In my installation - I use sqlite as databases. In addition to backing up the database itself, you need to make backup copies of the files themselves.

As my main backup repository, I use backblaze.

As a backup tool - restic. Mainly due to three features - support for different storage providers, incremental copying and encryption.

The most important thing is not to lose the encryption key, which must be defined in the RESTIC_PASSWORD variable. If you still lost - you can say goodbye to the backup.

To perform a backup, I created the following script and run every hour:


set -e -o pipefail

mkdir -p /var/cache/restic

HOST=$(hostname -f)

export RESTIC_CACHE_DIR=/var/cache/restic
export RESTIC_PASSWORD=<my easy encryption password>
export RESTIC_REPOSITORY=b2:<my backblaze bucket name>:${HOST}/
export B2_ACCOUNT_ID=<my access code>
export B2_ACCOUNT_KEY=<my secret code>


RESTIC_BACKUP_CMD="flock --nonblock --conflict-exit-code 0 /run/restic-backup.lock ${RESTIC_CMD}"

mkdir -p /media/data/vaultwarden/backup
/usr/bin/find /media/data/vaultwarden/backup -type f -ctime +30 -delete

/usr/bin/sqlite3 /media/data/vaultwarden/data/db.sqlite3 ".backup '/media/data/vaultwarden/backup/db-$(date '+%Y%m%d-%H%M').sqlite3'"

if ! restic snapshots 2>&1 >/dev/null; then
  ${RESTIC_CMD} init

${RESTIC_CMD} self-update >/dev/null 2>&1

${RESTIC_BACKUP_CMD} backup --one-file-system /media/data/vaultwarden >/dev/null 2>&1

${RESTIC_CMD} forget --prune \
    --keep-last=${KEEP_LAST} \
    --keep-daily=${KEEP_DAILY} \
    --keep-weekly=${KEEP_WEEKLY} \
    --keep-monthly=${KEEP_MONTHLY} >/dev/null 2>&1