Install
The agent installs as a systemd-managed package on a small Linux
VM. One signed apt or dnf repo, one curl | sudo bash,
one auth key, done.
Recommended: apt or dnf on a mini VM
A fresh dedicated Linux VM, one curl | sudo bash
that adds the Restorable repo and installs the signed package,
an auth key, done. This is the path the
quickstart walks through.
Launch matrix:
- Ubuntu 22.04 LTS (jammy), 24.04 LTS (noble)
- Debian 12 (bookworm)
- RHEL / Rocky / AlmaLinux / CentOS Stream 9
- Amazon Linux 2023
Why a dedicated VM
The agent holds long-lived keys. The files in
/var/lib/restorable/ are the one thing that only you
have. Lose them and past receipts become unverifiable, past
backups undecryptable. See
Backing up the
state dir.
A dedicated VM with a distro-packaged service is the most boring,
most-examined persistence pattern for a small long-lived service.
The package sets file permissions, service hardening, and user
lifecycle the way we want them set. Your security team already
trusts apt / dnf; there's no bespoke
trust path to audit.
What you need
Outbound HTTPS to the orchestrator, a container runtime (Podman or Docker) for restore-test scratch, and enough disk for the toolchain images. See Prerequisites for the full list.
Other shapes
- Manual. Raw-binary install for distros outside the launch matrix (Fedora, SUSE, Alpine, Arch, older enterprise Linux). Signed with minisign instead of GPG, managed by hand.
- Airgapped or cron. The agent running without a live orchestrator connection, scheduled by your crontab.