new cache in /home/andy/.cache/restic
no parent snapshot found, will read all files

Files:         129 new,     0 changed,     0 unmodified
Dirs:           35 new,     0 changed,     0 unmodified
Added to the repo: 6.861 MiB

processed 129 files, 8.653 MiB in 0:01
snapshot b8cb5704 saved

$ restic --repo /var/backup/andy/Blogs/Blog.public --password-file "${HOME}/.secret/app=restic,Backup=Blog.public" snapshots
repository 6205507f opened successfully, password is correct
ID        Time                 Host        Tags               Paths
-------------------------------------------------------------------------------------------------------------
b8cb5704  2023-06-05 00:30:27  oryx        andy,blog,initial  /home/andy/Workspace/Blogs/Blog.public/_site/Makefile
                                                              /home/andy/Workspace/Blogs/Blog.public/_site/content
                                                              /home/andy/Workspace/Blogs/Blog.public/_site/theme
                                                              /home/andy/Workspace/Blogs/Blog.public/_site/theme.mediumfox
-------------------------------------------------------------------------------------------------------------
1 snapshots

$ restic --repo /var/backup/andy/Blogs/Blog.public --password-file "${HOME}/.secret/app=restic,Backup=Blog.public" snapshots --json | jq .
[
  {
    "time": "2023-06-05T00:30:27.970725574+02:00",
    "tree": "c3cd77441c3c2cff5d36b3bc1e861aec3d39953fc1721d48928838a2add97ab6",
    "paths": [
      "/home/andy/Workspace/Blogs/Blog.public/_site/Makefile",
      "/home/andy/Workspace/Blogs/Blog.public/_site/content",
      "/home/andy/Workspace/Blogs/Blog.public/_site/theme",
      "/home/andy/Workspace/Blogs/Blog.public/_site/theme.mediumfox"
    ],
    "hostname": "oryx",
    "username": "andy",
    "uid": 919,
    "gid": 919,
    "tags": [
      "andy",
      "blog",
      "initial"
    ],
    "id": "b8cb5704965560a4262586fc1e832b93182016d21e2a7cbb8bb59127b3e87303",
    "short_id": "b8cb5704"
  }
]

$ restic --repo /var/backup/andy/Blogs/Blog.public --password-file "${HOME}/.secret/app=restic,Backup=Blog.public" restore b8cb5704 --target "${HOME}/Workspace/Blogs/Blog.public/_restore"
repository 6205507f opened successfully, password is correct
restoring <Snapshot b8cb5704 of [/home/andy/Workspace/Blogs/Blog.public/_site/Makefile /home/andy/Workspace/Blogs/Blog.public/_site/content /home/andy/Workspace/Blogs/Blog.public/_site/theme /home/andy/Workspace/Blogs/Blog.public/_site/theme.mediumfox] at 2023-06-05 00:30:27.970725574 +0200 CEST by andy@oryx> to /home/andy/tmp/restore-blog

$ find ${HOME}/Workspace/Blogs/Blog.public/_restore -type f | wc -l
129

$ ( cd ${HOME}/Workspace/Blogs/Blog.public/_site; find content/ Makefile theme theme.mediumfox -type f | wc -l )
129

publish-real:
	@"$(PELICAN)" "$(INPUTDIR)" -o ...
	@/bin/restic --repo /var/backup/andy/Blogs/Blog.public --password-file "${HOME}/.secret/app=restic,Backup=Blog.public" backup --tag andy --tag blog --tag publish Makefile content/ theme theme.mediumfox/
	@/bin/rsync -a --info=progress2 --delete ...

$ make publish-real
[01:13:03] INFO PLUGIN: pelican-data-files was successfully loaded generator.py:40 (1)
Done: Processed 2 articles, 1 draft, 0 hidden articles, 1 page, 0 hidden pages and 0 draft pages in 0.43 seconds.
repository 6205507f opened successfully, password is correct        (2)
using parent snapshot 310dd13e

Files:           0 new,     2 changed,   127 unmodified
Dirs:            0 new,     2 changed,    33 unmodified
Added to the repo: 14.060 KiB

processed 129 files, 8.655 MiB in 0:00
snapshot c5215f5f saved
        129,337   1%    4.38MB/s    0:00:00 (xfr#19, to-chk=0/44)   (3)