Docker-label-driven backup orchestration with restic encryption, deduplication, 5 preset profiles, 11 automation scripts, and the only homelab tool with automated restore verification — deployed in 15 minutes.
restic 0.18.1 and Backrest v1.11.2. Health checks, memory limits. Shoutrrr v0.8.0 runs on-demand via docker run --rm for notifications.
backup.sh (orchestrator), restore.sh (guided restore), verify.sh (automated restore verification), backup-health.sh (scoring), backup-report.sh (status), backup-metrics.sh (Prometheus export), dr-generate.sh (runbook generator), add-service.sh (label configurator), preflight.sh (validation), notify.sh (notifications), migrate.sh (migration helper).
Database (auto-dump for PostgreSQL/pgvector/TimescaleDB/MySQL/MariaDB/MongoDB), Critical (stop + extended retention), Config-Only (90-day flat), Large-Media (exclude media files), Default (all named volumes).
verify.sh spins up temporary containers, imports backups, runs health checks, and reports PASS or FAIL per service. Database import testing, application health checks, file integrity verification.
Guided configuration for encryption password, storage backend, backup schedule, retention, notifications, and Backrest port. Writes .env, initializes repo, starts containers.
README, Troubleshooting (per-component issue guide), Customization (extending the stack), Storage Backends (S3/B2/SFTP/NFS setup guides).
Use it however you want. Modify, redistribute, use commercially. No restrictions.
backup.nxsi.* labels control all backup behavior per container. No central config file to maintain. Add labels, the next backup picks it up.
Temp containers, DB import tests, HTTP health checks, PASS/FAIL reporting. No homelab tool does this. Enterprise tools like Veeam charge thousands.
0-100 score per service based on recency (40%), verification (30%), consistency (20%), and storage integrity (10%). One command tells you if backups are healthy.
dr-generate.sh reads container config and backup history, generates step-by-step recovery markdown for each service. Copy-pasteable rebuild instructions.
Database profile auto-detects PostgreSQL (incl. pgvector, TimescaleDB, PostGIS), MySQL/Percona, MariaDB, and MongoDB from the container image.
Local disk, S3, Backblaze B2, SFTP/NAS. Back up to two locations simultaneously for the 3-2-1 rule. ~$0.50/month for 100GB on B2.
Every homelab runner eventually has the same 3 AM realization: nothing is actually backed up properly.
Maybe you have got a cron job rsyncing a few directories. Maybe Duplicati is running but you have not checked it in months. Maybe you added a new service three weeks ago and never configured backups for it.
The real problem is not backing up. Rsync does that fine. The real problem is everything around it. Knowing which containers need their database dumped before backup. Knowing which ones need to be stopped. Knowing whether the backup you took six months ago can actually be restored. Knowing — at a glance — whether every service is protected.
The Homelab Backup Automation Stack is a Docker Compose deployment that handles backup orchestration for every container on your server. Two services (restic and Backrest) plus shoutrrr notifications, 11 scripts, and 5 backup profiles — all configured through Docker labels on your existing containers.
You add labels to your services. The stack reads those labels and handles everything: pre-backup database dumps, container stop/start for consistency, restic backup with deduplication and AES-256 encryption, retention management, and notifications.
No new databases. No complicated web UIs to configure. No YAML pipelines. Labels on your containers and a setup wizard that takes 15 minutes.
Docker 24+ with Docker Compose v2, Linux host (Ubuntu 22.04+, Debian 12+, Proxmox 8), 768 MB RAM, 5 GB free disk space
Learn how this was built, the decisions made, and gotchas to watch for.
Patterns, lessons, and tools from production automation systems. Delivered weekly.