Compare commits

...

2 commits

Author SHA1 Message Date
ced9405119
Add Restic 2021-11-17 12:16:49 +01:00
c74730aa54
(plz rebase) skeleton security 2021-11-16 10:14:54 +01:00
3 changed files with 62 additions and 0 deletions

View file

@ -12,6 +12,7 @@
- [Configuring a reverse proxy](./cookbook/reverse_proxy.md) - [Configuring a reverse proxy](./cookbook/reverse_proxy.md)
- [Production Deployment](./cookbook/real_world.md) - [Production Deployment](./cookbook/real_world.md)
- [Recovering from failures](./cookbook/recovering.md) - [Recovering from failures](./cookbook/recovering.md)
- [Security](./cookbook/security.md)
- [Integrations](./connect/index.md) - [Integrations](./connect/index.md)
- [Apps (Nextcloud, Peertube...)](./connect/apps.md) - [Apps (Nextcloud, Peertube...)](./connect/apps.md)

View file

@ -13,6 +13,60 @@ If you still want to use Borg, you can use it with `rclone mount`.
## Restic ## Restic
Create your key and bucket:
```bash
garage key new my-key
garage bucket create backup
garage bucket allow backup --read --write --key my-key
```
Then register your Key ID and Secret key in your environment:
```bash
export AWS_ACCESS_KEY_ID=GKxxx
export AWS_SECRET_ACCESS_KEY=xxxx
```
Configure restic from environment too:
```bash
export RESTIC_REPOSITORY="s3:http://localhost:3900/backups"
echo "Generated password (save it safely): $(openssl rand -base64 32)"
export RESTIC_PASSWORD=xxx # copy paste your generated password here
```
Do not forget to save your password safely (in your password manager or print it). It will be needed to decrypt your backups.
Now you can use restic:
```bash
# Initialize the bucket, must be run once
restic init
# Backup your PostgreSQL database
# (We suppose your PostgreSQL daemon is stopped for all commands)
restic backup /var/lib/postgresql
# Show backup history
restic snapshots
# Backup again your PostgreSQL database, it will be faster as only changes will be uploaded
restic backup /var/lib/postgresql
# Show backup history (again)
restic snapshots
# Restore a backup
# (79766175 is the ID of the snapshot you want to restore)
mv /var/lib/postgresql /var/lib/postgresql.broken
restic restore 79766175 --target /var/lib/postgresql
```
Restic has way more features than the ones presented here.
You can discover all of them by accessing its documentation from the link below.
*External links:* [Restic Documentation > Amazon S3](https://restic.readthedocs.io/en/stable/030_preparing_a_new_repo.html#amazon-s3) *External links:* [Restic Documentation > Amazon S3](https://restic.readthedocs.io/en/stable/030_preparing_a_new_repo.html#amazon-s3)
## Duplicity ## Duplicity

View file

@ -0,0 +1,7 @@
# Security
## Security Model
## Secrets
## Incident response