Update guide

op_guide/backup_minio/README.md

@@ -6,7 +6,7 @@ You need to choose some names/identifiers:
 export BUCKET_NAME=example
 export NEW_ACCESS_KEY_ID=hello
 
-export NEW_SECRET_ACCESS_KEY=$(openssl rand -base64 60)
+export NEW_SECRET_ACCESS_KEY=$(openssl rand -base64 32)
 export POLICY_NAME="policy-$BUCKET_NAME"
 ```
 
@@ -22,7 +22,7 @@ Create a new user:
 mc admin user add deuxfleurs $NEW_ACCESS_KEY_ID $NEW_SECRET_ACCESS_KEY
 ```
 
-Add this new user to your `~/.mc/config.json` file
+Add this new user to your `~/.mc/config.json` file, as `backup-user` for example.
 
 ---
 
@@ -53,6 +53,7 @@ cat > /tmp/policy.json <<EOF
         }
     ]
 }
+EOF
 ```
 
 Register it:
@@ -67,4 +68,61 @@ Set it to your user:
 mc admin policy set deuxfleurs $POLICY_NAME user=${NEW_ACCESS_KEY_ID}
 ```
 
+Now it should display *only* your new bucket when running:
 
+```bash
+mc ls backup-user/
+```
+
+---
+
+Now we need to initialize the repository with restic.
+
+```bash
+export ENDPOINT="https://garage.tld"
+
+export AWS_ACCESS_KEY_ID=$NEW_ACCESS_KEY_ID
+export AWS_SECRET_ACCESS_KEY=$NEW_SECRET_ACCESS_KEY
+export RESTIC_REPOSITORY="s3:$ENDPOINT/$BUCKET_NAME"
+export RESTIC_PASSWORD=$(openssl rand -base64 32)
+```
+
+Then init the repo for restic from your machine:
+
+```
+restic init
+```
+
+*I am using restic version `restic 0.12.1 compiled with go1.16.9 on linux/amd64`*
+
+See your snapshots with:
+
+```
+restic snapshots
+```
+
+---
+
+Add the secrets to Consul, near your service secrets.
+The idea is that the backuping service is a component of the global running service.
+You must add:
+  - `backup_aws_access_key_id`
+  - `backup_aws_secret_access_key`
+  - `backup_aws_endpoint`
+  - `backup_restic_password`
+
+
+---
+
+Now we need a service that runs:
+
+```
+restic backup .
+```
+
+And also that garbage collect snapshots.
+I propose:
+
+```
+restic forget --prune --keep-within 1m1d --keep-within-weekly 3m --keep-within-monthly 1y
+```