Encrypted backups to S3-compatible storage using restic

[thomasheller]

This feature allows to create encrypted backups of the Nextcloud data directory and (optionally) Nextcloud database to any S3-compatible storage using restic.

Workflow:

• Create a bucket at the S3 provider of your choice
• Run nc-restic-s3-init to initialize the encrypted repository (once)
• Run nc-restic-s3-backup to create a backup when desired (password not stored for security reasons; optionally prune old backups)
• On a fresh NextCloudPi install, restore using nc-restic-s3-restore

Limitations:

• Backup is created in directory ncp-backup inside the S3 bucket. Should this be configurable?
• Existing files that are not present in the backup are not deleted during restore. If you need a clean state on an existing system, you must delete the Nextcloud data directory manually. (See also restic/restic#2348)

Notes:

• You can also restore specific files using restic restore --include via SSH
• Use restic forget --prune to remove old backups when needed via SSH (there are many more sophisticated options beyond the number of days to keep)

If you have any suggestions for improving this PR, feel free to comment. :slightly_smiling_face:

[nachoparker]

This is very interesting, let me know when it's ready to take a look.

Thanks!

[thomasheller]

@nachoparker Ready

[ristomatti]

Are there plans to complete this? And later add support for other backends, like B2?