Gitea backup using restic with end-to-end encryption

This script saves all gitea data, but it skips actions_artifacts and actions_logs directories, as they can be regenerated. You can add or remove exclusions as needed.

It is based on Gitea docker-compose config with Traefik and PostgreSQL but can easily be adapted to other setups.

#!/bin/bash
export NAME=$(basename $(pwd))
export RESTIC_REPOSITORY=rest:http://restic:[email protected]:16383/$NAME
export RESTIC_PASSWORD_FILE=.restic_password

if [ ! -f "${RESTIC_PASSWORD_FILE}" ]; then
   echo "Please create .restic_password with the backup encryption password AND BACKUP THAT PASSWORD SEPARATELY!!!"
   exit 1
fi
echo "Initing repo, please ignore any 'already exists' errors"
if [ ! -f ".restic_inited" ]; then
    # Run the restic init command
    restic init

    if [ $? -eq 0 ]; then # if init successful
        # Create the initialization file
        touch ".restic_inited"
        echo "Restic initialized"
    fi
fi

# Save Gitlab-internal PostgreSQL
docker-compose exec -u postgres postgres pg_dump -d gitea -U gitea |  restic --verbose backup --stdin --stdin-filename="$NAME-pgdump.sql"
# Save directories
restic --verbose backup gitea_config gitea_data backup.sh docker-compose.yml --exclude=gitea_data/actions_artifacts --exclude=gitea_data/actions_logs --exclude=gitea_data/tmp

If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow

Buy me a coffee