Duply with MinIO
MinIO Configuration
Step 1: Create bucket without versioning and locking. Quota is also not needed.
Step 2: Create “read only policy” for backup account. Replace BUCKET-NAME with your bucket name from step 2.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::BUCKET-NAME/*"
]
}
]
}
Step 3: Create user. Same name as BUCKET-NAME. Assign an password and the policy from step 2.
Create GnuPG Key for Encryption
gpg --expert --full-generate-key
- use your password manager to generate a passphrase so you have it for the last step
- select “ECC (sign and encrypt)” (which is the default) for kind of key
- select “Curve 25519” (which is the default) for elliptic curve
- select “0” for “key does not expire”
- Real Name: “Duply Backup BUCKET-NAME”
- Mail: none
- Comment: none
- provide passphrase from first step
Install and Config of Duply
- Mac:
brew install duply
- execute
duply BUCKET-NAME create
- edit exclude
- edit conf
GPG_KEY='KEY-FINGERPRINT'
GPG_PW='KEY-PASSPHRASE'
GPG_OPTS='--pinentry-mode loopback --no-throw-keyids'
TARGET='boto3+s3:///BUCKET-NAME/'
SOURCE='/'
export AWS_ACCESS_KEY_ID='BUCKET-NAME'
export AWS_SECRET_ACCESS_KEY='MINIO-USER-PASSWORD'
MAX_FULL_BACKUPS=12
MAX_FULLS_WITH_INCRS=6
MAX_FULLBKP_AGE=1M
DUPL_PARAMS="$DUPL_PARAMS --full-if-older-than $MAX_FULLBKP_AGE "
DUPL_PARAMS="$DUPL_PARAMS --s3-endpoint-url https://s3.MINIO-URL"
- add
ulimit -n 1024
to.bash_profile
- edit
.gnupg/gpg-agent.conf
and addallow-loopback-pinentry
Backup
- copy revoke key
cp ~/.gnupg/openpgp-revocs.d/FINGERPRINT.rev ???
- fix group
- zip or tgz and backup
Last modified February 24, 2023: add Duply with MinIO (25b903e)