NAME

lifeboat —

manage and automate local restic backups

SYNOPSIS

lifeboat name command

DESCRIPTION

lifeboat is a program that manages a set of local restic(1) repositories and provides a framework for automating the creation and synchronization of backups.

The name refers to any valid backup under LIFEBOAT_ROOT.

The command is any command recognized by restic(1), or as follows:

run: Create a snapshot for the specified repository.
run-report: Like run, but send any program output to the mail address specified in config/recipient.

DIRECTORY STRUCTURE

lifeboat keeps all its backups under one directory, specified by the LIFEBOAT_ROOT environment variable. If unset, lifeboat will fall back to /srv/backup/lifeboat.

Each backup managed by lifeboat owns a directory under LIFEBOAT_ROOT. In that directory, the program expects the following:

repo/

A directory containing the actual restic(1) repository.

config/include

A file containing paths to include in the backup, one per line. See the --files-from option in restic-backup(1).

config/exclude

A file containing paths that are excluded from the backup, one per line. See the --exclude-file option in restic-backup(1).

config/sync

A file containing synchronization targets for rclone(1), one per line. The format for a synchronization target is the base rclone(1) destination, then optionally a tab character and a size limit in kibibytes.

lifeboat will append the name of the backup (LIFEBOAT_REPO_NAME) to the base destination.

For example, the following configuration will synchronize a backup named “server” to nas:backups/server if the combined size of the repository is below 10G:

nas:backups/	10485760

config/recipient

A file containing the mail address of the recipient for backup reports. Only needed for the run-report command.

credentials/restic

A file containing the password for the restic(1) repository.

run

A shell script containing backup jobs, optional

retain

A shell script pruning old backups or enforcing retainment policies, optional.

clean

A shell script containing cleanup jobs, optional.

sync

A shell script containing synchronization jobs, optional.

If any of the optional scripts exist, lifeboat will execute those instead of its inbuilt defaults.

By default, lifeboat will honor the given include and exclude directives, retain 7 daily, 5 weekly, 12 monthly, and 2 yearly backups, verify and clean up the repository using restic-check(1) and restic-prune(1), and sync the repo to the given synchronization targets.

Note that by default, lifeboat will look for a binary named restic-priv with which to run the backup job itself. As per upstream recommendation this is the restic binary with the cap_dac_read_search capability set. This allows restic to access any file on the system without needing root permissions.

We recommend running lifeboat under its own user account, with only that user account having access to the restic-priv binary. To facilitate this, lifeboat extends PATH with the bin/ directory under HOME.

ENVIRONMENT

lifeboat will export the following environment variables for use in the run, retain, clean, and sync scripts:

LIFEBOAT_REPO_NAME: The name of the backup as specified on the command line.
RESTIC_REPOSITORY: The path to the restic(1) repository.
RESTIC_PASSWORD_FILE: The path to the restic(1) password file.

AUTHORS

lifeboat was written by Wolfgang Müller