FreeNAS backup with Restic

FreeNAS 11.3 natively supports Backblaze B2 for backup. Unfortunately it is done via rclone, a tool that doesn't use object storage very efficiently. For example, if a single byte changes in a 700 MB file rclone will need to reupload the whole file to B2.

I much prefer restic, a backup tool that works well with object storage and that supports encryption and snapshots. Since FreeNAS does not support restic out of the box, a bit of manual setup is required.

A jail that will contain restic needs to be created, the default values of the FreeNAS wizard are good enough. By default jails don't have access to any pool, so each path to backup needs to be whitelisted by adding a mount point from the system to the jail. For instance by adding a read-only mount from /mnt/main/pictures to /mnt/main/iocage/jails/Restic/root/mnt/pictures. All this can be done through the web GUI.

In this jail, install restic and ca_root_nss:

pkg install restic ca_root_nss

Create a directory to hold the configuration:

mkdir /root/restic

Create /root/restic/backup.conf with the configuration and chmod it as 640:

setenv BACKUP_PATHS "/mnt"
setenv RETENTION_LAST 4
setenv RETENTION_DAYS 7
setenv RETENTION_WEEKS 5
setenv RETENTION_MONTHS 12
setenv RETENTION_YEARS 3

setenv B2_ACCOUNT_ID <account ID>
setenv B2_ACCOUNT_KEY <account key>

setenv RESTIC_REPOSITORY b2:<bucket name>:<directory in bucket>
setenv RESTIC_PASSWORD <random long encryption key>

Create /root/restic/backup.sh the script that will run restic and chmod it as 750:

#!/bin/csh

source /root/restic/backup.conf

restic backup --verbose --tag periodic $BACKUP_PATHS
restic forget --verbose --tag periodic --group-by "paths,tags" --keep-last $RETENTION_LAST --keep-daily $RETENTION_DAYS --keep-weekly $RETENTION_WEEKS --keep-monthly $RETENTION_MONTHS --keep-yearly $RETENTION_YEARS

Initialize the repository and start the first backup:

source /root/restic/backup.conf
restic init
/root/restic/backup.sh

Add an entry in the crontab to run the backup every night:

crontab -e
25 3 * * * /root/restic/backup.sh

Notes:

• It is possible to SSH to a jail by first SSHing as root on FreeNAS and entering the jail with iocage console Restic.
• ZFS snapshots and restic snapshots both work in a very similar fashion but obviously snapshots from one will not be recognized by the other.