tutorials/backup-duplicity.md

+# Create the gpg key
+
+First you have to create a gpg key for generating the backups. Either you generate a key without passphrase to allow for automatic backups or you specify the passphrase on the command line when running backups.
+
+## Key without passphrase
+
+Generate the key:
+
+```bash
+$ gpg --quick-gen-key --passphrase "" backup
+```
+
+To export the key to a file first list the keys:
+
+```bash
+$ gpg -K
+```
+
+Then export the one you want with:
+
+```bash
+$ gpg --export $KEYID >/tmp/key.export
+```
+
+This can then be imported on the target machine via:
+
+```bash
+gpg --import  </tmp/key.export
+```
+
+## Key with passphrase
+
+Same as above but without the `--passphrase` part.
+
+# Create the backup
+
+Create the batch file for the backup.
+
+```bash
+#!/bin/bash
+
+TARGET='rsync://backup@$DOMAIN/$PATH'
+
+KEY='--encrypt-key $key'
+
+# create the backup, incrementally and a full one every month
+duplicity incr --full-if-older-than 1M --name "$name" "$KEY" "$path" "${TARGET}/${sub_folder}"
+
+# remove backups older than 3 months
+PASSPHRASE="" duplicity remove-older-than 3M --force "$KEY" "${TARGET}/${sub_folder}"
+```
+
+If you have a passphrase for the gpg key, provide it as an environment variable to duplicity.
+
+| Variable | Function |
+| --- | --- |
+| `$name` | The name of the backup, prefixed to the generated file |
+| `$path` | The path to backup |
+| `$sub_folder` | The sub folder where to store this on the backup machine |
+
+To have an rsync server as above and only allow rsync login follow the guide in [Rsync only SSH](tutorials/rsync-only-ssh).
\ No newline at end of file