Easy backups with rclone

Published: at 03:05 PM

Rclone supports tons of different storage backends. I like to use R2 on Cloudflare but you can use AWS S3, Google Cloud Storage, Dropbox, or even FTP among others.

sudo pacman -S rclone

Use rclone config to configure your storage option. For example follow this instructions for R2. Find all supported backends here.

My rclone.conf looks like this after setting up R2:

[r2]
type = s3
provider = Cloudflare
access_key_id = REDACTED
secret_access_key = REDACTED
region = auto
endpoint = https://REDACTED.r2.cloudflarestorage.com

At this point we should be able to use rclone to copy files to R2. We probably don’t want our files to end up in a bucket in plain text, so lets add some encryption.

Rclone supports a couple of useful “virtual” or “wrapping” storage remotes. We can use the crypt remote to transparently encrypt and decrypt operations with another remote.

Drop into rclone config one more time and follow the example configuration. When specifying the remote, chose your previous remote and specify a bucket and optionally a base directory for your backups. I like to use r2:archive/backups; archive is the bucket and backups/ will be the prefix for all operations.

I chose to disable filename encryption since we will be uploading archive files and not replicating the filesystem itself. Chose a strong password you will remember.

Now my config looks like this:

... r2 entry ...

[backup]
type = crypt
remote = r2:archive/backup
filename_encryption = off
password = REDACTED

At this point we can use rclone to upload encrypted files to your backup bucket. Lets make some utility functions to make this easier.

I like to use fish, so this is what I include in my fish config to make my backups:

function generate_backup
    set _name "$argv[1]".tar.zst

    sudo tar \
      --create \
      --absolute-names \
      --one-file-system \
      --preserve-permissions \
      --exclude-vcs \
      --exclude-caches \
      --exclude-backups \
      --exclude-tag-all=.NOBACKUP \
      --warning=no-file-ignore \
      --sort=inode \
      --zstd \
      --file=- \
	    $argv[2..-1] | \
    rclone rcat --quiet \
      backup:"$_name"

    echo completed backup $_name
end

This function will archive and zip the given files, excluding some unwanted files, then stream it into rclone, which will encrypt and upload to our backups bucket. The first argument will be the backup name, which will be suffixed by a timestamp.

The --exclude-tag-all=.NOBACKUP line allows you to drop a .NOBACKUP file in any directory and the backup will ignore that whole directory.

Now you can use this function whenever you want to make a backup, for example:

# creates backup/home-(timestamp).tar.zst.bin in your bucket
# includes all contents of desktop documents and videos
generate_backup home ~/Desktop ~/Documents ~/Videos