1.9 KiB
1.9 KiB
[Soteria]
Soteria: https://en.wikipedia.org/wiki/Soteria_(mythology)
In Greek mythology, Soteria (Greek: Σωτηρία) was the goddess or spirit (daimon) of safety and salvation, deliverance, and preservation from harm
Intent
Connect solely through wireguard to 192.168.1.142 and serve the REST server with a certificate signed by Janus.
Restic REST Server
Certificates
Generate a new private key and (public) certificate
step ca certificate soteria.john-stream.com certs/foo.crt certs/foo.key --provisioner admin
Check certificate
openssl x509 -in certs/foo.crt -noout -subject -issuer -ext extendedKeyUsage
cat certs/foo.crt certs/foo.key > $(step path)/certs/soteria.pem
Add to ~/.bashrc to trust the Janus CA:
export RESTIC_CACERT=$(step path)/certs/root_ca.crt
Create a test repo through the rest server:
restic -r rest:https://soteria.john-stream.com:8443/dev-test --tls-client-cert certs/client_combined.pem init
Restic Repos
Mounted using a bind mount point in the LXC.
https://pve.proxmox.com/wiki/Linux_Container#_bind_mount_points
pct set 103 -mp0 /mnt/nfs/restic,mp=/mnt/restic
Restic Clients
Need restic 0.16+ for the env vars RESTIC_CACERT and RESTIC_TLS_CLIENT_CERT to work.
export RESTIC_CACERT=$(step path)/certs/root_ca.crt
export RESTIC_TLS_CLIENT_CERT=$(step path)/certs/soteria.pem
Installing Latest Binary
curl -s https://api.github.com/repos/restic/restic/releases/latest | grep tag_name
wget -O restic.bz2 https://github.com/restic/restic/releases/download/v0.18.1/restic_0.18.1_linux_amd64.bz2 && \
bunzip2 restic.bz2 && \
chmod +x restic && \
sudo mv restic /usr/local/bin/ && \
restic version