什么是 restic-home-backup？

restic-home-backup 技能使开发人员和系统管理员能够为 Linux 环境部署专业级的备份策略。通过利用 restic 强大的加密和去重功能，此 Openclaw Skills 项目自动化了数据保存的整个生命周期，从仓库初始化到定期修剪和完整性检查。它确保您的个人或专业数据能够安全地镜像到本地磁盘、SFTP 服务器或兼容 S3 的云存储，无需人工干预。

该技能采用安全优先的设计方法，确保密钥永远不会在日志中泄露，并且所有配置文件都遵循严格的权限标准。通过利用 systemd 定时器，该技能将 restic 从手动 CLI 工具转变为“设置后即忘”的后台服务，通过自动化验证和恢复冒烟测试让您高枕无忧。

下载入口:https://github.com/openclaw/skills/tree/main/skills/moep90/restic-home-backup

安装与下载

1. ClawHub CLI

从源直接安装技能的最快方式。

2. 手动安装

将技能文件夹复制到以下位置之一

优先级：工作区 > 本地 > 内置

3. 提示词安装

将此提示词复制到 OpenClaw 即可自动安装。

restic-home-backup 应用场景

• 自动化家目录的每日备份，防止意外数据丢失。
• 使用 SFTP、S3 或 Backblaze B2 后端实现加密的异地存储。
• 通过受限的环境文件和 chmod 600 权限强化备份安全性。
• 通过自动化的快照修剪建立可靠的保留策略。
• 使用自动化健康检查排查仓库完整性问题。

1. 代理通过识别源路径、目标、传输类型和保留策略来评估备份契约。
2. 它使用引导脚本搭建实现框架，生成确定性的 shell 脚本和 systemd 单元。
3. 通过创建仅根用户可读的环境文件来存储敏感的仓库凭据，从而应用安全加固。
4. 通过运行手动备份、列出快照并对临时目录进行恢复冒烟测试来执行初始验证。
5. 通过启用用于备份、修剪和深度完整性检查的 systemd 定时器来建立长期自动化。

restic-home-backup 配置指南

要开始通过 Openclaw Skills 使用 restic-home-backup，请使用提供的引导脚本初始化您的环境：

# 在仅计划模式下运行引导脚本以查看更改
bash scripts/bootstrap_restic_home.sh

# 应用配置以创建脚本和 systemd 单元
bash scripts/bootstrap_restic_home.sh --apply

# 验证备份定时器是否处于活动状态并已调度
systemctl list-timers | grep restic

restic-home-backup 数据架构与分类体系

该技能将其操作工件组织在标准的 Linux 系统路径中，以实现最大的可靠性：

name: restic-home-backup
description: Design, implement, and operate encrypted restic backups for Linux home directories with systemd automation, retention policies, and restore validation. Use when a user asks to back up ~/, set up daily/weekly/monthly backup jobs, harden backup security, or troubleshoot restore/integrity issues.

Restic Home Backup

Define and deliver a production-ready restic backup setup for ~/ with encryption, deduplication, automated scheduling, and restore testing.

Skill contract

• Name: restic-home-backup
• Problem solved: Provide reliable, encrypted, versioned backups of a Linux home directory with operational safety and repeatable recovery.
• Inputs:
  • Backup target type (local disk, sftp, s3, b2, etc.)
  • Repository endpoint/path
  • Secret handling method (env file or password file)
  • Schedule preferences (daily backup, weekly prune, monthly check)
  • Exclude patterns
• Outputs:
  • Installed and initialized restic repository
  • Backup/prune/check scripts
  • systemd service/timer units
  • Validation evidence (snapshots + test restore)
  • Short operator runbook
• Safety boundaries (must never violate):
  • Never print secrets or tokens in chat/log output.
  • Never delete snapshots/repositories without explicit user confirmation.
  • Never weaken permissions on credential files (chmod 600 minimum).
  • Never claim backup success without checking command exit status and snapshot listing.
  • Never apply system changes implicitly: require explicit --apply (or explicit user confirmation) before writing to /etc, /usr/local/bin, or /etc/systemd/system.

Workflow

1) Assess and confirm backup contract

Collect the minimum required values before changes:

• Source path (default /home/)
• Destination repo and transport
• Retention policy (for example: 7d/4w/12m)
• Preferred schedule in local timezone

If any critical value is missing, ask targeted questions.

2) Scaffold backup implementation

Use these resources:

• scripts/bootstrap_restic_home.sh to generate deterministic setup artifacts. It is PLAN-ONLY by default and requires explicit --apply for system changes. Optional flags control timer enablement, repository initialization, and initial backup run.
• references/ops-checklist.md for day-2 operations and troubleshooting.

Create:

• /etc/restic-home.env (root-readable only)
• /usr/local/bin/restic-home-backup.sh
• /usr/local/bin/restic-home-prune.sh
• /usr/local/bin/restic-home-check.sh
• restic-home-backup.service/.timer
• restic-home-prune.service/.timer
• restic-home-check.service/.timer

3) Harden and validate

Run and verify:

1. restic snapshots
2. One immediate backup run
3. One restore smoke test to temporary directory
4. restic check (or scheduled monthly deep check)

Validate failure behavior:

• Wrong password
• Unreachable repository
• Permission denied on env file

Report exact failing command + short corrective action.

4) Package and publish via ClawHub CLI (when requested)

When user requests publication:

1. Validate skill quality and structure.
2. Package skill.
3. Publish with clawhub CLI.
4. Verify install from registry in a clean environment.

Keep publish actions explicit and auditable.

Response style requirements

Use descriptive language with concrete operational detail:

• Name the exact file path, service name, and command.
• State what changed and how to verify it.
• End multi-step tasks with explicit completion status.