john/soteria
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8 Commits 2 Branches 0 Tags
aa7f8ff548db3acbe746e312ba4f5dc4b1c4a74a
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
John Lancaster aa7f8ff548 server content
2025-12-28 15:32:46 -06:00
certs
certs folder
2025-12-28 13:38:16 -06:00
.gitignore
initial commit
2025-12-28 12:52:31 -06:00
Caddyfile
named key files
2025-12-28 14:51:38 -06:00
docker-compose.yml
named key files
2025-12-28 14:51:38 -06:00
README.md
server content
2025-12-28 15:32:46 -06:00

README.md

[Soteria]

Soteria: https://en.wikipedia.org/wiki/Soteria_(mythology)

In Greek mythology, Soteria (Greek: Σωτηρία) was the goddess or spirit (daimon) of safety and salvation, deliverance, and preservation from harm

Intent

Connect solely through wireguard to 192.168.1.142 and serve the REST server with a certificate signed by Janus.

Restic REST Server

restic / rest-server

REST backend

Certificates

Certificate Renewal

Generate a new private key and (public) certificate

step ca certificate soteria.john-stream.com certs/soteria.crt certs/soteria.key --provisioner admin

One-time setup for Caddy to be able to trust the Janus CA. This creates a symlink for the root CA.

ln -s $(step path)/certs/root_ca.crt certs/root_ca.crt

Check certificate

openssl x509 -noout -subject -issuer -ext extendedKeyUsage -in certs/soteria.crt

cat certs/soteria.crt certs/soteria.key > $(step path)/certs/soteria.pem

Add to ~/.bashrc to trust the Janus CA:

export RESTIC_CACERT=$(step path)/certs/root_ca.crt

Create a test repo through the rest server:

restic -r rest:https://soteria.john-stream.com:8443/dev-test --tls-client-cert certs/client_combined.pem init

Restic Repos

Mounted using a bind mount point in the LXC.

https://pve.proxmox.com/wiki/Linux_Container#_bind_mount_points

pct set 103 -mp0 /mnt/nfs/restic,mp=/mnt/restic

Restic Clients

Set up provisioner password by running this and pasting in the current JWK provisioner password for admin

read -s secret && (umask 077; echo "$secret" > secret.txt)

cd $(step path)/certs && \
step ca certificate \
    --provisioner admin --password-file secret.txt \
    $(hostnamectl hostname) restic.crt restic.key && \
(umask 077; cat restic.crt restic.key > restic.pem)

Need restic 0.16+ for the env vars RESTIC_CACERT and RESTIC_TLS_CLIENT_CERT to work.

export RESTIC_CACERT=$(step path)/certs/root_ca.crt
export RESTIC_TLS_CLIENT_CERT=$(step path)/certs/restic.pem

Installing Latest Binary

curl -s https://api.github.com/repos/restic/restic/releases/latest | grep tag_name

wget -O restic.bz2 https://github.com/restic/restic/releases/download/v0.18.1/restic_0.18.1_linux_amd64.bz2 && \
bunzip2 restic.bz2 && \
chmod +x restic && \
sudo mv restic /usr/local/bin/ && \
restic version
Reference in New Issue View Git Blame Copy Permalink
Description
In Greek mythology, Soteria (Greek: Σωτηρία) was the goddess or spirit (daimon) of safety and salvation, deliverance, and preservation from harm
Readme 153 KiB
Languages
Shell 100%