安装方式
手动下载安装
下载 ZIP 后解压到技能目录即可安装。若在桌面客户端 WebView中直接下载出现异常,本站会改为提示页 + 原始链接,请按页内说明操作。
下载 ZIP (shub-restic-workstation-backup-v1.0.0.zip)触发指令
/restic-home-backup
跨平台安装指引
该技能声明兼容以下 1 个平台,将 ZIP 解压到对应目录即可被识别。
unzip shub-restic-workstation-backup-v1.0.0.zip -d ~/.claude/skills/
目录不存在时请先
mkdir -p 创建;启用 Skill 后请重启对应 Agent 让配置生效。
使用指南
Restic 工作站备份
围绕 Restic 工作站备份:笔记本/桌面机向 restic 仓库的备份节奏与排除规则;与「restic-home-backup」系列按包选用。 无需在每次任务前把零散英文说明手工拼进上下文,也 减少 与客户端默认行为脱节的试错;具体命令、钩子与 JSON 参数仍以 ZIP 包内 SKILL.md 为权威。下文结构与站内 MCP CLI 类专题稿相同:何时用、前置、流程、速查与故障。
何时使用
- 笔记本/桌面机向 restic 仓库的备份节奏与排除规则
- 与「restic-home-backup」系列按包选用
- 已获取本技能 ZIP,并准备在 Claude Code / OpenClaw 中按 SKILL.md 挂载。
- 希望用中文专题稿快速判断「该不该启用」,再深入英文 SKILL 查参数与边界。
- 需要与团队对齐同一套触发方式、目录约定或回调格式时。
前置条件
- 通用:可运行 Claude Code 或文档要求的客户端;有可读写的项目工作区(或 SKILL.md 指定的沙箱目录)。
- 权威细节:API Key / OAuth、钩子路径、环境变量以 ZIP 内 SKILL.md 为准。
典型流程
- 从 ClawHub / 站内分发获取技能 ZIP,校验版本与校验和(若提供)。
- 阅读 SKILL.md 的安装段落:目录落点、客户端类型(Claude Code / OpenClaw / 脚本)。
- 用文档中的最小示例完成第一次调用(单文件修改、单次查询或单次委派)。
- 确认工作目录、权限边界与输出路径后,再处理多文件或长耗时任务。
- 需要回调 / Webhook / 通知时,按 SKILL.md 配置端点并在测试环境先验通。
与 ZIP / SKILL.md 的关系
站内专题稿与 MCP CLI 类 oss 稿同样:概括何时用、怎么接、怎么排错;命令模板、钩子名、JSON 字段、版本矩阵一律以 ZIP 内 SKILL.md 与 ClawHub 上游为准。
命令示例(摘自包内 SKILL.md)
以下为从上游 SKILL.md(或入库正文)自动抽取的终端/脚本片段;路径、环境变量与参数以当前 ZIP 与官方说明为准。
ClawHub slug:restic-workstation-backup(安装命令以 SKILL.md / claw CLI 为准)。
bash scripts/bootstrap_restic_home.sh \
--user alice \
--repo "sftp:backupsvc@10.50.8.24:/srv/backups/home/devbox17"
sudo bash scripts/bootstrap_restic_home.sh \
--user alice \
--repo "sftp:backupsvc@10.50.8.24:/srv/backups/home/devbox17" \
--hostname devbox17 \
--timezone "America/Los_Angeles" \
--mail-to sre-oncall@example.com \
--keep-daily 14 --keep-weekly 8 --keep-monthly 12 \
--config-dir /etc/home-backup \
--log-dir /var/log/home-backup \
--apply \
--init-repo \
--enable-timers \
--run-initial-backup \
--archive-legacy-cron \
--dry-run-prune
bash scripts/install_userlevel_restic.sh \
--repo /mnt/offsite/backups/labvm3-home \
--hostname labvm3 \
--timezone "America/Los_Angeles" \
--mail-to sre-oncall@example.com \
--apply --init-repo --enable-timers --run-initial-backup
# Enable linger (one-time, requires sudo):
sudo loginctl enable-linger bob
# Manage:
systemctl --user list-timers 'restic-home-*' # list
systemctl --user start restic-home-backup.service # manual backup
bash scripts/install_userlevel_restic.sh --remove # remove schedule
sudo bash scripts/validate_restic_setup.sh
# Inspect:
systemctl list-timers restic-home-audit.timer --no-pager
# Cancel:
systemctl disable --now restic-home-audit.timer
# Run now:
systemctl start restic-home-audit.service
# Validate skill structure:
clawhub validate .
# Publish:
clawhub publish .
# Verify clean install (fresh environment, no secrets carried over):
mkdir /tmp/clawhub-verify && cd /tmp/clawhub-verify
clawhub install restic-home-backup
# Run plan-only to confirm scripts are present and executable:
bash restic-home-backup/scripts/bootstrap_restic_home.sh \
--user testuser --repo sftp:test@localhost:/test
站内入库时的触发命令(完整语义见 ZIP):
# 使用本技能时可在对话中引用或执行上述指令;完整参数与示例见下载包内 SKILL.md。
/restic-home-backup
最佳实践
- 先 SKILL.md 再猜参数;站内专题稿不替代 schema 与必填字段说明。
- 委派任务时写清验收标准(命令、文件路径、测试命令),减少来回追问。
- 长任务用文档推荐的回调 / 日志落盘代替高频轮询,省 Token 也省机器负载。
- 多技能同时启用时,注意钩子加载顺序与重复工具调用(以 SKILL.md 冲突说明为准)。
调试与排错
- 打开 stderr 与客户端日志;PTY/tmux 场景同时看面板最后几十行输出。
- 参数错误时对照 SKILL.md 中的 JSON/CLI 示例(引号、转义、工作目录)。
- 网络类失败:查代理、防火墙、MCP 传输方式(stdio / HTTP / SSE)。
速查
| 动作 | 说明 |
|------|------|
| 获取技能包 | ClawHub / 站内 ZIP,核对版本 |
| 权威步骤 | 优先阅读 ZIP 内 SKILL.md |
| 首次试跑 | 使用 SKILL.md 最小示例 |
| 验收 | 对照路径、测试命令或回调负载 |
常见故障
- 无输出或立即退出 → 工作目录错误、依赖未装、或 Claude Code 未登录;按 SKILL.md 自检清单执行。
- 权限被拒绝 → 检查沙箱路径、
--permission-mode与工具白名单。 - 与简介不符 → 以英文 SKILL 与上游仓库为准,站内稿仅作结构化导读。
# Restic Home Backup
Deliver a production-ready, unattended restic backup workflow for a Linux home
directory, covering encryption, deduplication, versioned retention, systemd
scheduling, retry logic, durable logging, email alerting, and restore validation.
## Skill contract
- **Name:** `restic-home-backup`
- **Version:** `2.0.0`
- **Problem solved:** Reliable, encrypted, versioned backups of a Linux home
directory. Supports SSH/SFTP remote repositories, DST-safe scheduling,
transient-error retries, user-level installs (no root), one-time restore
audit timers, and reusable multi-host rollout.
- **Inputs:**
- Backup source user and path
- Repository endpoint/transport (`local`, `sftp`, `s3`, `b2`, etc.)
- Timezone (default `America/Los_Angeles`)
- Retention policy (default: 14 daily / 8 weekly / 12 monthly)
- Exclude patterns
- Alert email
- **Outputs:**
- Installed and initialized restic repository
- Backup / prune / check / audit scripts under `/usr/local/bin/`
- Structured log wrapper with start/end/elapsed/exit-code per job
- systemd service+timer units (system-level or user-level)
- One-time restore audit timer
- Retry logic for transient failures (never retries auth/perm errors)
- Validation evidence: snapshot listing, restore drill, integrity check
- Controlled failure drills: wrong secret / unreachable repo / bad env file
- Operator runbook (`references/runbook.md`)
- Ops checklist (`references/ops-checklist.md`)
- **Safety boundaries (must never violate):**
- Never print secrets or tokens in chat, log output, or scripts.
- Never delete snapshots or repositories without explicit user confirmation.
- Never weaken permissions on credential files (0600 minimum).
- Never claim backup success without checking exit status and snapshot listing.
- Default to PLAN-ONLY mode; require explicit `--apply` for system changes.
- No snapshot deletion during initial engagement; use `--dry-run-prune` to preview.
## Workflow
### 1) Collect backup contract
Minimum required:
- Source path (e.g., `/home/alice`)
- Repository (e.g., `sftp:backupsvc@10.50.8.24:/srv/backups/home/devbox17`)
- Retention policy
- Preferred schedule in local timezone
If any critical value is missing, ask targeted questions.
### 2) Show plan (no-change pass)
```bash
bash scripts/bootstrap_restic_home.sh \
--user alice \
--repo "sftp:backupsvc@10.50.8.24:/srv/backups/home/devbox17"
```
This prints the complete plan: files, schedule, retention, secrets approach,
retry logic, legacy cron archival, and dry-run prune preview. Zero changes made.
### 3) Apply system changes
```bash
sudo bash scripts/bootstrap_restic_home.sh \
--user alice \
--repo "sftp:backupsvc@10.50.8.24:/srv/backups/home/devbox17" \
--hostname devbox17 \
--timezone "America/Los_Angeles" \
--mail-to sre-oncall@example.com \
--keep-daily 14 --keep-weekly 8 --keep-monthly 12 \
--config-dir /etc/home-backup \
--log-dir /var/log/home-backup \
--apply \
--init-repo \
--enable-timers \
--run-initial-backup \
--archive-legacy-cron \
--dry-run-prune
```
What this does (in order):
1. Creates `/etc/home-backup/` (0700), generates password (0600, never printed)
2. Writes env file (0600) and excludes list
3. Creates log directory `/var/log/home-backup/`
4. Installs logging+retry wrapper (`restic-home-log-run.sh`)
5. Installs 4 operational scripts (backup, prune, check, audit-drill)
6. Writes 8 systemd units (4 service + 4 timer)
7. Archives and removes legacy root crontab entry
8. Enables timers and runs `daemon-reload`
9. Initializes repo (skips if already exists)
10. Starts first backup via systemd
11. Shows `restic forget --dry-run` output (no deletion)
### 4) User-level install (no root required — e.g., labvm3/bob)
```bash
bash scripts/install_userlevel_restic.sh \
--repo /mnt/offsite/backups/labvm3-home \
--hostname labvm3 \
--timezone "America/Los_Angeles" \
--mail-to sre-oncall@example.com \
--apply --init-repo --enable-timers --run-initial-backup
# Enable linger (one-time, requires sudo):
sudo loginctl enable-linger bob
# Manage:
systemctl --user list-timers 'restic-home-*' # list
systemctl --user start restic-home-backup.service # manual backup
bash scripts/install_userlevel_restic.sh --remove # remove schedule
```
### 5) End-to-end validation
```bash
sudo bash scripts/validate_restic_setup.sh
```
Runs:
- Snapshot listing
- Restore drill to `/tmp/restore-drill` (verifies `.ssh/config`,
`Documents/roadmap.md`, `.config/git/config`)
- Cleanup of temp restore directory
- Repository integrity check
- Three failure drills: wrong secret / unreachable repo / unreadable env file
(each prints the failing command and a one-line corrective action)
### 6) One-time restore audit timer
The bootstrap creates `restic-home-audit.timer` for a single scheduled restore
drill. By default: **2026-04-17 17:00:00 America/Los_Angeles**.
```bash
# Inspect:
systemctl list-timers restic-home-audit.timer --no-pager
# Cancel:
systemctl disable --now restic-home-audit.timer
# Run now:
systemctl start restic-home-audit.service
```
### 7) Package and publish via ClawHub
```bash
# Validate skill structure:
clawhub validate .
# Publish:
clawhub publish .
# Verify clean install (fresh environment, no secrets carried over):
mkdir /tmp/clawhub-verify && cd /tmp/clawhub-verify
clawhub install restic-home-backup
# Run plan-only to confirm scripts are present and executable:
bash restic-home-backup/scripts/bootstrap_restic_home.sh \
--user testuser --repo sftp:test@localhost:/test
```
## Files in this skill
```
scripts/
bootstrap_restic_home.sh System-level install (plan + apply)
install_userlevel_restic.sh User-level install for non-root hosts
validate_restic_setup.sh End-to-end validation + failure drills
references/
runbook.md Full operator runbook (13 sections)
ops-checklist.md Quick daily/weekly/monthly reference
```
## Response style requirements
- Name exact file paths, service names, and commands.
- State what changed and how to verify it.
- Never print passwords or tokens.
- End multi-step tasks with an explicit completion status.
- Reference `references/runbook.md` for day-2 operational guidance.