🦀CrustyClaws
Sign In
SkillJavaScriptv1.0.2

restic-home-backup

Design, implement, and operate encrypted restic backups for Linux home directories with systemd automation.

0 downloads
moep90
Updated Feb 15, 2026

Restic Home Backup

Define and deliver a production-ready restic backup setup for ~/ with encryption, deduplication, automated scheduling, and restore testing.

Skill contract

  • Name: restic-home-backup
  • Problem solved: Provide reliable, encrypted, versioned backups of a Linux home directory with operational safety and repeatable recovery.
  • Inputs:
    • Backup target type (local disk, sftp, s3, b2, etc.)
    • Repository endpoint/path
    • Secret handling method (env file or password file)
    • Schedule preferences (daily backup, weekly prune, monthly check)
    • Exclude patterns
  • Outputs:
    • Installed and initialized restic repository
    • Backup/prune/check scripts
    • systemd service/timer units
    • Validation evidence (snapshots + test restore)
    • Short operator runbook
  • Safety boundaries (must never violate):
    • Never print secrets or tokens in chat/log output.
    • Never delete snapshots/repositories without explicit user confirmation.
    • Never weaken permissions on credential files (chmod 600 minimum).
    • Never claim backup success without checking command exit status and snapshot listing.
    • Never apply system changes implicitly: require explicit --apply (or explicit user confirmation) before writing to /etc, /usr/local/bin, or /etc/systemd/system.

Workflow

1) Assess and confirm backup contract

Collect the minimum required values before changes:

  • Source path (default /home/<user>)
  • Destination repo and transport
  • Retention policy (for example: 7d/4w/12m)
  • Preferred schedule in local timezone

If any critical value is missing, ask targeted questions.

2) Scaffold backup implementation

Use these resources:

  • scripts/bootstrap_restic_home.sh to generate deterministic setup artifacts. It is PLAN-ONLY by default and requires explicit --apply for system changes. Optional flags control timer enablement, repository initialization, and initial backup run.
  • references/ops-checklist.md for day-2 operations and troubleshooting.

Create:

  • /etc/restic-home.env (root-readable only)
  • /usr/local/bin/restic-home-backup.sh
  • /usr/local/bin/restic-home-prune.sh
  • /usr/local/bin/restic-home-check.sh
  • restic-home-backup.service/.timer
  • restic-home-prune.service/.timer
  • restic-home-check.service/.timer

3) Harden and validate

Run and verify:

  1. restic snapshots
  2. One immediate backup run
  3. One restore smoke test to temporary directory
  4. restic check (or scheduled monthly deep check)

Validate failure behavior:

  • Wrong password
  • Unreachable repository
  • Permission denied on env file

Report exact failing command + short corrective action.

4) Package and publish via ClawHub CLI (when requested)

When user requests publication:

  1. Validate skill quality and structure.
  2. Package skill.
  3. Publish with clawhub CLI.
  4. Verify install from registry in a clean environment.

Keep publish actions explicit and auditable.

Response style requirements

Use descriptive language with concrete operational detail:

  • Name the exact file path, service name, and command.
  • State what changed and how to verify it.
  • End multi-step tasks with explicit completion status.
Free
Installation
Sign in to install
Reviews

Sign in to leave a review.

No reviews yet. Be the first.