-
-
Notifications
You must be signed in to change notification settings - Fork 2
cmd backup
Backup operations: create, list, restore, verify, prune, config, status, init-key.
nself backup <subcommand> [flags] [args]
nself backup covers the full life cycle of project backups: full Postgres dumps, write-ahead-log (WAL) checkpoints, MinIO object snapshots, configuration metadata, and combined backups. Backups can be encrypted with age (one keypair per project) and pruned by retention policy.
Subcommands include create (one-shot full or incremental), list (filter by remote, environment, age), restore (from any backup ID or latest, with partial restore options), verify (checksum or full restore-test in a disposable container), and prune (apply daily/weekly/monthly retention).
Note: Point-in-time recovery (PITR) ships as a dedicated nself pitr command (enable, disable, status, base-backup, restore) in v1.1.1. The --point-in-time flag on backup itself was removed; use nself pitr restore for WAL replay.
backup config --install-cron installs systemd timers for full backups, WAL checkpoints, prune cycles, and weekly verify drills so an operator can hand off to automation.
| Name | Description |
|---|---|
create |
Create a new backup |
list |
List available backups |
restore <backup-id|latest> |
Restore from a backup |
verify <backup-id|latest> |
Verify backup integrity |
prune |
Remove old backups by retention policy |
config |
View or install backup configuration (systemd timers) |
status |
Show backup subsystem status |
init-key |
Generate age encryption keypair for backups |
| Flag | Default | Description |
|---|---|---|
--type |
full |
Backup type: full, wal, metadata, minio, all
|
--remote |
"" |
Remote name override |
--encrypt |
false | Force encryption on |
--no-encrypt |
false | Force encryption off |
--tag |
"" |
Human label for this backup |
--dry-run |
false | Preview only |
| Flag | Default | Description |
|---|---|---|
--remote |
"" |
Filter by remote name |
--env |
"" |
Filter by environment |
--since |
"" |
Show backups newer than duration (e.g. 24h, 7d) |
--format |
table |
Output format: table or json
|
| Flag | Default | Description |
|---|---|---|
--to |
"" |
Restore to alternate directory |
--only |
"" |
Restore subset: pg, minio, metadata (comma-separated) |
--decrypt-key |
"" |
Path to age identity file |
--yes |
false | Skip confirmation |
Note: --point-in-time is not a flag on backup restore. Use nself pitr restore (v1.1.1) for WAL-replay point-in-time recovery via pgbackrest.
| Flag | Default | Description |
|---|---|---|
--restore-test |
false | Spin up test container and restore |
--cleanup |
true | Remove test container after verify |
--keep |
false | Keep test container for inspection |
When --restore-test is set, backup verify goes beyond the default checksum check:
- Spins up an ephemeral Postgres container on a random local port.
- Restores the target
.dumpfile viapg_restoreinto the container. - Runs the full smoke-query catalog (5+ system tables): user table count, live tuple count,
auth.userspresence,hdb_catalog.hdb_metadatapresence, andnp_claw_conversationspresence. A zero user-table count triggers an explicit "row count mismatch, schema-only restore detected" failure. - Runs a sentinel CRUD round-trip: creates a temp schema, inserts a sentinel row, reads it back, and drops the schema. Completes in under 2 seconds. Cleaned up in defer even on panic.
- Reports pass/fail with JSON output suitable for cron consumption.
- Tears down the container and volume via
defer, cleanup happens even on failure.
Exit code 0 = restore verified. Non-zero = verify failed. JSON output:
{"backup_id":"latest","verified":true,"started_at":"2026-04-20T02:00:01Z","duration":"47.3s","method":"restore-test","details":"file size: 104857600 bytes"}Use --keep to inspect the restored database before teardown (useful for debugging silent data corruption).
Note: --restore-test is the correct flag (not --test-restore). This is verified in cli/internal/backup/verify.go field RestoreTest.
Cross-link: DR Runbook uses backup verify --restore-test as the weekly automated integrity check.
| Flag | Default | Description |
|---|---|---|
--dry-run |
false | Preview only |
--keep-daily |
7 |
Keep last N daily backups |
--keep-weekly |
4 |
Keep last N weekly backups |
--keep-monthly |
12 |
Keep last N monthly backups |
--format |
"" |
Output format: json
|
| Flag | Default | Description |
|---|---|---|
--format |
"" |
Output format: json
|
--install-cron |
false | Install systemd timers for backup, WAL, prune, verify |
--full-at |
03:00 |
Full backup time UTC (HH:MM) when --install-cron
|
--wal-every |
15m |
WAL checkpoint interval when --install-cron
|
--prune-at |
04:00 |
Prune time UTC (HH:MM) when --install-cron
|
--verify-on |
Sun |
Weekly restore-test day when --install-cron
|
--verify-at |
05:00 |
Weekly restore-test time UTC when --install-cron
|
--remote |
"" |
Override configured remote when --install-cron
|
--unit-dir |
/etc/systemd/system |
Systemd unit directory when --install-cron
|
--dry-run |
false | Print unit files without writing when --install-cron
|
| Flag | Default | Description |
|---|---|---|
--format |
"" |
Output format: json
|
# Generate the age keypair before first encrypted backup
nself backup init-key
# Create a full encrypted backup tagged for traceability
nself backup create --type full --encrypt --tag pre-deploy
# List backups newer than a week, JSON for piping
nself backup list --since 7d --format json
# Restore latest backup, restoring only Postgres data
nself backup restore latest --only pg --yes
# Verify the latest backup with a real restore-test container
nself backup verify latest --restore-test
# Install systemd timers so backups run automatically
sudo nself backup config --install-cron --full-at 02:30nself backup creates archives that follow the nself-backup-v1 spec. The spec covers the archive filename pattern, manifest.json structure, checksums.sha256 format, encryption contract, and the exact extraction order used by restore. See .claude/docs/operations/BACKUP-FORMAT.md.
backup create --type metadata exports Hasura metadata by running hasura-cli inside the _hasura container. The Hasura admin secret is passed to docker exec via the -e HASURA_GRAPHQL_ADMIN_SECRET=<value> flag. This keeps the secret in the container's environment and out of the process-table argv, which would otherwise be readable by any local user via ps aux (CWE-214). No user-facing change is required; this is an internal implementation detail.
- cmd-dr, disaster recovery operations
- cmd-secrets, manage encryption keys
- cmd-db, database operations
- Commands, full command index
ɳSelf CLI v1.0.9. MIT licensed. Docs CC BY 4.0.
GitHub · Issues · Discussions · nself.org · docs.nself.org
Getting Started
Commands
- Commands, Overview
- Lifecycle: cmd-init · cmd-build · cmd-start · cmd-stop · cmd-restart · cmd-dev
- Monitoring: cmd-status · cmd-logs · cmd-health · cmd-urls · cmd-doctor · cmd-monitor · cmd-alerts · cmd-sentry · cmd-watchdog · cmd-dogfood
- Data: cmd-db · cmd-backup · cmd-dr · cmd-queue · cmd-webhooks
- Config: cmd-config · cmd-service · cmd-env · cmd-promote
- Networking: cmd-ssl · cmd-trust · cmd-dns-setup
- Security: cmd-security · cmd-secrets · cmd-waf
- Tenancy: cmd-tenant · cmd-billing
- Plugins: cmd-plugin · cmd-license
- AI: cmd-ai · cmd-claw · cmd-model
- Templates: cmd-template
- Utilities: cmd-exec · cmd-clean · cmd-reset · cmd-update · cmd-upgrade · cmd-version · cmd-admin · cmd-migrate · cmd-migrate-firebase · cmd-migrate-supabase · cmd-completion
Features
- Features, Overview
- Feature-Auth
- Feature-Storage
- Feature-Search
- Feature-Functions
- Feature-Email
- Feature-Monitoring
- Feature-Plugins
- Feature-ɳClaw, AI Assistant
- Feature-ɳChat, Messaging
- Feature-ɳTV, Media Player
- Feature-ɳFamily, Family Social
- Feature-ɳCloud, Managed Hosting
- Feature-Memory-Rooms, Knowledge Organization
- Feature-Agent-Dashboard, Agent Metrics
- Feature-Image-Generation, AI Image Generation
Configuration
- Configuration, Overview
- Config-Env-Vars
- Config-Postgres
- Config-Hasura
- Config-Auth
- Config-Nginx
- Config-Optional-Services
- Config-Custom-Services
- Config-System
Plugins (87 + 10 monitoring)
Free (25)
- plugin-backup
- plugin-content-acquisition
- plugin-content-progress
- plugin-cron
- plugin-donorbox
- plugin-feature-flags
- plugin-github
- plugin-github-runner
- plugin-invitations
- plugin-jobs
- plugin-link-preview
- plugin-mdns
- plugin-mlflow
- plugin-monitoring
- plugin-notifications
- plugin-notify
- plugin-paypal
- plugin-search
- plugin-shopify
- plugin-stripe
- plugin-subtitle-manager
- plugin-tokens
- plugin-torrent-manager
- plugin-vpn
- plugin-webhooks
Pro (62)
- plugin-access-controls
- plugin-activity-feed
- plugin-admin-api
- nself-ai-gateway
- nself-ai-cc
- nself-ai-mcp
- plugin-analytics
- plugin-auth
- plugin-backup-pro
- plugin-bots
- plugin-browser
- plugin-calendar
- plugin-cdn
- plugin-chat
- plugin-claw
- plugin-claw-budget
- plugin-claw-news
- plugin-claw-web
- plugin-cloudflare
- plugin-cms
- plugin-compliance
- plugin-cron-pro
- plugin-ddns
- plugin-devices
- plugin-documents
- plugin-donorbox-pro
- plugin-entitlements
- plugin-epg
- plugin-file-processing
- plugin-game-metadata
- plugin-geocoding
- plugin-geolocation
- plugin-google
- plugin-home
- plugin-idme
- plugin-knowledge-base
- plugin-linkedin
- plugin-livekit
- plugin-media-processing
- plugin-meetings
- plugin-moderation
- plugin-mux
- plugin-notify-pro
- plugin-object-storage
- plugin-observability
- plugin-paypal-pro
- plugin-photos
- plugin-podcast
- plugin-post
- plugin-realtime
- plugin-recording
- plugin-retro-gaming
- plugin-rom-discovery
- plugin-shopify-pro
- plugin-social
- plugin-sports
- plugin-stream-gateway
- plugin-streaming
- plugin-stripe-pro
- plugin-support
- plugin-tmdb
- plugin-voice
- plugin-web3
- plugin-workflows
Planned (26)
plugin-auditplugin-blogplugin-checkoutplugin-commerceplugin-drmplugin-exportplugin-flowplugin-importplugin-ldapplugin-mailgunplugin-mediaplugin-oauth-providersplugin-pagesplugin-postmarkplugin-rate-limitplugin-reportsplugin-samlplugin-schedulerplugin-sendgridplugin-ssoplugin-subscriptionplugin-thumbplugin-transcoderplugin-twilioplugin-wafplugin-watermark
Guides
- Guide-Production-Deployment
- Guide-SSL-Setup
- Guide-Multi-Tenancy
- Guide-Security-Hardening
- Guide-Monitoring-Setup
- Guide-Backup-Restore
- Guide-Custom-Services
- Guide-Migration-from-v1
Architecture
Reference
- API-Reference
- reference-error-codes, Error Codes
Licensing
Security
Brand
Operations
- operations/release-cascade, Release Cascade
- operations/self-healing, Self-Healing Schema
- operations/redis-tuning, Redis Pool Tuning
- operations/meilisearch-warmup, MeiliSearch Warm-Up
- operations/jwt-rotation, JWT Key Rotation
- operations/windows-wsl2-setup, Windows / WSL2 Setup
- operations/gemini-oauth-reauth, Gemini OAuth Reauth
Contributing
Admin
- USER-ACTION-QUEUE, Pending Admin Actions