Add 'vaultik init' command and quickstart section in README
New init command writes a default config file with commented explanations for every setting. Uses XDG config directory via github.com/adrg/xdg for platform-appropriate paths: macOS: ~/Library/Application Support/vaultik/config.yml Linux: ~/.config/vaultik/config.yml root: /etc/vaultik/config.yml Config resolution now searches the XDG path before /etc/vaultik/. Refuses to overwrite an existing file. Created with 0600 permissions. README quickstart rewritten as a single copy-pasteable shell block walking through install, keygen, init, edit, first backup, verify, and cron setup.
This commit is contained in:
85
README.md
85
README.md
@@ -46,66 +46,34 @@ go install git.eeqj.de/sneak/vaultik@latest
|
||||
|
||||
## quick start
|
||||
|
||||
1. **generate keypair**
|
||||
```sh
|
||||
# 1. Install
|
||||
go install git.eeqj.de/sneak/vaultik@latest
|
||||
|
||||
```sh
|
||||
age-keygen -o agekey.txt
|
||||
grep 'public key:' agekey.txt
|
||||
```
|
||||
# 2. Generate an age keypair (store the private key somewhere safe, offline)
|
||||
age-keygen -o key.txt
|
||||
# the public key is printed to stdout and also in key.txt
|
||||
|
||||
2. **write config** (see `config.example.yml` for all options)
|
||||
# 3. Create a default config file
|
||||
vaultik init
|
||||
# Writes to the platform config directory with commented defaults:
|
||||
# macOS: ~/Library/Application Support/vaultik/config.yml
|
||||
# Linux: ~/.config/vaultik/config.yml
|
||||
# root: /etc/vaultik/config.yml
|
||||
|
||||
```yaml
|
||||
snapshots:
|
||||
system:
|
||||
paths:
|
||||
- /etc
|
||||
- /var/lib
|
||||
exclude:
|
||||
- '*.cache'
|
||||
home:
|
||||
paths:
|
||||
- /home/user/documents
|
||||
- /home/user/photos
|
||||
# 4. Edit the config: set age_recipients, snapshots, and storage_url
|
||||
# (init prints the path it wrote to)
|
||||
|
||||
exclude:
|
||||
- '*.log'
|
||||
- '*.tmp'
|
||||
- '.git'
|
||||
- 'node_modules'
|
||||
# 5. Run your first backup
|
||||
vaultik snapshot create
|
||||
|
||||
age_recipients:
|
||||
- age1YOUR_PUBLIC_KEY_HERE
|
||||
# 6. Verify it worked
|
||||
vaultik snapshot list
|
||||
vaultik snapshot verify <snapshot-id>
|
||||
|
||||
# Storage backend (pick one):
|
||||
storage_url: "s3://mybucket/backups?endpoint=s3.example.com®ion=us-east-1"
|
||||
# storage_url: "file:///mnt/backups"
|
||||
# storage_url: "rclone://myremote/path/to/backups"
|
||||
|
||||
# For s3:// URLs, credentials are still required:
|
||||
s3:
|
||||
access_key_id: ...
|
||||
secret_access_key: ...
|
||||
```
|
||||
|
||||
3. **run**
|
||||
|
||||
```sh
|
||||
# Back up all configured snapshots
|
||||
vaultik --config /etc/vaultik.yml snapshot create
|
||||
|
||||
# Back up specific snapshots by name
|
||||
vaultik --config /etc/vaultik.yml snapshot create home system
|
||||
|
||||
# Silent mode for cron
|
||||
vaultik --config /etc/vaultik.yml snapshot create --cron
|
||||
|
||||
# Back up and clean up old snapshots + orphan blobs in one shot
|
||||
vaultik --config /etc/vaultik.yml snapshot create --prune
|
||||
|
||||
# Daily cron: back up, keep last 4 weeks of snapshots
|
||||
vaultik --config /etc/vaultik.yml snapshot create --cron --prune --keep-newer-than 4w
|
||||
```
|
||||
# 7. Set up a daily cron job (keeps last 4 weeks of snapshots)
|
||||
# 0 3 * * * vaultik snapshot create --cron --prune --keep-newer-than 4w
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
@@ -114,6 +82,7 @@ go install git.eeqj.de/sneak/vaultik@latest
|
||||
### commands
|
||||
|
||||
```sh
|
||||
vaultik [--config <path>] init
|
||||
vaultik [--config <path>] snapshot create [snapshot-names...] [--cron] [--prune] [--keep-newer-than <duration>] [--skip-errors]
|
||||
vaultik [--config <path>] snapshot list [--json]
|
||||
vaultik [--config <path>] snapshot verify <snapshot-id> [--deep] [--json]
|
||||
@@ -132,7 +101,7 @@ vaultik version
|
||||
|
||||
### global flags
|
||||
|
||||
* `--config <path>`: Path to config file (default: `$VAULTIK_CONFIG` or `/etc/vaultik/config.yml`)
|
||||
* `--config <path>`: Path to config file (default: `$VAULTIK_CONFIG`, then platform config dir, then `/etc/vaultik/config.yml`)
|
||||
* `--verbose`, `-v`: Enable verbose output
|
||||
* `--debug`: Enable debug output
|
||||
* `--quiet`, `-q`: Suppress non-error output
|
||||
@@ -145,6 +114,12 @@ vaultik version
|
||||
|
||||
### command details
|
||||
|
||||
**init**: Write a default config file with commented explanations for every
|
||||
setting. Writes to the path from `--config`, `$VAULTIK_CONFIG`, or the
|
||||
platform config directory (`~/Library/Application Support/vaultik/` on macOS,
|
||||
`~/.config/vaultik/` on Linux, `/etc/vaultik/` as root). Refuses to overwrite an
|
||||
existing file. Created with mode `0600` since it will contain credentials.
|
||||
|
||||
**snapshot create**: Perform incremental backup of configured snapshots.
|
||||
* Optional snapshot names argument to create specific snapshots (default: all)
|
||||
* `--cron`: Silent unless error (for crontab)
|
||||
|
||||
Reference in New Issue
Block a user