mirror
/
docker-borgmatic
kopia lustrzana https://github.com/borgmatic-collective/docker-borgmatic
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

Add Docker Secrets support

pull/275/head
Jonathan Starck 2023-10-22 22:22:40 +02:00
rodzic d4529e6313
commit 4946e80f51
2 zmienionych plików z 51 dodań i 1 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

8
README.md
Wyświetl plik

@ -83,7 +83,13 @@ You can also provide your own crontab file. If `data/borgmatic.d/crontab.txt` ex
0 1 * * * PATH=$PATH:/usr/bin /usr/bin/borgmatic --stats -v 0 2>&1
```
Beside that, you can also pass any environment variable that is supported by borgmatic. See documentation for [borgmatic](https://torsion.org/borgmatic/) and [Borg](https://borgbackup.readthedocs.io/) and for a list of supported variables.
Beside that, you can also pass any environment variable that is supported by borgmatic. See documentation for [borgmatic](https://torsion.org/borgmatic/) and [Borg](https://borgbackup.readthedocs.io/) and for a list of supported variables.
### Using Secrets (Optional)
You also have the option to use Docker Secrets for more sensitive information. This is not mandatory, but it adds an extra layer of security. **Note that this feature is only applicable to environment variables starting with `BORG`.**
For every environment variable like `BORG_PASSPHRASE`, you can create a corresponding secret file, named as `BORG_PASSPHRASE_FILE`. Place the content of the secret inside this file. The startup script will automatically look for corresponding `_FILE` secrets if the environment variables are not set and load them.
## Other usage methods

44
entry.sh
Wyświetl plik

@ -13,6 +13,50 @@ echo borgmatic $borgmaticver
echo $borgver
echo apprise $apprisever
# Uncomment the following lines for debugging to display the initial values of BORG_PASSPHRASE and BORG_PASSPHRASE_FILE.
# echo "Before: BORG_PASSPHRASE: ${BORG_PASSPHRASE}"
# echo "Before: BORG_PASSPHRASE_FILE: ${BORG_PASSPHRASE_FILE}"
# Iterate through all environment variables with the prefix 'BORG'.
for var_name in $(set | grep '^BORG' | awk -F= '{print $1}'); do
# Retrieve the current value of the environment variable in question.
var_value=$(eval echo \$$var_name)
# Check if the variable name ends with the suffix '_FILE'.
if [[ "$var_name" =~ _FILE$ ]]; then
# Remove the '_FILE' suffix to derive the name of the corresponding "non-FILE" variable.
original_var_name=${var_name%_FILE}
# Check if the original (non-FILE) environment variable is already set and capture its value.
original_var_value=$(eval echo \$$original_var_name)
# Verify that the *_FILE variable is set, that the file it points to exists, and that the file is not empty.
if [ -n "$var_value" ] && [ -s "$var_value" ]; then
# Notify the user if the original (non-FILE) variable is being overwritten.
if [ -n "$original_var_value" ]; then
echo "Note: $original_var_name was already set but is being overwritten by $var_name"
fi
# Read the file content and store it in the original (non-FILE) environment variable.
export "$original_var_name"=$(cat "$var_value")
echo "Setting $original_var_name from the content of $var_value"
# Remove the original *_FILE environment variable
unset "$var_name"
echo "Unsetting $var_name"
else
# Issue an error message if the file does not exist or is empty.
echo "Error: File $var_value does not exist or is empty."
fi
fi
done
# Uncomment the following lines for debugging to display the final values of BORG_PASSPHRASE and BORG_PASSPHRASE_FILE.
# echo "After: BORG_PASSPHRASE: ${BORG_PASSPHRASE}"
# echo "After: BORG_PASSPHRASE_FILE: ${BORG_PASSPHRASE_FILE}"
# exit 1
if [ $# -eq 0 ]; then
# Allow setting of custom crontab, so check if crontab file exists