coop-cloud/backup-bot-two
coop-cloud
/
backup-bot-two
6
0
Fork 3
Code Issues 12 Pull Requests 1 Packages Projects Releases Wiki Activity

Add FORGET env variable to run restic forget #39

New Issue
Open
opened 2023-11-10 14:45:39 +00:00 by p4u1 · 1 comment
p4u1 commented 2023-11-10 14:45:39 +00:00
Member
Copy Link

FORGET is a string which should contain a list of flags according to the official documentation

When FORGET is set restic froget $FORGET is run after startup.

`FORGET` is a string which should contain a list of flags according to [the official documentation](https://restic.readthedocs.io/en/stable/060_forget.html#removing-snapshots-according-to-a-policy) When `FORGET` is set `restic froget $FORGET` is run after startup.
moritz commented 2023-12-07 17:37:38 +00:00
Member
Copy Link

What about adding restic froget $FORGET as cronjob if $FORGET is set?

I'm asking myself for a while about a smart pruning strategy without exposing delete permissions to the backupbot and risking the data. I would always recommend to setup the backup remote storage with read and append only permissions without being able to delete snapshots, for the case the backupbot or it's host system got compromised.

Therefore we need extra credentials to access the remote storage for pruning old backups, and keeping these credentials very safe. I don't really see a safe way aside manually pruning the backups in a reasonable interval.
I'm not sure if the backupbot could help us and if we at least prune all backupbot instances at once.

What about adding `restic froget $FORGET` as cronjob if `$FORGET` is set? I'm asking myself for a while about a smart pruning strategy without exposing delete permissions to the backupbot and risking the data. I would always recommend to setup the backup remote storage with read and append only permissions without being able to delete snapshots, for the case the backupbot or it's host system got compromised. Therefore we need extra credentials to access the remote storage for pruning old backups, and keeping these credentials very safe. I don't really see a safe way aside manually pruning the backups in a reasonable interval. I'm not sure if the backupbot could help us and if we at least prune all backupbot instances at once.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
main
feature/dockerfile
bb2-classic
feature/selective_paths
enable-label
backupbot_revolution
backup_volumes
multi_path
0.2.0+1.0.0
Labels
Clear labels   
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
wontfix

This won't be fixed

No Label
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: coop-cloud/backup-bot-two#39
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?