Skip to content

Backup Strategy

A robust backup strategy is critical for any homelab. This document outlines the approach used to secure the dehott.link infrastructure, focusing on configuration files, persistent data, and database integrity.

Overview

The primary backup tool is Restic, a fast, secure, and efficient backup program that supports deduplication and encryption. It is configured to back up the entire /home/tim/homelab/ directory, excluding large media files that can be easily re-downloaded.

Key Principles

  • Deduplication: Restic only stores changed data, minimizing storage requirements.
  • Encryption: All backups are encrypted before leaving the host machine.
  • Exclusions: Media files (/home/tim/homelab/data/media/) and temporary downloads (/home/tim/homelab/data/downloads/) are excluded to keep backups small and fast.
  • Database Consistency: Containers with active databases (e.g., Sonarr, Radarr, Nextcloud, Gitea) are temporarily stopped before the backup runs to ensure data integrity.

Configuration

The backup process is automated via a shell script, typically scheduled via cron.

Restic Repository

The Restic repository can be a local directory, an external drive, or a cloud storage provider (e.g., Backblaze B2, AWS S3).

Backup Script

A typical backup script (/home/tim/homelab/scripts/backup.sh) looks like this:

#!/bin/bash

# Define the Restic repository and password
export RESTIC_REPOSITORY="/path/to/your/repo"
export RESTIC_PASSWORD="your_secure_password"

# Stop containers with active databases
docker stop media-sonarr media-radarr gitea personal-nextcloud

# Run the backup, excluding media and downloads
restic backup /home/tim/homelab/ \
  --exclude /home/tim/homelab/data/media/ \
  --exclude /home/tim/homelab/data/downloads/

# Restart the containers
docker start media-sonarr media-radarr gitea personal-nextcloud

# Prune old snapshots according to the retention policy
restic forget --keep-daily 7 --keep-weekly 4 --keep-monthly 6 --prune

Retention Policy

The restic forget command enforces a retention policy, keeping:

  • 7 daily snapshots
  • 4 weekly snapshots
  • 6 monthly snapshots

This provides a good balance between historical coverage and storage efficiency.

Restoration

To restore data from a Restic backup, use the restic restore command.

Restoring the Entire Homelab

# List available snapshots
restic snapshots

# Restore a specific snapshot to a temporary directory
restic restore <snapshot_id> --target /tmp/restore

# Copy the restored data back to the homelab directory
cp -r /tmp/restore/home/tim/homelab/* /home/tim/homelab/

Restoring a Specific File or Directory

# Restore only the Traefik configuration
restic restore <snapshot_id> --include /home/tim/homelab/data/traefik/ --target /tmp/restore

Best Practices

  • Test Restores: Regularly test the restoration process to ensure backups are valid and the procedure is understood.
  • Offsite Storage: Store at least one copy of the backups offsite (e.g., cloud storage) to protect against physical disasters.
  • Secure the Password: The Restic password is required to decrypt the backups. Store it securely in a password manager.