cloud backup config for ad3HEADmaster

1 files changed, 111 insertions, 0 deletions

diff --git a/backup/ad3/README.org b/backup/ad3/README.org
new file mode 100644
index 0000000..abb96b9
--- /dev/null
+++ b/backup/ad3/README.org
@@ -0,0 +1,111 @@
+* Overview
+# sudo cp /root/.restic-env
+# sudo cp /root/restic-exclude.txt
+# sudo chmod 600 /root/.restic-env
+# sub the values for /root/.restic-env
+
+You need to initialize the restic repository first before you can back up to it. This is a one-time step:
+
+#+begin_src sh
+sudo bash -c 'source /root/.restic-env && restic init'
+#+end_src
+
+sudo systemctl daemon-reload
+sudo systemctl enable --now backup-cloud.timer
+
+# Verify
+systemctl list-timers backup-cloud.timer
+
+** Restoring from Restic
+
+#+begin_src sh
+sudo bash -c 'source /root/.restic-env && restic snapshots'           # list snapshots
+sudo bash -c 'source /root/.restic-env && restic ls latest /home/benj' # browse
+sudo bash -c 'source /root/.restic-env && restic restore latest --target /tmp/restore'  # full restore
+sudo bash -c 'source /root/.restic-env && restic restore latest --target /tmp/restore --include /home/benj/somefile'  # specific file
+#+end_src
+
+** Disaster Recovery ISO
+
+This creates a bootable ISO that contains your disk layout, bootloader config, and everything needed to do a bare-metal restore onto a new or wiped machine.
+
+*** Install
+
+#+begin_src sh
+# From AUR
+paru -S rear  # or yay -S rear
+#+end_src
+
+*** Configure
+
+Edit =/etc/rear/local.conf=:
+
+#+begin_src conf
+OUTPUT=ISO
+OUTPUT_URL=file:///root/rear-output/
+BACKUP=NETFS
+BACKUP_URL=file:///mnt/backup/rear/
+BACKUP_PROG_EXCLUDE=("${BACKUP_PROG_EXCLUDE[@]}" '/var/lib/docker' '/var/cache/pacman/pkg' '/home/benj/.cache' '/home/benj/.rustup' '/home/benj/.ghcup' '/home/benj/.stack' '/home/benj/.espressif' '/home/benj/go/pkg' '/home/benj/Android' '/home/benj/.npm/_cacache' '/home/benj/.cargo/registry' '/home/benj/.cargo/git' '/home/benj/.android/avd' '/var/log/journal' '/var/lib/systemd/coredump')
+#+end_src
+
+*** Create Recovery ISO
+
+#+begin_src sh
+# With external drive mounted at /mnt/backup:
+sudo mkdir -p /root/rear-output /mnt/backup/rear
+sudo rear -v mkbackup
+#+end_src
+
+This produces:
+- =/root/rear-output/rear-*.iso= — bootable recovery ISO
+- =/mnt/backup/rear/= — the backup archive
+
+*/ Using Rear to Restore
+
+1. Write the ISO to a USB stick: =sudo dd if=/root/rear-output/rear-*.iso of=/dev/sdX bs=4M status=progress=
+2. Boot from it on the new/wiped machine
+3. Select "Recover" from the menu
+4. Rear automatically:
+   - Recreates your partition layout
+   - Sets up LUKS (it will ask for your passphrase)
+   - Creates LVM
+   - Restores all files
+   - Installs the bootloader
+5. Reboot into your restored system
+
+** When to Regenerate the ISO
+
+- After major system changes (new partitions, bootloader changes)
+- Monthly alongside your regular backups
+- After adding/removing LUKS keyslots
+
+** Verification (Montly)
+
+Create =/usr/local/bin/backup-verify=:
+
+#+begin_src bash
+#!/bin/bash
+set -euo pipefail
+source /root/.restic-env
+
+echo "=== B2 Snapshots ==="
+restic snapshots --latest 10
+
+echo ""
+echo "=== Repository Integrity (sampling 5%) ==="
+restic check --read-data-subset=5%
+
+echo ""
+echo "=== Repository Size ==="
+restic stats
+
+echo ""
+echo "=== Rear ISO ==="
+ls -lh /root/rear-output/rear-*.iso 2>/dev/null || echo "WARNING: No Rear ISO found! Run: sudo rear -v mkbackup"
+
+echo ""
+echo "=== LUKS Header Backup ==="
+ls -lh /root/luks-header-backup 2>/dev/null || echo "WARNING: No LUKS header backup! Run the backup immediately."
+#+end_src
+
+