Hi
I am struggling in finding a good backup strategy to backup our data to a google cloud bucket, that bucket itself used soft delete and object lock, so that data can not be changed/deleted in a specific amount of time.
the problem with that could be, that those policies could cause problems when borg changes/deletes data.
my first idea was mounting the s3 bucket using rclone/fuse. backing up worked well so far. i then started a second vm mounted the volume, fired up the docker containers and tried to restore from the mount. the backup could not be restored.
my second idea was to simply backup the datadir and all volumes with restic. before backing up, i stopped all containers. then on a new instance i moved all the volumes from nextcloud to the right position, also the data volume and tried to start the docker containers using the same command as normally. 4-5 containers could not start app with various errors.
now i am thinking about backing up to a local mnt using nextcloud/borg and then backing up that borg repo with restic to our s3 storage. this however adds doubled encryption (restic does not offer any way to disable encryption).
the benefit with restic is, that it will add all changes into one snapshot. that snapshot does not ever needs to be changed again. if any change to data happens, it will be just in the next snapshot. this allows us to use soft delete and object lock without causing problems when deleting old snapshots, if those policies are applied correctly.
I would be thankful for your opinion or maybe other ideas 
Thanks,
Enrico