Robust, operator-friendly wrappers for Restic backups. Focused on security, automation (systemd/cron), and ease of recovery.
- Multi-Cloud Support: Fully compatible with all Restic backends.
- Tested & Verified: AWS S3, Azure Blob Storage, Backblaze B2.
- Also supports: SFTP, REST Server, Google Cloud, local disk, etc.
- Secure by Default: No plaintext passwords on disk; uses GPG-encrypted secrets.
- Automated: Ready-to-use systemd units (timers/services) for backup, prune, and retention.
- Operator-Centric: Helper scripts for stats, listing snapshots, and unified logging.
- Portable: Runs on Linux (systemd) and BSD/macOS (cron).
For the full detailed guide, see docs/Deployment.md.
Download the latest self-extracting release (.run) and install it to a versioned directory.
# 1. Prepare directory
mkdir -p /usr/local/lib/restic-ops/v0.2.1
cd /usr/local/lib/restic-ops/v0.2.1
# 2. Extract release (assuming you downloaded restic-ops.run here)
sh restic-ops.run
# 3. Symlink for easy access
ln -sfn /usr/local/lib/restic-ops/v0.2.1 /usr/local/bin/restic-ops
Create the persistent configuration directory and copy the default rules.
- Create Config & Copy Rules:
mkdir -p /etc/restic-ops
cp /usr/local/bin/restic-ops/conf/*.txt /etc/restic-ops/
- Setup Encrypted Secrets:
Create a temporary
restic.envwith your credentials, encrypt it, and delete the plaintext.
# Create/Edit secrets
vi /etc/restic-ops/restic.env
# Encrypt (AES256) and remove plaintext
gpg --symmetric --cipher-algo AES256 /etc/restic-ops/restic.env
rm /etc/restic-ops/restic.env
Configure the agent to remember your passphrase for 40 days so backups run unattended.
- Set TTL (40 days):
Add these lines to
/root/.gnupg/gpg-agent.conf:
default-cache-ttl 3456000
max-cache-ttl 3456000
- Restart & Prime:
gpgconf --kill gpg-agent
/usr/local/bin/restic-ops/bin/prime-gpg.sh
Initialize the repository and perform the first run.
/usr/local/bin/restic-ops/bin/init.sh
/usr/local/bin/restic-ops/bin/backup.sh
Enable the provided systemd timers.
cp /usr/local/bin/restic-ops/systemd/restic-*.service /etc/systemd/system/
cp /usr/local/bin/restic-ops/systemd/restic-*.timer /etc/systemd/system/
systemctl daemon-reload
systemctl enable --now restic-backup.timer restic-retention.timer restic-prune.timerI am not a Go/Shell expert by trade. I am an Operations Engineer. restic-ops exists because I was able to pair my operational experience with the coding speed of modern AI (Gemini/Copilot). I treated the AI as a junior developer: I gave the instructions, I set the constraints, and—most importantly—I audited the result.
This approach allowed me to move from 'philosophical concept' to 'working prototype' in a fraction of the time. This tool is a testament to what is possible when we stop worrying about how to write the loop and focus on why the loop needs to run. However, because this is a security tool, I have manually reviewed every line of code to ensure it adheres to the 'Piece of Paper' standard and contains no hallucinations or insecure defaults. I invite you to do the same.
- Deployment Guide: Full installation, directory layout, and upgrade steps.
- Operations & Troubleshooting: Daily management commands.
- Cron/BSD Guide: Scheduling without systemd.
- Roadmap: Future plans and version history.
- External: External hard drive use case.