Duply with MinIO

MinIO Configuration

Step 1: Create bucket without versioning and locking. Quota is also not needed.

Step 2: Create “read only policy” for backup account. Replace BUCKET-NAME with your bucket name from step 2.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetBucketLocation",
                "s3:GetObject",
                "s3:ListBucket",
                "s3:PutObject"
            ],
            "Resource": [
                "arn:aws:s3:::BUCKET-NAME/*"
            ]
        }
    ]
}

Step 3: Create user. Same name as BUCKET-NAME. Assign an password and the policy from step 2.

Create GnuPG Key for Encryption

  • gpg --expert --full-generate-key
  • use your password manager to generate a passphrase so you have it for the last step
  • select “ECC (sign and encrypt)” (which is the default) for kind of key
  • select “Curve 25519” (which is the default) for elliptic curve
  • select “0” for “key does not expire”
  • Real Name: “Duply Backup BUCKET-NAME”
  • Mail: none
  • Comment: none
  • provide passphrase from first step

Install and Config of Duply

  • Mac: brew install duply
  • execute duply BUCKET-NAME create
  • edit exclude
  • edit conf
GPG_KEY='KEY-FINGERPRINT'
GPG_PW='KEY-PASSPHRASE'
GPG_OPTS='--pinentry-mode loopback --no-throw-keyids'
TARGET='boto3+s3:///BUCKET-NAME/'
SOURCE='/'
export AWS_ACCESS_KEY_ID='BUCKET-NAME'
export AWS_SECRET_ACCESS_KEY='MINIO-USER-PASSWORD'
MAX_FULL_BACKUPS=12
MAX_FULLS_WITH_INCRS=6
MAX_FULLBKP_AGE=1M
DUPL_PARAMS="$DUPL_PARAMS --full-if-older-than $MAX_FULLBKP_AGE "
DUPL_PARAMS="$DUPL_PARAMS --s3-endpoint-url https://s3.MINIO-URL"
  • add ulimit -n 1024 to .bash_profile
  • edit .gnupg/gpg-agent.conf and add allow-loopback-pinentry

Backup

  • copy revoke key cp ~/.gnupg/openpgp-revocs.d/FINGERPRINT.rev ???
  • fix group
  • zip or tgz and backup
Last modified February 24, 2023: add Duply with MinIO (25b903e)