Backups
Nightly restic backups — encrypted, deduplicated, incremental. Retention: 7 daily, 4 weekly, 3 monthly.Schedule
| Source | Destination | Time |
|---|---|---|
| i3 app data | Pentium HDD (sftp:pentium:~/backups/restic-i3) | 3am |
| i3 app data | Backblaze B2 (b2:augustin-restic:i3) | 3am |
| Pentium app data | i3 SSD (sftp:i3:~/backups/restic-pentium) | 4am |
| Pentium app data | Backblaze B2 (b2:augustin-restic:pentium) | 4am |
What’s Backed Up
- App config and data directories
- Postgres dumps
- Tarball of all
.envfiles (env-backup.tar.gz) - Media is not backed up (re-downloadable)
Scripts
scripts/backup-i3.shscripts/backup-pentium.sh
Bootstrap Secrets
Stored in Apple Passwords — these are all you need to restore from scratch:- Restic repository password
- Backblaze B2 credentials
- GitHub SSH key
Secrets Management
API keys, passwords, and credentials live in.env files next to each service’s compose.yaml. These are gitignored but included in restic backups.