We use django-dbbackup for backup of the data.

Before create any backup, edit the line

BBACKUP_GPG_RECIPIENT = ""  # XXX This variable need to be filled for --encrypt or --decrypt work properly.

on lowfat/settings.py with the ID of the GPG key you want to use.

To create a new backup, run

$ python3 manage.py dbbackup --encrypt && python3 manage.py mediabackup --encrypt

The --encrypt enable the encryption of the backup by GPG.

The backup files will be created in backups. To restore the last backup, run

$ python3 manage.py dbrestore --decrypt && python3 manage.py mediarestore --decrypt

The --decrypt will use GPG to decrypt the backup before restore the database.

django-dbbackup has a open bug that if the database dump has values with a line break then the restored database will miss the entries with the line break. A workaround this issue is to restore the database manually by running the following commands.

$ gpg -d backup.dump.gpg > /tmp/backup.dump
$ python manage.py migrate
$ sqlite3 db.sqlite3
> .read /tmp/backup.dump
> .q

You should copy the backup files to another machine. You can accomplish this using FTP, SSH, … For Google Drive you can use Petter Rasmussen’s Google Drive CLI Client.

GPG

Create Key

$ gpg --full-gen-key
gpg (GnuPG) 2.1.15; Copyright (C) 2016 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: keybox '/path/to/your/home/.gnupg/pubring.kbx' created
Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: Your Copy of FAT
Email address: your@email.address
Comment: Your comment.
You selected this USER-ID:
    "Your Copy of FAT (Your comment.) <your@email.address>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O

You need a Passphrase to protect your private key.    

Enter passphrase:

Confirm passphrase:

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /path/to/your/home/.gnupg/trustdb.gpg: trustdb created
gpg: key D875377AB6C6C5BE marked as ultimately trusted
gpg: directory '/path/to/your/home/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/path/to/your/home/.gnupg/openpgp-revocs.d/4F1238871193D0C4FEDE0956D875377AB6C6C5BE.rev'
public and secret key created and signed.

pub   rsa4096 2016-12-15 [SC]
      4F1238871193D0C4FEDE0956D875377AB6C6C5BE
uid                      Your Copy of FAT (Your comment.) <your@email.address>
sub   rsa4096 2016-12-15 [E]

Double check that the keys were created!

$ gpg -k
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
/path/to/your/home/.gnupg/pubring.kbx
--------------------------------
pub   rsa4096 2016-12-15 [SC]
      4F1238871193D0C4FEDE0956D875377AB6C6C5BE
uid           [ultimate] Your Copy of FAT (Your comment.) <your@mail.address>
sub   rsa4096 2016-12-15 [E]

$ gpg -K 
/path/to/your/home/.gnupg/pubring.kbx
--------------------------------
sec   rsa4096 2016-12-15 [SC]
      4F1238871193D0C4FEDE0956D875377AB6C6C5BE
uid           [ultimate] Your Copy of FAT (Your comment.) <your@mail.address>
ssb   rsa4096 2016-12-15 [E]

Exporting Keys

$ gpg --export > /path/to/your/exported/public-key
$ gpg --export-secret-keys > /path/to/your/exported/private-key

Importing Keys

$ gpg --import > /path/to/your/exported/public-key
$ gpg --import > /path/to/your/exported/private-key

Schedule

To schedule the backups, we suggest the use of Cron. To add assign a new job to Cron, run crontab -e on your terminal and add

0 0 * * * /path/to/lowfat_production/backup.sh

into the file that you received. The previous code snippet will create daily backups.