diff options
Diffstat (limited to 'backup/ad3/README.org')
| -rw-r--r-- | backup/ad3/README.org | 111 |
1 files changed, 111 insertions, 0 deletions
diff --git a/backup/ad3/README.org b/backup/ad3/README.org new file mode 100644 index 0000000..abb96b9 --- /dev/null +++ b/backup/ad3/README.org @@ -0,0 +1,111 @@ +* Overview +# sudo cp /root/.restic-env +# sudo cp /root/restic-exclude.txt +# sudo chmod 600 /root/.restic-env +# sub the values for /root/.restic-env + +You need to initialize the restic repository first before you can back up to it. This is a one-time step: + +#+begin_src sh +sudo bash -c 'source /root/.restic-env && restic init' +#+end_src + +sudo systemctl daemon-reload +sudo systemctl enable --now backup-cloud.timer + +# Verify +systemctl list-timers backup-cloud.timer + +** Restoring from Restic + +#+begin_src sh +sudo bash -c 'source /root/.restic-env && restic snapshots' # list snapshots +sudo bash -c 'source /root/.restic-env && restic ls latest /home/benj' # browse +sudo bash -c 'source /root/.restic-env && restic restore latest --target /tmp/restore' # full restore +sudo bash -c 'source /root/.restic-env && restic restore latest --target /tmp/restore --include /home/benj/somefile' # specific file +#+end_src + +** Disaster Recovery ISO + +This creates a bootable ISO that contains your disk layout, bootloader config, and everything needed to do a bare-metal restore onto a new or wiped machine. + +*** Install + +#+begin_src sh +# From AUR +paru -S rear # or yay -S rear +#+end_src + +*** Configure + +Edit =/etc/rear/local.conf=: + +#+begin_src conf +OUTPUT=ISO +OUTPUT_URL=file:///root/rear-output/ +BACKUP=NETFS +BACKUP_URL=file:///mnt/backup/rear/ +BACKUP_PROG_EXCLUDE=("${BACKUP_PROG_EXCLUDE[@]}" '/var/lib/docker' '/var/cache/pacman/pkg' '/home/benj/.cache' '/home/benj/.rustup' '/home/benj/.ghcup' '/home/benj/.stack' '/home/benj/.espressif' '/home/benj/go/pkg' '/home/benj/Android' '/home/benj/.npm/_cacache' '/home/benj/.cargo/registry' '/home/benj/.cargo/git' '/home/benj/.android/avd' '/var/log/journal' '/var/lib/systemd/coredump') +#+end_src + +*** Create Recovery ISO + +#+begin_src sh +# With external drive mounted at /mnt/backup: +sudo mkdir -p /root/rear-output /mnt/backup/rear +sudo rear -v mkbackup +#+end_src + +This produces: +- =/root/rear-output/rear-*.iso= — bootable recovery ISO +- =/mnt/backup/rear/= — the backup archive + +*/ Using Rear to Restore + +1. Write the ISO to a USB stick: =sudo dd if=/root/rear-output/rear-*.iso of=/dev/sdX bs=4M status=progress= +2. Boot from it on the new/wiped machine +3. Select "Recover" from the menu +4. Rear automatically: + - Recreates your partition layout + - Sets up LUKS (it will ask for your passphrase) + - Creates LVM + - Restores all files + - Installs the bootloader +5. Reboot into your restored system + +** When to Regenerate the ISO + +- After major system changes (new partitions, bootloader changes) +- Monthly alongside your regular backups +- After adding/removing LUKS keyslots + +** Verification (Montly) + +Create =/usr/local/bin/backup-verify=: + +#+begin_src bash +#!/bin/bash +set -euo pipefail +source /root/.restic-env + +echo "=== B2 Snapshots ===" +restic snapshots --latest 10 + +echo "" +echo "=== Repository Integrity (sampling 5%) ===" +restic check --read-data-subset=5% + +echo "" +echo "=== Repository Size ===" +restic stats + +echo "" +echo "=== Rear ISO ===" +ls -lh /root/rear-output/rear-*.iso 2>/dev/null || echo "WARNING: No Rear ISO found! Run: sudo rear -v mkbackup" + +echo "" +echo "=== LUKS Header Backup ===" +ls -lh /root/luks-header-backup 2>/dev/null || echo "WARNING: No LUKS header backup! Run the backup immediately." +#+end_src + + |