Restic backup via systemd timer

I am putting this here because it worked for me for a long long time, unattended and now I am replacing it with a docker version I crafted in a meantime. This makes me think that I did not post anything about it and I should. But in case I will need it in the future it won't get lost.

Anyway, by using systemd timers instead of cron jobs we are getting better log management at the very least, alongside other goodies. This only applies if you are at the camp adoring systemd as there, as with anything linux, are multiple other possibilities, like init scripts.

We start with a backup script under /root/restic-env:

#!/bin/sh

export B2_ACCOUNT_KEY=key
export B2_ACCOUNT_ID=id
export RESTIC_PASSWORD=password

exec restic -r b2:my-bucket: "$@"

Replace the three variables with the ones from the key created in the Backblaze. You need read-write permissions. It is recommended to also reduce the permissions to this script to a bare minimum:

chown root:root /root/restic-env
chmod 700 /root/restic-env

If you have a non-root user at that server to log in and interact with the staff, they would not be able to read it. Next move on with the systemd timer at /etc/systemd/system/restic.timer:

[Unit]
Description=Restic backup to Backblaze B2

[Timer]
OnCalendar=*-*-* 3:00:00
Persistent=true

[Install]
WantedBy=timers.target

And the service itself at /etc/systemd/system/restic.service:

[Unit]
Description=Restic backup to Backblaze B2

[Service]
Type=oneshot
Environment=HOME=/root
ExecStart=/root/restic-env backup /root

Now just start and enable the timer:

systemctl enable restic.timer

The script will backup all your root incrementally into Backblaze B2. Note that this might not backup your database, only all files. Enjoy!

Links

• https://restic.readthedocs.io/en/latest/040_backup.html
• https://www.backblaze.com/docs/cloud-storage-create-and-manage-app-keys
• https://www.freedesktop.org/software/systemd/man/latest/systemd.timer.html