1bdaa7b93e | ||
---|---|---|
data/borgmatic.d | ||
.env.template | ||
.gitignore | ||
Dockerfile | ||
README.md | ||
docker-compose.restore.yml | ||
docker-compose.yml | ||
entry.sh |
README.md
Borgmatic Container
Description
A little container I wrote to automate my Borgbackup's using the excellent Borgmatic.
It uses cron to run the backups at a time you can configure in data/borgmatic.d/crontab.txt
.
Usage
To set your backup timing and configuration, you will need to create crontab.txt and your borgmatic config.yaml and mount these files into the /etc/borgmatic.d/
directory. When the container starts it creates the crontab from crontab.txt
and starts crond. By cloning this repo in /opt/docker/
, you will have a working setup to get started.
If using remote repositories mount your .ssh to /root/.ssh within the container.
If you want to mail the results from cron:
- Add your mail relay details to the env file or mount your own [msmtprc](https://wiki.alpinelinux.org/wiki/Relay_email_to_gmail_(msmtp,_mailx,_sendmail) to
/etc/msmtprc
- Add add your mail address to crontag.txt and uncomment the line, e.g.
MAILTO=log@example.com
Example run command
docker run \
--detach --name borgmatic \
-v /home:/mnt/source:ro \
-v /opt/docker/docker-borgmatic/data/repository:/mnt/borg-repository \
-v /opt/docker/docker-borgmatic/data/borgmatic.d:/etc/borgmatic.d/ \
-v /opt/docker/docker-borgmatic/data/.borgmatic:/root/.borgmatic \
-v /opt/docker/docker-borgmatic/data/.config/borg:/root/.config/borg \
-v /opt/docker/docker-borgmatic/data/.ssh:/root/.ssh \
-v /opt/docker/docker-borgmatic/data/.cache/borg:/root/.cache/borg \
-e TZ=Europe/Berlin \
b3vis/borgmatic
While the parameters above are sufficient for regular backups, following additional privileges will be needed to mount an archive as FUSE filesystem:
--cap-add SYS_ADMIN \
--device /dev/fuse \
--security-opt label:disable \
--security-opt apparmor:unconfined
Depending on your security system, --security-opt
parameters may not be neccessary. label:disable
is needed for SELinux, while apparmor:unconfined
is needed for AppArmor.
To init the repo with encryption, run:
docker exec borgmatic \
sh -c "borgmatic --init --encryption repokey-blake2"
Layout
/mnt/source
Your data you wish to backup. For some safety you may want to mount read-only. Borgmatic is running as root so all files can be backed up.
/mnt/borg-repository
Mount your borg backup repository here.
/etc/borgmatic.d
Where you need to create crontab.txt and your borgmatic config.yml
- To generate an example borgmatic configuration, run:
docker exec borgmatic \
sh -c "cd && generate-borgmatic-config -d /etc/borgmatic.d/config.yaml"
- crontab.txt example: In this file set the time you wish for your backups to take place default is 1am every day. In here you can add any other tasks you want ran
0 1 * * * PATH=$PATH:/usr/bin /usr/bin/borgmatic --stats -v 0 2>&1
/root/.borgmatic
A non-volatile path for borgmatic to store database dumps. Only needed if you are using that feature.
/root/.config/borg
Here the borg config and keys for keyfile encryption modes are stored. Make sure to backup your keyfiles! Also needed when encryption is set to none.
/root/.ssh
Mount either your own .ssh here or create a new one with ssh keys in for your remote repo locations.
/root/.cache/borg
A non-volatile place to store the borg chunk cache.
Environment
-
Time zone, e.g.
TZ="Europe/Berlin"'
. -
SSH parameters, e.g.
BORG_RSH="ssh -i /root/.ssh/id_ed25519 -p 50221"
-
BORG_RSH="ssh -i /root/.ssh/id_ed25519 -p 50221"
-
Repository passphrase, e.g.
BORG_PASSPHRASE="DonNotMissToChangeYourPassphrase"
-
Your mail relay host
MAIL_RELAY_HOST=mail.example.com
-
Port of your mail relay
MAIL_PORT=587
-
Username used to log in into your relay service
MAIL_USER=borgmatic_log@example.com
-
Password for relay login
MAIL_PASSWORD=SuperS3cretMailPw
-
From part in your log mail
MAIL_FROM=borgmatic
Docker Compose
- Prepare your configuration
cp .env.template .env
- Set your environment and adapt volumes as needed
- To start the container for backup:
docker-compose up -d
- For backup restore:
- Stop the backup container:
docker-compose down
- Run an interactive shell:
docker-compose -f docker-compose.yml -f docker-compose.restore.yml run borgmatic
- Fuse-mount the backup:
borg mount /mnt/borg-repository <mount_point>
- Restore your files
- Finally unmount and exit:
borg umount <mount_point> && exit
.
- Stop the backup container:
- In case Borg fails to create/acquire a lock:
borg break-lock /mnt/repository