Duply with MinIO

MinIO Configuration

Step 1: Create bucket without versioning and locking. Quota is also not needed.

Step 2: Create “read only policy” for backup account. Replace BUCKET-NAME with your bucket name from step 2.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetBucketLocation",
                "s3:GetObject",
                "s3:ListBucket",
                "s3:PutObject"
            ],
            "Resource": [
                "arn:aws:s3:::BUCKET-NAME/*"
            ]
        }
    ]
}

Step 3: Create user. Same name as BUCKET-NAME. Assign an password and the policy from step 2.

Create GnuPG Key for Encryption

• gpg --expert --full-generate-key
• use your password manager to generate a passphrase so you have it for the last step
• select “ECC (sign and encrypt)” (which is the default) for kind of key
• select “Curve 25519” (which is the default) for elliptic curve
• select “0” for “key does not expire”
• Real Name: “Duply Backup BUCKET-NAME”
• Mail: none
• Comment: none
• provide passphrase from first step

Install and Config of Duply

• Mac: brew install duply
• execute duply BUCKET-NAME create
• edit exclude
• edit conf

GPG_KEY='KEY-FINGERPRINT'
GPG_PW='KEY-PASSPHRASE'
GPG_OPTS='--pinentry-mode loopback --no-throw-keyids'
TARGET='boto3+s3:///BUCKET-NAME/'
SOURCE='/'
export AWS_ACCESS_KEY_ID='BUCKET-NAME'
export AWS_SECRET_ACCESS_KEY='MINIO-USER-PASSWORD'
MAX_FULL_BACKUPS=12
MAX_FULLS_WITH_INCRS=6
MAX_FULLBKP_AGE=1M
DUPL_PARAMS="$DUPL_PARAMS --full-if-older-than $MAX_FULLBKP_AGE "
DUPL_PARAMS="$DUPL_PARAMS --s3-endpoint-url https://s3.MINIO-URL"

• add ulimit -n 1024 to .bash_profile
• edit .gnupg/gpg-agent.conf and add allow-loopback-pinentry

Backup

• copy revoke key cp ~/.gnupg/openpgp-revocs.d/FINGERPRINT.rev ???
• fix group
• zip or tgz and backup