A project backup and archival tool for pullable snapshots, portable archives, encryption, and remote collection.

• Explicit filter control

  Use per-project RSYNC_EXCLUDES or remote job manifests to decide exactly what gets staged, archived, encrypted, or transferred.

• Standard GPG, tar, and rsync core with ergonomic CLI

  Build portable tar archives, encrypt them with GPG, and send them to remote storage with rsync.

• Remote Pull Jobs

  Pull selected files from remote machines by manifest, stage them locally, and archive or encrypt the result.

1. Install

2. ilma --help. All subcommands support --help.

3. Immediate Backup

   By default, ilma will backup the current directory and store a copy as a sibling.

   cd my-project
   ilma -a  # archive
   ls -1 ..
   ..
   ├── my-project
   └── my-project.tar.zst

   Or, you can specify a directory to backup, archive, or encrypt.

   ilma -e ~/Documents/love-letters/
   ls -1 ~/Documents
   ~/Documents
   ├── love-letters
   └── love-letters.tar.zst.gpg

Send encrypted archive to remote server

ilma --encrypt \
     --remote server.local:/storage/backups \
     ~/dissertation

ssh server.local ls /storage/backups
# dissertation.tar.zst.gpg

Config Validation

ilma validate

Project litter review
ilma no longer owns project litter review. This component has been ported to dil, in Python, for disposable artifact detection and deletion.

Clone the repository

git clone https://github.com/brege/ilma
cd ilma
./install

Fedora dependencies

sudo dnf install rsync git zstd bc pv
# compression tools (configure: you only need one)
sudo dnf install zstd gzip bzip2 xz

Debian/Ubuntu dependencies

sudo apt install rsync git zstd bc pv
sudo apt install zstd gzip bzip2 xz-utils

Validate dependencies

ilma validate --dependencies

ilma works out of the box with sensible defaults, but can be customized extensively.

Copy and customize the global config.ini file

cp config.example.ini config.ini

Create .ilma.conf in any project for custom strategies. See dot-ilma.conf.example for a compact example.

cd /path/to/project
ilma                             # Backup current directory
ilma [PROJECT_PATH]              # Backup specified directory
ilma -a --verify                 # Archive and verify contents
ilma -e --verify --remote srv:/dst  # Encrypt, upload, and verify remote hash

After customizing your configuration, you can validate your setup quickly without trial-and-error on your data.

ilma validate                    # Basic configuration validation
ilma validate --full             # Includes remote + dependency checks
ilma validate --remote           # Remote connectivity + manifest linting

Output your current configuration at any time, in or outside of a project.

ilma config [PROJECT_PATH]       # Show resolved configuration

GPG encryption for secure transport to untrusted or exposed storage. Extract and decrypt commands auto-detect compression formats and use chunked processing for efficiency.

ilma extract archive.tar.zst     # Auto-detects compression format
ilma decrypt file.tar.zst.gpg    # Decrypts and decompresses in one pass

ilma is a shell wrapper around common file-handling tools. It is meant to create local or pulled snapshots that can be archived, encrypted, moved, and recovered without needing a custom repository format.

ilma is NOT intended to be a deduplication or synchronization tool. These tools offer better coverage for those tasks:

• Recommended encrypted, deduplicated backups: restic
• Recommended synchronization tool: syncthing

Because ilma is written as a shell wrapper for common file-handling tools, ilma-generated files are recoverable without needing ilma itself. Restic requires restic for recovery. Syncthing is synchronous, and opaque in the only place you get encryption: "untrusted device" mode.

ilma works in addition to restic and syncthing for a complementary purpose. Restic efficiently backs up entire home directories with deduplication and versioning. Syncthing maintains synchronized state across devices. ilma can be used to create encrypted project snapshots for transport to untrusted storage.

Since ilma can push to multiple destinations, additional encrypted archives can be placed in syncthing folders or backed up by restic alongside other data.

Pull from remote machines (NAS, Raspberry Pi, servers) without running an SSH server on your local machine. Job manifests use rsync's filter syntax for selective transfer.

ilma remote pull --job [email protected]

The --job file is a manifest that can be made as exclusive or inclusive as you want. It is better to be as exclusive as you can here. An example:

[job]
id[email protected]
...
[manifest]
+ .          # sync all non-hidden files in /home/admin
- .*         # ignore all hidden files in /home/admin
...
+ .config/** # but DO sync .config/
...
+ .ssh/**    # and sync .ssh/
...

Restic doesn't work in this direction. Most people do not run an SSH server on their laptop, but many do on their NAS. Android phones also have small file count limits, so pure syncs of server material become impractical. ilma's job mode extracts an archive from a collection of remote paths and can zip and encrypt them for agnostic portability.

• Contributing

• Changelog

• Roadmap

GPLv3