安装rest-server
后端
我准备把后端放到 nas 上, 由于不想在 nas 上装 docker, 所以使用 systemd 管理进程, 系统为ubuntu20.04
1
|
sudo vim /etc/systemd/system/rest-server.service
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
[Unit]
Description=Rest Server
After=syslog.target
After=network.target
# if you want to use socket activation, make sure to require the socket here
#Requires=rest-server.socket
[Service]
Type=simple
# You may prefer to use a different user or group on your system.
User=lomot
Group=lomot
ExecStart=/opt/rest-server/rest-server --path /nas/backup/restic --listen 0.0.0.0:8022 --no-auth
Restart=always
RestartSec=5
# The following options are available (in systemd v247) to restrict the
# actions of the rest-server.
# As a whole, the purpose of these are to provide an additional layer of
# security by mitigating any unknown security vulnerabilities which may exist
# in rest-server or in the libraries, tools and operating system components
# which it relies upon.
# IMPORTANT!
# The following line must be customised to your individual requirements.
ReadWritePaths=/nas/backup/restic
# Makes created files group-readable, but inaccessible by others
UMask=027
# If your system doesn't support all of the features below (e.g. because of
# the use of an older version of systemd), you may wish to comment-out
# some of the lines below as appropriate.
CapabilityBoundingSet=
LockPersonality=true
MemoryDenyWriteExecute=true
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=true
PrivateUsers=true
ProtectSystem=strict
ProtectHome=yes
ProtectClock=true
ProtectControlGroups=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
# ProtectProc=invisible
ProtectHostname=true
RemoveIPC=true
RestrictNamespaces=true
RestrictAddressFamilies=AF_INET AF_INET6
RestrictSUIDSGID=true
RestrictRealtime=true
SystemCallArchitectures=native
SystemCallFilter=@system-service
# Additionally, you may wish to use some of the systemd options documented in
# systemd.resource-control(5) to limit the CPU, memory, file-system I/O and
# network I/O that the rest-server is permitted to consume according to the
# individual requirements of your installation.
#CPUQuota=25%
#MemoryMax=bytes
#MemorySwapMax=bytes
#TasksMax=N
#IOReadBandwidthMax=device bytes
#IOWriteBandwidthMax=device bytes
#IOReadIOPSMax=device IOPS, IOWriteIOPSMax=device IOPS
#IPAccounting=true
#IPAddressAllow=
[Install]
WantedBy=multi-user.target
|
其中--path /nas/backup/restic
为备份存储路径, 注意ReadWritePaths=/nas/backup/restic
字段一定要加上, 不然会没有文件写入权限
1
2
3
|
sudo systemctl daemon-reload
sudo systemctl start rest-server.service
sudo systemctl enable rest-server.service
|
开始备份
1
|
sudo apt install restic
|
1
|
restic -r rest:http://192.168.8.250:8022/test init
|
1
2
3
4
5
6
7
|
enter password for new repository:
enter password again:
created restic repository b4e2dff5d6 at rest:http://192.168.8.250:8022/test
Please note that knowledge of your password is required to access
the repository. Losing your password means that your data is
irrecoverably lost.
|
1
|
restic -r rest:http://192.168.8.250:8022/test backup important-data/
|
1
2
3
4
5
6
7
8
9
10
|
enter password for repository:
repository b4e2dff5 opened successfully, password is correct
created new cache in /home/lomot/.cache/restic
Files: 1 new, 0 changed, 0 unmodified
Dirs: 0 new, 0 changed, 0 unmodified
Added to the repo: 444 B
processed 1 files, 60 B in 0:00
snapshot 00e81d67 saved
|
1
|
restic -r rest:http://192.168.8.250:8022/test snapshots
|
1
2
3
4
5
6
7
8
|
enter password for repository:
repository b4e2dff5 opened successfully, password is correct
ID Time Host Tags Paths
------------------------------------------------------------------------------------
00e81d67 2022-01-15 11:50:05 lomot-service /home/lomot/important-data
bef1d9e5 2022-01-15 11:52:13 lomot-service /home/lomot/important-data
------------------------------------------------------------------------------------
2 snapshots
|
1
|
restic -r rest:http://192.168.8.250:8022/test restore bef1d9e5 --target ./tmp
|
1
2
3
|
enter password for repository:
repository b4e2dff5 opened successfully, password is correct
restoring <Snapshot 00e81d67 of [/home/lomot/important-data] at 2022-01-15 11:50:05.621230745 +0800 CST by lomot@lomot-service> to ./tmp
|
1
|
restic -r rest:http://192.168.8.250:8022/test forget 00e81d67
|
1
2
3
|
enter password for repository:
repository b4e2dff5 opened successfully, password is correct
removed snapshot 00e81d67
|
看一下删掉后得结果
1
|
restic -r rest:http://192.168.8.250:8022/test snapshots
|
1
2
3
4
5
6
7
|
enter password for repository:
repository b4e2dff5 opened successfully, password is correct
ID Time Host Tags Paths
------------------------------------------------------------------------------------
bef1d9e5 2022-01-15 11:52:13 lomot-service /home/lomot/important-data
------------------------------------------------------------------------------------
1 snapshots
|
免密码备份
1
|
echo '123456' > /home/lomot/.restic_passwd
|
备份
1
|
restic -r rest:http://192.168.8.250:8022/test backup important-data/ --password-file /home/lomot/.restic_passwd
|
1
2
3
4
5
6
7
8
|
repository b4e2dff5 opened successfully, password is correct
Files: 1 new, 0 changed, 2 unmodified
Dirs: 0 new, 0 changed, 0 unmodified
Added to the repo: 419 B
processed 3 files, 137 B in 0:00
snapshot a8cfbbf2 saved
|
删除策略
1
|
restic -r rest:http://192.168.8.250:8022/test forget --keep-monthly 6 --keep-weekly 4 --keep-daily 7 --keep-last 3 --prune
|
保留 6 个月最新备份, 4 个周最新备份, 7 个日最新备份, 至少 3 个历史
定时备份 gitea 的脚本
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
#!/bin/bash
BACKUP_LOG_FILE=${LOG_FILE:-/var/log/remote-backup.log}
RESTIC_REPO=${RESTIC_REPO:-"rest:http://192.168.8.250:8022/gitea"}
PASSWORD_FILE=${PASSWORD_FILE:-"/root/.restic_passwd"}
function remoteBackup() {
# local backupDate=$(date "+%Y%m%d-%H-%M-%S")
local backupName=$1
local srcDir=$2
local restic_repo=$3
echo "[$(date)] [start backup] ${backupName}"
restic -r ${restic_repo} backup ${srcDir} --password-file ${PASSWORD_FILE}
echo "[$(date)] [finish backup] ${backupName}"
}
function cleanUp() {
local restic_repo=$1
echo "[$(date)] [start cleanUp] ${restic_repo}"
restic -r ${restic_repo} forget --keep-monthly 6 --keep-weekly 4 --keep-daily 7 --keep-last 3 --prune --password-file ${PASSWORD_FILE}
echo "[$(date)] [start cleanUp] ${restic_repo}"
}
remoteBackup "gitea" /opt/gitea/ ${RESTIC_REPO} &>>${BACKUP_LOG_FILE}
remoteBackup "git-home" /home/git/ ${RESTIC_REPO} &>>${BACKUP_LOG_FILE}
# clean up
cleanUp ${RESTIC_REPO} &>>${BACKUP_LOG_FILE}
|
1
|
0 2 * * * /opt/gitea/backup.sh
|