Back to Portfolio
FEATURED

zt-backup-kit (formerly Backup Automation v1.5)

Role Author & Maintainer
Client Open Source / Personal Research
Launched Apr 2026
Bash, Restic, rclone, GPG, msmtp, Linux, GitHub Actions, ShellCheck, Zenodo, Google Cloud OAuth
zt-backup-kit (formerly Backup Automation v1.5)

A practical, opinionated wrapper around Restic that turns “I should set up backups” into a one-evening project — with a documented recovery process you can actually use under pressure.

This project grew out of my research on ransomware resilience in Linux NAS environments. It is the practical tool that any sysadmin can deploy in an evening, building on principles discussed in academic literature on Zero-Trust Data Resilience.

What it does

zt-backup-kit ships three coordinated tools:

  • backup.sh — automated daily backup with multi-target support (Google Drive, S3, Backblaze B2, NAS, SFTP, local), AES-256 encryption, content-defined deduplication, retention policies, and styled HTML email reports.
  • restore.sh — interactive restore tool with full / partial / mount / list modes. Safe by default — never overwrites originals unless explicitly asked.
  • emergency-restore.sh — bootstrap recovery on any clean Linux/macOS/WSL machine, for when the server is destroyed and you’re recovering on a borrowed laptop.

Why it exists

Most “backup scripts” stop at “the data is somewhere off-site.” That’s only half the problem. The other half is getting it back, fast, under stress, possibly on a different machine, possibly without the original admin around. zt-backup-kit is opinionated about treating recovery as a first-class concern, not an afterthought.

What’s notable

  • Granular Restic exit-code handling — distinguishes “fully successful” from “succeeded with some files skipped” from real failures, instead of flattening everything into binary success/failure.
  • Cron-safe by design — hardened PATH handling, flock-based concurrency protection, no interactive prompts in the automated path, tested under real cron environments.
  • Documented disaster recovery runbook — printable PDF with three recovery scenarios (single file, full server rebuild, emergency self-service), including a printed paper credentials envelope procedure.
  • Sensible default exclusions — shell history, caches, logs, build artifacts skipped automatically.

Recognition

  • Permanent DOI on Zenodo: 10.5281/zenodo.19849290
  • MIT licensed, public on GitHub
  • GitHub Actions CI: ShellCheck linting + roundtrip backup/restore smoke test

This project is informed by my published research on backup architectures and ransomware resilience. See:

Gomas, A.S.D., & Rathnayake, R.M.N.B. (2026). *Optimizing Recovery Objectives (RTO & RPO) in Secure Linux NAS Environments: A Design Science Approach to Ransomware Resilience.* Asian Journal of Social Science and Management Technology, 8(1), 82–94.

Status

Active — v0.1.0 released April 2026. Roadmap includes pull-mode setup scripts, Healthchecks.io integration, and additional cloud backend documentation.

Source Code View Live