commit e08498a91156528d1a3f36fe4d8390379eec4f3d parent 1900c3084953d965b0de3ca1728e5326cc3c8d88 Author: decentral1se <decentral1se@web> Date: Sun, 22 Mar 2026 21:57:00 +0100 feat: backups Diffstat:
| M | eik.mdwn | | | 14 | ++++++++++++++ |
1 file changed, 14 insertions(+), 0 deletions(-)
diff --git a/eik.mdwn b/eik.mdwn @@ -160,3 +160,17 @@ firewall -------- [ufw](https://help.ubuntu.com/community/UFW) is installed as a "frontend" for `iptables`. Defaults are set to allow outgoing and block incoming traffic. Only specific ports are open and allow incoming. + +backups +------- + +We are using [restic](https://restic.readthedocs.io/) for backups. + +On eik, we have created a specific user, following [these docs](https://restic.readthedocs.io/en/stable/080_examples.html#backing-up-your-system-without-running-restic-as-root). + +We're using a temporary homebrew server for remote backups because eik does not have enough storage capacity. You can find the connection details in `/home/eik/.ssh/config`. On the remote hbsc side, we've configured the `authorized_keys` to restrict access to only run the sftp command. + + # .ssh/authorized_keys + restrict,command="/lib/sftp-server" ssh-ed25519 ... + +The restic user on eik has a nightly cron configured to run a full system backup. See `/home/restic/backup.sh` for more.