# Restic user backup → TrueNAS REST server

User-level backup for personal machines (desktop, laptop).
No `sudo` required — everything runs as your own user.

## Differences from the system-level setup

| | System (`backup/`) | User (`backup-user/`) |
|---|---|---|
| Runs as | root | your user |
| Config | `/etc/restic/` | `~/.config/restic/` |
| Script | `/usr/local/bin/` | `~/.local/bin/` |
| Systemd units | `/etc/systemd/system/` | `~/.config/systemd/user/` |
| Commands | `sudo systemctl` | `systemctl --user` |
| Logs | `journalctl -u` | `journalctl --user -u` |
| Package dump | ✅ (has root) | ❌ (not needed) |
| Boot timer trigger | `OnBootSec` (system boot) | `OnStartupSec` (after login) |

---

## Setup

### 1. Create config directories

```bash
mkdir -p ~/.config/restic
mkdir -p ~/.config/systemd/user
mkdir -p ~/.local/bin
```

### 2. Install and fill in the env file

```bash
cp env.example ~/.config/restic/env
nano ~/.config/restic/env
chmod 600 ~/.config/restic/env
```

Set these values:
- `MACHINE_NAME` — unique name for this machine (e.g. `desktop`, `laptop`)
- `RESTIC_PASSWORD` — generate with `openssl rand -base64 32`
- `BACKUP_PATHS` — adjust to what matters to you (default covers `.config`, `.local/share`, Documents, Pictures, Desktop)

### 3. Install the excludes file

```bash
cp excludes.txt ~/.config/restic/excludes.txt
# Optionally add machine-specific paths to skip
nano ~/.config/restic/excludes.txt
```

### 4. Initialize the repository on the REST server

```bash
source <(set -a && cat ~/.config/restic/env) && restic init
```

### 5. Install the backup script

```bash
cp backup.sh ~/.local/bin/restic-backup.sh
chmod +x ~/.local/bin/restic-backup.sh
```

### 6. Install the systemd user units

```bash
cp restic-backup.service    ~/.config/systemd/user/
cp restic-backup.timer      ~/.config/systemd/user/
cp restic-backup-boot.timer ~/.config/systemd/user/

systemctl --user daemon-reload
systemctl --user enable --now restic-backup.timer
systemctl --user enable --now restic-backup-boot.timer
```

### 7. Run a first backup to verify

```bash
systemctl --user start restic-backup.service
journalctl --user -u restic-backup.service -f
```

---

## Useful commands

```bash
# Check timer status
systemctl --user status restic-backup.timer restic-backup-boot.timer

# List all snapshots
source <(set -a && cat ~/.config/restic/env) && restic snapshots

# Browse a snapshot interactively
source <(set -a && cat ~/.config/restic/env) && restic mount ~/mnt/restic

# Restore a single directory
source <(set -a && cat ~/.config/restic/env) && \
    restic restore latest --target /tmp/restore --include "$HOME/.config/nvim"

# Check repo integrity
source <(set -a && cat ~/.config/restic/env) && restic check

# Watch backup logs live
journalctl --user -u restic-backup.service -f
```

---

## Password recovery

Store a `recovery.txt` on TrueNAS alongside the repo — same as the system setup.

```bash
# On TrueNAS
cp recovery.txt /mnt/pool/backups/recovery-desktop.txt
chmod 600 /mnt/pool/backups/recovery-desktop.txt
```