Backups
The backup system is built on Restic, natively managed via NixOS (services.restic). This ensures that the backup configuration is 100% declarative and reproducible. For visual management and monitoring, Backrest is used as a web interface.
Strategy: “Brain-only”
Section titled “Strategy: “Brain-only””We follow a strategy that prioritizes the “Brain” (configurations, databases, and code) over the “Muscles” (heavy media files). This keeps cloud costs low and recovery times fast.
| Data Type | Status | Location (Path) | Why? |
|---|---|---|---|
| System Config | ❌ NO | /etc/nixos | Already managed via GitHub. |
| Service Databases | ✅ YES | /var/lib/ | Home Assistant, Radarr, Sonarr, Jellyfin, etc. |
| Secrets & Keys | ✅ YES | 1Password | Fetched dynamically via 1Password CLI. |
| Downloaded Media | ❌ NO | /var/lib/media | Too large (TBs). |
Detailed Service Coverage
Section titled “Detailed Service Coverage”The following services have their entire state (databases, configurations, and internal state) backed up. Each service declares its own path in its .nix file using homelab.backupPaths.
| Service | Specific Data Backed Up |
|---|---|
| Home Assistant | SQLite DB, YAML configs, custom components, HACS state. |
| Jellyfin | User profiles, watch history, metadata database. |
| Radarr/Sonarr | Media databases (SQLite), quality profiles, indexer settings. |
| Prowlarr/Jackett | Tracker configurations and API keys. |
| Transmission | Torrent resume data, partial downloads state, settings. |
| Backrest | Its own internal configuration and history. |
Cloud Destination: Backblaze B2
Section titled “Cloud Destination: Backblaze B2”We use Backblaze B2 as our primary offsite storage. It is configured to run every night at 03:00 AM.
Configuration Details
Section titled “Configuration Details”- Bucket Name:
javiersc-backup - Repository URI:
b2:javiersc-backup:restic - Secrets (1Password):
- Item:
Backblaze - javiersc - Applycation key - Fields:
keyID,credential,restic password
- Item:
Management Interface (Backrest)
Section titled “Management Interface (Backrest)”Backrest provides a Web UI to interact with Restic. In this infrastructure, Backrest is fully declarative. The repository connection and authentication are automatically configured on boot using the secrets fetched from 1Password.
While NixOS manages the background timers, Backrest is used for:
- Monitoring the health of daily backups.
- Exploring snapshots and performing granular restores.
- Manual triggers for ad-hoc backups.
Automated Setup
Section titled “Automated Setup”Unlike standard installations, you do NOT need to manually add the repository or environment variables. The service is hardened and pre-configured to point to your Backblaze B2 bucket immediately after deployment.
Retention Policy
Section titled “Retention Policy”We keep a balanced history using Restic’s pruning capabilities:
| Policy | Snapshots Kept |
|---|---|
| Daily | 7 |
| Weekly | 4 |
| Monthly | 6 |
Disaster Recovery Procedure
Section titled “Disaster Recovery Procedure”For a step-by-step guide on how to use these backups to recover your system, see the Full Restore Guide.