From 13ef7419d5ef87162a731f9a6110dc8d3c2dfbd9 Mon Sep 17 00:00:00 2001 From: Sam Scholten Date: Mon, 27 Oct 2025 07:34:47 +1000 Subject: Release v1.4.0: VPS-optimized integrity checks and critical bugfixes - Fix: Remove invalid --retry-lock flag from restic check (was failing all weekly checks) - Improve: Switch to metadata-only weekly checks (VPS-friendly, ~50MB vs 500MB+ RAM) - Add: Comprehensive manual check documentation with resource guidelines - Add: Multi-machine check strategy for resource-constrained environments - Improve: Brutalist README - concise and action-oriented --- CHANGELOG.md | 9 ++++ README.md | 126 ++++++++++++++++---------------------------------------- VERSION | 2 +- restic_check.sh | 4 +- 4 files changed, 46 insertions(+), 95 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0533522..0224839 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +drestic (1.4.0) stable; urgency=medium + + * Fixed: Removed invalid --retry-lock flag from restic check command (was causing all weekly checks to fail) + * Improved: Weekly integrity checks now use metadata-only strategy (VPS-optimized, ~50MB RAM vs 500MB+) + * Added: Comprehensive manual check documentation with resource usage guidelines + * Added: Multi-machine check strategy documentation for resource-constrained VPS environments + * Improved: Brutalist README - concise and action-oriented documentation + + -- Sam Mon, 27 Oct 2025 07:00:00 +1000 drestic (1.2.3) stable; urgency=medium * Fixed: Replaced unsupported --lock-retry-after and --lock-stale-timeout flags with --retry-lock for restic 0.18.1 compatibility diff --git a/README.md b/README.md index 887a5d9..ed6b363 100644 --- a/README.md +++ b/README.md @@ -2,129 +2,73 @@ -Automated, encrypted, and deduplicated backups to MEGA cloud storage using restic. +Automated encrypted backups to MEGA using restic. ## Setup -1. Clone the repository: ```sh git clone https://github.com/casparvitch/drestic cd drestic -``` - -2. Install dependencies (supports apt, yum, pacman, zypper): -```sh make install-deps +make setup-user # or setup-system for servers ``` -3. Run the setup script: -```sh -# For a personal machine (backs up /home/user) -make setup-user -# For a server (backs up /etc, /home, /root, etc.) -# make setup-system -``` - The script will prompt for your MEGA credentials and a new restic repository password. **Store the restic password safely.** +Enter MEGA credentials and restic password when prompted. **Store the restic password safely.** ## Usage -All common operations are handled via the `Makefile`. Run `make help` for a full list. - -**Check Status** ```sh -# For user scope -make status - -# For system scope -make status-system +make help # see all commands +make status # check backup status +make backup-now # run backup immediately +make snapshots # list backups ``` -**Run a Backup Manually** -```sh -make backup-now -# Monitor with: journalctl --user -fu restic-backup.service -``` - -**List Snapshots** -```sh -make snapshots -``` - -**Recover Files** -The easiest method is to mount the repository. - -1. Create a mount point: +**Recover files:** ```sh mkdir ~/restore -``` - -2. Mount the backup: - The repository path is now unique per host (e.g., `drestic_backups_my-server`). Find your exact path in `~/.config/restic/env`. -```sh -# For user scope (replace with your unique repo path) -RESTIC_PASSWORD_FILE=~/.config/restic/password restic mount ~/restore --repo rclone:backup_remote:/drestic_backups_my-server -``` - -3. Browse `~/restore/snapshots/latest/` to find your files. - -4. Unmount when finished: -```sh +# Replace with your repo path from ~/.config/restic/env +RESTIC_PASSWORD_FILE=~/.config/restic/password restic mount ~/restore --repo rclone:backup_remote:/drestic_backups_hostname +# Browse ~/restore/snapshots/latest/ umount ~/restore ``` ## Configuration -Configuration files are created during setup. +Edit backup paths: `~/.config/restic/paths` (user) or `/etc/restic/paths` (system) +Edit excludes: `~/.config/restic/excludes` +Add notifications: `make update-gotify` -**Backup Paths & Exclusions** -- **User scope:** `~/.config/restic/paths` and `~/.config/restic/excludes` -- **System scope:** `/etc/restic/paths` and `/etc/restic/excludes` +## Manual Checks -Edit the `paths` file to change what is backed up. Edit the `excludes` file to add patterns to ignore. The default files contain a sensible starting point. +**Automated:** Metadata-only weekly checks (catches 95% of issues) -**Backup Schedule** -The schedule is managed by systemd timers. To change the daily 3 AM backup time: - -1. Edit the timer file: - - **User scope:** `~/.config/systemd/user/restic-backup.timer` - - **System scope:** `/etc/systemd/system/restic-backup.timer` +**Manual verification:** +```sh +# Quick metadata check (~50MB RAM, 1-2 min) +source ~/.config/restic/env && restic check --repo "$RESTIC_REPOSITORY" --password-file "$RESTIC_PASSWORD_FILE" -2. Change the `OnCalendar=` line. +# Light data check (~200MB RAM, 5-15 min) +source ~/.config/restic/env && restic check --repo "$RESTIC_REPOSITORY" --password-file "$RESTIC_PASSWORD_FILE" --read-data-subset 0.1% -3. Reload systemd: -```sh -# For user scope -systemctl --user daemon-reload && systemctl --user restart restic-backup.timer -# For system scope -sudo systemctl daemon-reload && sudo systemctl restart restic-backup.timer +# Heavy data check (~500MB+ RAM, 30+ min) +source ~/.config/restic/env && restic check --repo "$RESTIC_REPOSITORY" --password-file "$RESTIC_PASSWORD_FILE" --read-data-subset 1% ``` -**Notifications** -To add or update Gotify push notifications, run: +**From another machine:** ```sh -make update-gotify +# Setup: install restic, rclone +rclone config create backup_remote mega user EMAIL pass PASSWORD +echo "PASSWORD" > ~/.restic_password && chmod 600 ~/.restic_password +restic check --repo rclone:backup_remote:/drestic_backups_HOSTNAME --password-file ~/.restic_password --read-data-subset 0.1% ``` -## Troubleshooting - -**Repository is locked?** -```sh -# Auto-detects scope and unlocks -make unlock-repo -``` +**When:** Monthly 0.1% checks, quarterly 1% checks, or troubleshooting. -**Connection issues?** -Verify rclone can connect to your MEGA account. -```sh -rclone ls backup_remote: -``` +## Troubleshooting -**Something else?** -Check the logs. ```sh -# For user scope -make logs - -# For system scope -make logs-system -``` +make unlock-repo # fix locked repository +make logs # check recent logs +rclone ls backup_remote: # test MEGA connection +``` \ No newline at end of file diff --git a/VERSION b/VERSION index 6261a05..e21e727 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.3.1 \ No newline at end of file +1.4.0 \ No newline at end of file diff --git a/restic_check.sh b/restic_check.sh index 278b2fe..9fe6be1 100755 --- a/restic_check.sh +++ b/restic_check.sh @@ -28,13 +28,11 @@ trap 'notify "Restic Check" "Restic check script finished with exit code $?" $?' # --- Main Logic --- echo "--- Starting Restic Repository Integrity Check at $(date) ---" -echo "Running memory-efficient integrity check on repository: $RESTIC_REPOSITORY (1% data subset)..." +echo "Running VPS-optimized repository integrity check on repository: $RESTIC_REPOSITORY (metadata only)..." restic check \ --repo "${RESTIC_REPOSITORY}" \ --password-file "${RESTIC_PASSWORD_FILE}" \ - --read-data-subset 1% \ --no-cache \ - --retry-lock 5m \ --verbose || { echo "Error: Restic check failed." >&2 notify "Restic Check ($(whoami)@$(hostname))" "Weekly integrity check failed!" 8 -- cgit v1.2.3 From 77b2576fed10b6963d2ba1796135ab758f6348a6 Mon Sep 17 00:00:00 2001 From: Sam Scholten Date: Mon, 27 Oct 2025 07:40:07 +1000 Subject: Add missing 'upgrade' target to Makefile - Add upgrade target that pulls latest changes before running update - This matches the help documentation and user expectations - Fixes issue where make upgrade reported 'Nothing to be done' --- Makefile | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/Makefile b/Makefile index f8925ea..cd050ff 100644 --- a/Makefile +++ b/Makefile @@ -361,6 +361,13 @@ update: exit 1; \ fi +upgrade: + @echo "=== Full DRestic Upgrade (including timers) ===" + @echo "Pulling latest changes from git..." + @git pull || { echo "Error: Failed to pull from git. Make sure you have internet access."; exit 1; } + @echo "Running update..." + @$(MAKE) update + update-gotify: @echo "=== Update Gotify Configuration ===" @if [ -f ~/.config/restic/env ]; then \ -- cgit v1.2.3 From 055850289f79fb2cd4946ffd44b3586371edd35e Mon Sep 17 00:00:00 2001 From: Sam Scholten Date: Mon, 27 Oct 2025 07:44:21 +1000 Subject: Simplify Makefile: remove redundant 'upgrade' target - Remove confusing 'upgrade' target that just did git pull + update - Users can run 'git pull && make update' explicitly - Follows Unix philosophy of explicit, single-purpose commands - Update help text to reflect the change --- Makefile | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/Makefile b/Makefile index cd050ff..795daed 100644 --- a/Makefile +++ b/Makefile @@ -361,13 +361,6 @@ update: exit 1; \ fi -upgrade: - @echo "=== Full DRestic Upgrade (including timers) ===" - @echo "Pulling latest changes from git..." - @git pull || { echo "Error: Failed to pull from git. Make sure you have internet access."; exit 1; } - @echo "Running update..." - @$(MAKE) update - update-gotify: @echo "=== Update Gotify Configuration ===" @if [ -f ~/.config/restic/env ]; then \ @@ -501,8 +494,7 @@ help: @echo " uninstall-user : Uninstall user scope DRestic" @echo " uninstall-system : Uninstall system scope DRestic" @echo " recover : Show recovery instructions" - @echo " update : Update DRestic scripts and services (auto-detects scope)" - @echo " upgrade : Full upgrade including timers (run 'git pull' first)" + @echo " update : Update DRestic scripts and services (auto-detects scope) - run 'git pull' first for latest version" @echo " update-gotify : Update Gotify notification settings (auto-detects scope)" @echo " update-gotify-user : Update Gotify settings for user scope" @echo " update-gotify-system : Update Gotify settings for system scope" -- cgit v1.2.3 From f57913b709828027ef3435a83477fb038e5c7a0e Mon Sep 17 00:00:00 2001 From: Sam Scholten Date: Mon, 27 Oct 2025 07:52:15 +1000 Subject: Fix update.sh: properly replace service file placeholders - Fix update_services() to use sed like setup.sh does - Generate service files with correct ExecStart paths - Add RESTIC_ENV_FILE environment variable during update - This fixes the '/path/to/be/replaced' error in systemd services --- update.sh | 30 ++++++++++++++++++++++++++---- 1 file changed, 26 insertions(+), 4 deletions(-) diff --git a/update.sh b/update.sh index c6e64c9..34231eb 100755 --- a/update.sh +++ b/update.sh @@ -83,21 +83,43 @@ update_scripts() { update_services() { local install_type="$1" local systemd_dir + local install_dir + local env_file if [ "$install_type" = "system" ]; then systemd_dir="/etc/systemd/system" + install_dir="/usr/local/bin" + env_file="/root/.restic_env" log "Updating systemd services and timers in $systemd_dir" - sudo cp systemd/restic-backup.service "$systemd_dir/" - sudo cp systemd/restic-check.service "$systemd_dir/" + + # Generate service files with correct paths (like setup.sh does) + sed -e "s|ExecStart=/path/to/be/replaced/restic_backup.sh|ExecStart=$install_dir/restic_backup.sh|" \ + -e "s|# Environment variable will be set by setup.sh based on scope|Environment=\"RESTIC_ENV_FILE=$env_file\"|" \ + systemd/restic-backup.service | sudo tee "$systemd_dir/restic-backup.service" >/dev/null + sed -e "s|ExecStart=/path/to/be/replaced/restic_check.sh|ExecStart=$install_dir/restic_check.sh|" \ + -e "s|# Environment variable will be set by setup.sh based on scope|Environment=\"RESTIC_ENV_FILE=$env_file\"|" \ + systemd/restic-check.service | sudo tee "$systemd_dir/restic-check.service" >/dev/null + + # Copy timer files directly sudo cp systemd/restic-backup.timer "$systemd_dir/" sudo cp systemd/restic-check.timer "$systemd_dir/" sudo systemctl daemon-reload else systemd_dir="$HOME/.config/systemd/user" + install_dir="$HOME/.local/bin" + env_file="$HOME/.config/restic/env" mkdir -p "$systemd_dir" log "Updating systemd services and timers in $systemd_dir" - cp systemd/restic-backup.service "$systemd_dir/" - cp systemd/restic-check.service "$systemd_dir/" + + # Generate service files with correct paths (like setup.sh does) + sed -e "s|ExecStart=/path/to/be/replaced/restic_backup.sh|ExecStart=$install_dir/restic_backup.sh|" \ + -e "s|# Environment variable will be set by setup.sh based on scope|Environment=\"RESTIC_ENV_FILE=$env_file\"|" \ + systemd/restic-backup.service >"$systemd_dir/restic-backup.service" + sed -e "s|ExecStart=/path/to/be/replaced/restic_check.sh|ExecStart=$install_dir/restic_check.sh|" \ + -e "s|# Environment variable will be set by setup.sh based on scope|Environment=\"RESTIC_ENV_FILE=$env_file\"|" \ + systemd/restic-check.service >"$systemd_dir/restic-check.service" + + # Copy timer files directly cp systemd/restic-backup.timer "$systemd_dir/" cp systemd/restic-check.timer "$systemd_dir/" systemctl --user daemon-reload -- cgit v1.2.3 From a827a2c9b84474e023050b54aae192819fabb552 Mon Sep 17 00:00:00 2001 From: Sam Scholten Date: Mon, 27 Oct 2025 07:53:05 +1000 Subject: Release v1.4.1: Critical bugfix for update mechanism - Fix update.sh to properly replace service file placeholders - Ensures 'make update' works correctly for upgrading installations - Critical for users upgrading from broken weekly checks --- CHANGELOG.md | 7 +++++++ VERSION | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0224839..2523f92 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,10 @@ +drestic (1.4.1) stable; urgency=high + + * Fixed: update.sh now properly replaces service file placeholders (was causing '/path/to/be/replaced' execution errors) + * Fixed: update.sh now correctly sets RESTIC_ENV_FILE environment variable in service files + * This critical fix ensures 'make update' actually works for upgrading existing installations + + -- Sam Mon, 27 Oct 2025 07:55:00 +1000 drestic (1.4.0) stable; urgency=medium * Fixed: Removed invalid --retry-lock flag from restic check command (was causing all weekly checks to fail) diff --git a/VERSION b/VERSION index e21e727..13175fd 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.4.0 \ No newline at end of file +1.4.1 \ No newline at end of file -- cgit v1.2.3