# Backups

We use [Restic](https://restic.readthedocs.io/en/stable/) to create backups and push them to two repositories.
Check `./modules/backups.nix` and `./hosts/nachtigall/backups.nix` for working examples.

### Hetzner Storagebox

- Uses SFTP for transfer of backups

Adding a new host SSH public key to the storagebox:

First, [SSH to nachtigall](./administrative-access.md#ssh-access), then become root and add the new SSH public key

```
sudo -i
echo '<ssh-public-key>' | ssh -p23 u377325@u377325.your-storagebox.de install-ssh-key
```

[Link to Hetzner storagebox docs](https://docs.hetzner.com/robot/storage-box/backup-space-ssh-keys).

### Garage S3 buckets

- Uses S3 for transfer of backups
- One bucket per host, e.g. `nachtigall-backups`, `metronom-backups`

To start transfering backups from a new hosts, this is how to create a new bucket:

First, [SSH to trinkgenossin](./administrative-access.md#ssh-access), then use the `garage` CLI to create a new key and bucket:

```
export GARAGE_RPC_SECRET=<secret-in-keepass>

garage bucket create <hostname>-backups
garage key create <hostname>-backups-key
garage bucket allow <hostname>-backups --read --write --key <hostname>-backups-key
```