My backups in 2021

This documents my backup process as of 2021.

Local state minimization

I try to keep my environment as ephemeral (stateless) as possible. All my projects’ are hosted in either SourceHut or GitHub. My configuration files live in SourceHut.

Local, non-ephemeral data is synchronized between hosts using Syncthing. For iOS devices I use Möbius Sync.

Local backup

I have Linux (Debian/Ubuntu), macOS and Windows hosts. My servers do not have a local state, thus my focus are laptops and workstations.

I prefer higher level, system native backup applications for local backups. For macOS this means using Time Machine. If I were to back up the Windows host, I would use the Window native backup application. The benefit of system native applications is that they have more access system state, such as battery level. On Linux hosts I use restic integrated into systemd with user units.

Local backups are done frequently.

Remote backup

I use restic to push my backups into two different destinations: Backblaze B2 and Kapsi. From Kapsi, a Finnish user can get 50+500 gigabytes of storage for 40 euros / year (among other things).

Since restic does not support configuration files, I’ve successfully used crestic to backup my home directory to multiple locations. How crestic works is simple: its configuration maps to restic’s command-line arguments.

I use the following crestic configuration on macOS:

[global]
verbose:

[global.backup]
exclude-caches:
one-file-system:
exclude-file: ~/.restic/exclude

[global.forget]
group-by: paths
keep-last: 3
keep-daily: 7
keep-weekly: 5
keep-monthly: 12
keep-yearly: 75

[home@.backup]
tag: full-home
arguments: ~

[@kapsi]
repo: sftp:kapsi:backup/macbookpro
password-command: security find-generic-password -s backup-restic-repository -w

[@b2]
repo: b2:bucket:macbookpro

[@b2.environ]
B2_ACCOUNT_ID: .
B2_ACCOUNT_KEY: .

Using the above configuration file, backups are done to B2 and Kapsi as follows:

$ crestic home@kapsi backup
$ crestic home@b2 backup

Tip: you can create a Backblaze bucket key with a directory prefix to allow different hosts to backup securely into the same bucket.