Backup & Restore
Daily Backup
Section titled “Daily Backup”Runs automatically at 4:15am via cron.
# Manual runbash ~/Backups/sanctum-backup.shWhat Gets Backed Up
Section titled “What Gets Backed Up”- OpenClaw config (
~/.openclaw/) - Sanctum config (
~/.sanctum/) - All LaunchAgent plists
- SSH keys and config
- 6 project directories
- TTS models and voice files
- Crontab, Homebrew package lists
- Docker container state and tool versions
Backup Location
Section titled “Backup Location”iCloud/Backups/daily/YYYY-MM-DD/mac/7-day retention (older backups auto-pruned).
Encryption
Section titled “Encryption”Sensitive files (SSH keys, secrets) are encrypted with AES-256-CBC using a key stored in macOS Keychain (sanctum-backup).
VM Snapshot
Section titled “VM Snapshot”Weekly automated snapshot (Sundays 3am):
bash ~/Backups/vm-snapshot.shCreates compressed copies of the VM disk image and EFI vars:
iCloud/Backups/VM/qcow2.zstiCloud/Backups/VM/efi_vars.fd.zst
Uses live copy (no VM suspend) with SSH sync before snapshot.
Restore
Section titled “Restore”7-phase process:
- Homebrew — Restore package list,
brew install - Dotfiles & SSH — Restore keys, shell config
- App configs — OpenClaw, Sanctum, HA
- Projects — Restore git repos
- Ollama — Re-pull models (not backed up due to size)
- Docker — Restore container configs
- LaunchAgents — Restore plists, bootstrap services
bash ~/Backups/sanctum-restore.shBackup Scripts
Section titled “Backup Scripts”| Script | Purpose |
|---|---|
sanctum-backup.sh | Full daily Mac backup |
sanctum-restore.sh | Multi-phase restore |
vm-snapshot.sh | Weekly VM disk snapshot |
rotate-secrets.sh | Monthly secret rotation |