sometimes you just must have a new full backup every N days/weeks. it a more "smooth" way to deal with potential corruption in repo that might be undetected (without dealing with all suggested workarounds) and in some cases compliance/certification requires it
I perused the Rustic website and they have a direct comparison of Restic here: https://rustic.cli.rs/docs/comparison-restic.htm. At face value I thought it was just, "because it's Rust," but it does appear to have a few additional features.
Rustic was started by a former restic contributor. My impression at the time was that he was frustrated with poor collaboration from restic maintainers (slow/no response to his PRs). So it's a bit more than just "rewrite-it-in-rust".
Many of his rejected/ignored restic PRs ended up being features in rustic: cold storage support, config file support, resumable operations, webdav server, etc.
I switched to rustic a couple of months ago due to it being able to filter based on .gitignore files. Have done a few test restores and everything has worked well so far
A killer feature rustic has over restic is built-in support for .gitignore files. So all your dependencies and build output is automatically ignored in your backups.
Nice. Using `.gitignore` would simplify my Restic, Borg/Borgmatic, and Rsync-based backup scripts/configs. (Right now, I end up duplicating the same information in a few places, not very well.)
At first I thought that sounded great, but then I realized that that would exclude files that I want to be backed up, like `dir-locals-2.el`, which should be excluded from git, but should also be backed up. There doesn't seem to be a great solution to that in general.
Wouldn’t you back up your git repos by pushing them somewhere? Even if that somewhere is a different directory on the same drive. Backing up your local working copy sounds a bit odd.
Interesting, I'll give this a try. I'm hoping one day to retire my subscription/cloud-based back-ups with something docker based that still back-ups to multiple instances (local and remote).
I’m more fan of BorgBackup, but you have to couple it with I.e. rclone for it to make backups to cloud object storage. But that opinion is based on my particular use case, probably would be using restic if direct to cloud was a better choice.
Other popular choices include borg, duplicity, and duplicati.
After evaluating these and others mentioned in the comments, I ended up using borg with borgmatic to define homelab backups with yaml files that are version controlled in gitea and deployed using ansible.
I also use duplicity to back up my sister in laws storefront website to backblaze. I've been quite happy with both.
Last time I tried Kopia was more like "select ONE folder to backup and add ONE destination to SNAPSHOT it to". While it is very simplistic and would be lovely in many use cases - for a home/personal backup which often requires granularity of inclusion and exclusion it just didn't make any sense. I am not sure whether that has changed.
Kopia allows to specify quite different snapshot configurations with patterns etc. I converted old snapshot since 2005 backwards into the same dedup mounted on diverse paths, so I wonder what would be missing.
I have tested all of these also, and settled on borg + borgmatic. It has been absolutely rock solid. Borgmatic just rounds everything together in such a nice way. The documentation is great.
I'm pushing it all to a Hetzner storage box, as well as a local NAS. Super affordable!
I chose restic because borg was slow, buggy and an unwieldy pile of Python, not the best language for deployment on heterogeneous Linux systems.
Restic on the other hand is slow, but never crashed on me and is distributed as a single binary.
The only thing I dislike about restic is that it does not have a simple config file where you define your backup settings. Instead I had to write my own backup.sh that I deploy everywhere on my personal and production machines. Paired with rsync.net for storage and healthchecks.io for notifications.
I write Python day to day, but even I use Restic for the single binary. I take a lot of comfort in being able to keep the backup executable adjacent to the backup blobs. While I believe Borg now has a distributable binary, Go has it in its blood to make easy deployment without tricks.
I've never had any crashing or big issues with borg, and it's generally considered to be faster than restic. I'm sure there are more recent benchmarks, but as of Dec 2022, borg wins by a fair bit [1].
For installation, I set up a dedicated virtualenv for borg and borgmatic installation then symlink into /usr/local/bin. This is also automated with ansible and has worked on every distro and version I've used. The latest version does require python 3.9.0, but that's already 4 years old.
Agreed on no crashing/issues. I always use the provided Borg "single binary" https://borgbackup.readthedocs.io/en/latest/installation.htm... that unpacks everything into /tmp and naturally is larger than the restic binary. That isn't an issue on my systems.
Restic has no unencrypted mode for reasons - you must use an empty password and additional flag instead. If your backups will already be encrypted in other ways you'll still pay encryption overhead.
Duplicity is solid, I’ve been using it since over a decade, and it’s a standard package on Debian-based distributions. Never had any hiccups (and I run regular backup validations).
These threads about backup tools come up regularly, and I always wonder if I’m missing something important about the other tools.
I used Duplicity (via the Gnome Déjà Dup GUI) for years, but Borg turned out to be a lot faster at making the backups, at least for my laptop home dir backups. Like an order of magnitude faster. I don't think I ever tried to hand-configure Duplicity, though.
I'm a restic user, but have resisted the urge to attempt a bikeshed for a long time, mostly due to perf. It's index format seems to be slow and terrible and the chunking algorithm it uses (rabin fingerprints) is very slow compared to more recent alternatives (like FastCDC). Drives me nuts to watch it chugging along backing up or listing snapshots at nowhere close to the IO rate of the system while still making the fans run. Despite that it still seems to be the best free software option around
> It's index format seems to be slow and terrible and the chunking algorithm it uses (rabin fingerprints) is very slow compared to more recent alternatives (like FastCDC).
Hi, can you elaborate more on those two points? (Specially, what makes the index format so bad?) Or link to somewhere I can learn more
You could try running rustic on your repository. It should be a drop-in for restic and maybe it's faster? I would actually be very interested in this. Would be great if you could do that and report back.
Currently using Kopia because Restic has no GUI and Borg requires adding a community maintained Synology package, and it didn't "Just work" when I tried.
It's amazing! The GUI isn't perfect but the fact that there is an official GUI at all is great.
And this is exactly why you do not want to use managed services with all sorts of restrictions that by the unlikeliest of coincidences also lock you in like a roach motel /s
My Thinkpad has a tiny SDHC slot. I put a 1 terabyte SDHC card in it (~$80) and have a cron job take hourly Restic snapshots of my primary storage. It's been reliable and has bailed me out more than once.
That command works well and accomplishes some of what rincr what built to solve. For example, when I mention browse-ability, I mean on the backup host without any dependencies so I can use standard file tools and browsers.
I also needed both "pull" (backup remote files) and "push" (backup local files) backup features and if I'm not mistaken restic still only supports the "push" model.
If you're doing pull to prevent remotes from destroying old backups (in case of malware takeover, etc), this can be solved by running rest-server with --append-only
> I mean on the backup host without any dependencies so I can use standard file tools and browsers.
This means the backups are not encrypted though, and is something you really have to think twice before requiring
> "pull" (backup remote files)
You can mount the server to backup on the backup host, or you can ssh from the backup host to the server to backup, call `tar cf - /folder`, and ingest that from stdin on the backup host. Both will retransmit the totality of the files to backup
Restic is great! It has worked flawlessly for me for several years.
Anyone knows if there is plan to add Reed Solomon erasure coding, just in case there will be errors in repository? Something like Par2.
Asymmetric encryption could also be useful in some situations. Perhaps they could just use Age for the asymmetric encryption backend (unfortunately Age offers only 128 bits of security in its symmetric encryption, so it’s not recommended for long term storage, because of the save-now decrypt-later attack). But I expect a stable quantum resistant plug-in appearing next year or so.
Restic 0.17.1 was released last month. The home page says "During initial development (versions prior to 1.0.0), maintainers and developers will do their utmost to keep backwards compatibility and stability, although there might be breaking changes without increasing the major version."
Try BackRest if you want a nice frontend to Restic. You can configure Restic from the command line but it's pretty awkward. BackRest has a nice simple web GUI and makes basic automation very easy. https://github.com/garethgeorge/backrest
I'm surprised no one is selling Restic hosting as a straight up service. BackBlaze works well with Restic but the configuration is a little manual and clumsy. A packaged solution would be a nice thing.
Restic is very very good. My only nervousness is the backup format is so opaque, you need a working copy of Restic to restore from it. The format is documented though and of course the code is open source, so I think it's probably fine in practice.
One thing that I like about Restic is that you can automatically do a test restore of a subset (e.g. 1%, 5%, 8%) of your data, so that you can check for problems on the remote automatically.
I've been using Restic for servers, but ended up going with Kopia for machines that are not always on, like laptops. It has the advantage that it will take something of an opportunistic approach where it will start backing up if it hasn't done so in a while, and seems to be able to restart with aplomb if it gets interrupted (machine shutdown or laptop lid closed).
That and being able to have multiple machines writing to a shared repository at the same time is handy. I have the kids' Windows computers both backing up to the same repo to save a bit of storage. (Now if only Kopia supported VSS on Windows without mucking around with dubious scripts.)
Restic is awesome for moderate operational scale, but when it's got to backup thousands of storage block devices with arbitrary number of files on them, it just doesn't really work.
Is there anything cool people use for Ceph-RBD backups nowadays?
For now, the only thing in the OSS world that doesn't choke at this scale is Benji, but it looks like it's not really maintained anymore, and I worry it may not support newer Ceph versions.
107 comments
[ 2.7 ms ] story [ 88.5 ms ] threadhttps://www.stavros.io/posts/holy-grail-backups/
i do miss functionality of configurable full/incremental backups like in duplicity
- Rustic https://rustic.cli.rs
- Kopia https://kopia.io
I haven't used either, though.
Many of his rejected/ignored restic PRs ended up being features in rustic: cold storage support, config file support, resumable operations, webdav server, etc.
> rustic currently is in beta state and misses regression tests. It is not recommended to use it for production backups, yet.
After evaluating these and others mentioned in the comments, I ended up using borg with borgmatic to define homelab backups with yaml files that are version controlled in gitea and deployed using ansible.
I also use duplicity to back up my sister in laws storefront website to backblaze. I've been quite happy with both.
https://borgbackup.readthedocs.io/en/stable/
http://duplicity.gitlab.io/
https://docs.duplicati.com/en/latest/
[0] https://kopia.io/
i.e multiple files/sources to be backed up to one destination/sink in one go. Not one by one in different snapshots.
I'm pushing it all to a Hetzner storage box, as well as a local NAS. Super affordable!
Also backing up to a Hetzner storagebox, so it’s quite cheap too.
https://torsion.org/borgmatic/
Restic on the other hand is slow, but never crashed on me and is distributed as a single binary.
The only thing I dislike about restic is that it does not have a simple config file where you define your backup settings. Instead I had to write my own backup.sh that I deploy everywhere on my personal and production machines. Paired with rsync.net for storage and healthchecks.io for notifications.
https://restic.readthedocs.io/en/stable/040_backup.html#envi...
For installation, I set up a dedicated virtualenv for borg and borgmatic installation then symlink into /usr/local/bin. This is also automated with ansible and has worked on every distro and version I've used. The latest version does require python 3.9.0, but that's already 4 years old.
1. https://github.com/borgbase/benchmarks
Restic has no unencrypted mode for reasons - you must use an empty password and additional flag instead. If your backups will already be encrypted in other ways you'll still pay encryption overhead.
Will this https://github.com/garethgeorge/backrest/discussions/188 work for you?
Also, I can add directory file to include exclude directly to this config or to separate files as I please and just refer in this config.
These threads about backup tools come up regularly, and I always wonder if I’m missing something important about the other tools.
https://www.arqbackup.com/
Even if restic isn't interested, maybe the rustic dev will be.
Hi, can you elaborate more on those two points? (Specially, what makes the index format so bad?) Or link to somewhere I can learn more
It's amazing! The GUI isn't perfect but the fact that there is an official GUI at all is great.
I wrote and now use the rsync-based, browsable, incremental backup CLI: https://rincr.com/
I also needed both "pull" (backup remote files) and "push" (backup local files) backup features and if I'm not mistaken restic still only supports the "push" model.
EDIT: Added more details
https://github.com/restic/rest-server
It 403's any attempt to overwrite or delete old data.
This means the backups are not encrypted though, and is something you really have to think twice before requiring
> "pull" (backup remote files)
You can mount the server to backup on the backup host, or you can ssh from the backup host to the server to backup, call `tar cf - /folder`, and ingest that from stdin on the backup host. Both will retransmit the totality of the files to backup
Restic 0.17.0 Released - https://news.ycombinator.com/item?id=41082937 - July 2024 (5 comments)
Restic – Simple Backups - https://news.ycombinator.com/item?id=38915291 - Jan 2024 (14 comments)
Restic 0.15.0 Released - https://news.ycombinator.com/item?id=34364925 - Jan 2023 (1 comment)
Restic 0.14.0 Released (with highly anticipated feature – compression) - https://news.ycombinator.com/item?id=32599032 - Aug 2022 (5 comments)
Restic 0.13.0 - https://news.ycombinator.com/item?id=30822631 - March 2022 (66 comments)
Restic – Backups Done Right - https://news.ycombinator.com/item?id=29209455 - Nov 2021 (286 comments)
Saving a restic backup the hard way - https://news.ycombinator.com/item?id=28438430 - Sept 2021 (2 comments)
Restic Cryptography (2017) - https://news.ycombinator.com/item?id=27471549 - June 2021 (5 comments)
Restic – Backups Done Right - https://news.ycombinator.com/item?id=21410833 - Oct 2019 (177 comments)
Show HN: K8up – Kubernetes Backup Operator Based on Restic - https://news.ycombinator.com/item?id=20769362 - Aug 2019 (18 comments)
Append-only backups with restic and rclone - https://news.ycombinator.com/item?id=19347188 - March 2019 (42 comments)
Restic Cryptography - https://news.ycombinator.com/item?id=15131310 - Aug 2017 (36 comments)
Restic – Backups done right - https://news.ycombinator.com/item?id=10135430 - Aug 2015 (1 comment)
Anyone knows if there is plan to add Reed Solomon erasure coding, just in case there will be errors in repository? Something like Par2.
Asymmetric encryption could also be useful in some situations. Perhaps they could just use Age for the asymmetric encryption backend (unfortunately Age offers only 128 bits of security in its symmetric encryption, so it’s not recommended for long term storage, because of the save-now decrypt-later attack). But I expect a stable quantum resistant plug-in appearing next year or so.
So worth a peek but still under construction.
I'm surprised no one is selling Restic hosting as a straight up service. BackBlaze works well with Restic but the configuration is a little manual and clumsy. A packaged solution would be a nice thing.
Restic is very very good. My only nervousness is the backup format is so opaque, you need a working copy of Restic to restore from it. The format is documented though and of course the code is open source, so I think it's probably fine in practice.
[0] https://www.borgbase.com/ [1] https://www.hetzner.com/storage/storage-box/
(Yes, bitrot might better be mitigated at the filesystem layer, but I'm not switching to ZFS, btrfs or bcache-fs anytime soon.)
That and being able to have multiple machines writing to a shared repository at the same time is handy. I have the kids' Windows computers both backing up to the same repo to save a bit of storage. (Now if only Kopia supported VSS on Windows without mucking around with dubious scripts.)
https://news.ycombinator.com/item?id=41041056
Is there anything cool people use for Ceph-RBD backups nowadays?
For now, the only thing in the OSS world that doesn't choke at this scale is Benji, but it looks like it's not really maintained anymore, and I worry it may not support newer Ceph versions.
* Kopia: many features, also great for desktop GUI users
* bupstash: The fastest, lowest RAM. I use it to backup 1B files daily (200TB). Ransomware-proof asymmetric multi key crypto. Less features.