It’s not often I backup and restore my desktop, but I do like having good backups for my desktop computer, especially since I rely on it for work. I use OpenBSD for my desktop operating system. I’ve been running -current since May 2022. 99.9% of the time it has been very good to me with no headache. Every now and then though I run into an issue, and it is something I can work around and maybe even just wait a day and sysupgrade. I’ve come to find right now though, I need something more predictable for my daily workstation since it is the tool I use to put dinner on the table. So, I decided today to downgrade to OpenBSD 7.4 from -current. I still run -current on a handful more servers and my laptop, but this machine I need to take a step back on. So, I got to verify my backup and restore plan actually works!
My Tools
I use Restic to do all my backing up, and I piece it together with some scripts. To get some of my config files, my setup is a little inconvenient, so I am pondering if I should do backups as the root user or something to get some of the files I don’t have permissions to read unless I escalate with doas. So, those files aside, let’s just pretend I back those up and they make it into my restic backups safely.
I backup over SSH to my FreeBSD server as the destination.
Scripts
Backing Up
Here is my backup script
#!/usr/bin/env sh
RESTIC_PASSWORD_FILE="$HOME/.local/bin/.restic_pass"
export RESTIC_PASSWORD_FILE
RESTIC_REPOSITORY="sftp:homeBackup:/usr/home/username/rstc-desktop"
export RESTIC_REPOSITORY
excludes="/home/username/.local/bin/EXCLUDEFILE"
cp /etc/X11/xorg.conf /etc/rc.conf.local /etc/doas.conf /etc/httpd.conf /etc/man.conf /etc/sysctl.conf /etc/fstab /etc/login.conf $HOME/Documents/desktop_configs/OpenBSD
pkg_info -m -z -- > $HOME/Documents/desktop_configs/OpenBSD/packages.txt
restic --compression=auto --exclude-file $excludes backup $HOME /var/www/htdocs/username
complete=$(echo $?)
rm $HOME/Documents/desktop_configs/OpenBSD/*
if [ $complete -eq 1 ]; then
dunstify "Restic backup failed"
fi
Some files are missing here, notably my pf.conf file. I should make a better way of backing those up as said earlier.
My favorite line is:
pkg_info -m -z -- > $HOME/Documents/desktop_configs/OpenBSD/packages.txt
This does a fuzzy export of packages installed. Very handy.
Pruning Backups
Backups accumulate over time, and I don’t need the old ones. So I have a similar script that prunes backups:
#!/usr/bin/env sh
RESTIC_PASSWORD_FILE="$HOME/.local/bin/.restic_pass"
export RESTIC_PASSWORD_FILE
RESTIC_REPOSITORY="sftp:homeBackup:/usr/home/username/rstc-desktop"
export RESTIC_REPOSITORY
restic forget --keep-daily 10 --keep-weekly 5 --keep-monthly 3 --prune
complete=$(echo $?)
if [ $complete -ne 0 ]; then
dunstify "Restic pruning failed"
fi
I have dunst installed so I can get desktop notifications of backups or prunes failing. So far, hasn’t happened yet and listing backups shows that to be true.
The restic_pass file is permissions 400 so only my user can read the file.
Cron
This is my crontab that runs these commands. I backup hourly, and at the end of the workday I clear out old backups
@hourly -ns /bin/sh /home/courtney/.local/bin/rstbkp
30 17 * * * /bin/sh /home/courtney/.local/bin/rstprune
Nuke
I prepared my flash drive following the faq and did a backup of my computer. I did a test restore of a few files to ensure my backups actually worked like I expected
$ RESTIC_PASSWORD_FILE="$HOME/.local/bin/.restic_pass"
$ export RESTIC_PASSWORD_FILE
$ RESTIC_REPOSITORY="sftp:homeBackup:/usr/home/username/rstc-desktop"
$ export RESTIC_REPOSITORY
$ restic restore --target restore/ -i /home/username/.Xresources latest
This restored the .Xresources file from the latest snapshot. It worked, I’ve done similar file/subdirectory restores in the past, I trust the process. Before nuke and pave time, I wanted to grab just a handful of directories to have separate from the restic repo so I could conveniently grab them. Just my ssh files in this case, so I could do my key sign into the server easily to restore my backups. I encrypted those and stored them elsewhere safely. Nuke and pave time.
I installed OpenBSD the way I wanted, then it was onward to restoration.
Restoration
I signed into root and first things first, I installed restic so I could restore my backups. Then I copied my ssh files back to my user. I then started restoring my backups:
$ RESTIC_REPOSITORY="sftp:homeBackup:/usr/home/username/rstc-desktop"
$ export RESTIC_REPOSITORY
$ restic restore --target restore/ latest
I was prompted to enter my restic password, then I waited for the restoration. Once done, I put all my files where they needed to go.
Restoring Packages
This is my favorite part about OpenBSD. The fuzzy export of package names is super handy. FreeBSD needs this (wink wink, nudge nudge). My backup contained a packages.txt file which I can install from doing this:
pkg_add `cat packages.txt`
Done. Easy.
Bow on Top
My data is restored, files are where they were before, packages installed, last
bit was to syspatch
and then reboot. I was greeted with a working system as
it was before. I wasn’t missing much, since my snapshot was only a few days newer
than the latest release, so now I don’t have to feel like I am lacking something
I did not have.
I’m very grateful to the OpenBSD devs and their awesome work. OpenBSD -current is the most stable development branch I have used on any OS. It is expected to run into bugs. I knew that, and was still surprised with how well things ran all this time. But, I’m at a point in my work life where I cannot risk stability. Even a day or a little time of minor inconveniences is just a bit much for me at this moment in life. I’m sure it won’t be long before I find myself back on current though on my workstation. It really makes computing fun.
So yes..I am typing this now from my 7.4 installation and am content with where I am right now. Great operating system, and backup/restore with OpenBSD and restic is quick and convenient.