faaaf37af7 | ||
---|---|---|
data/borgmatic.d | ||
.gitignore | ||
Dockerfile | ||
README.md | ||
entry.sh |
README.md
Borgmatic Container
Description
A little container I wrote to automate my Borgbackup's using the excellent Borgmatic.
It uses cron to run the backups at a time you can configure in data/borgmatic.d/crontab.txt
.
Usage
To set your backup timing and configuration, you will need to create crontab.txt and your borgmatic config.yaml and mount these files into the /etc/borgmatic.d/
directory. When the container starts it creates the crontab from crontab.txt
and starts crond. By cloning this repo in /opt/docker/
, you will have a working setup to get started.
If using remote repositories mount your .ssh to /root/.ssh within the container
Example run command
docker run \
--detach --name borgmatic \
-v /home:/mnt/source:ro \
-v /opt/docker/docker-borgmatic/data/repository:/mnt/repository \
-v /opt/docker/docker-borgmatic/data/borgmatic.d:/etc/borgmatic.d/ \
-v /opt/docker/docker-borgmatic/data/.config:/root/.config/borg \
-v /opt/docker/docker-borgmatic/data/.ssh:/root/.ssh \
-v /opt/docker/docker-borgmatic/data/.cache:/root/.cache/borg \
-e TZ=Europe/Berlin \
b3vis/borgmatic
While the parameters above are sufficient for regular backups, following additional privileges will be needed to mount an archive as FUSE filesystem:
--cap-add SYS_ADMIN \
--device /dev/fuse \
--security-opt label:disable \
--security-opt apparmor:unconfined
Depending on your security system, --security-opt
parameters may not be neccessary. label:disable
is needed for SELinux, while apparmor:unconfined
is needed for AppArmor.
To init the repo with encryption, run:
docker exec borgmatic \
sh -c "borgmatic --init --encryption repokey-blake2"
Layout
/mnt/source
Your data you wish to backup. For some safety you may want to mount read-only. Borgmatic is running as root so all files can be backed up.
/mnt/repository
Mount your borg backup repository here.
/etc/borgmatic.d
Where you need to create crontab.txt and your borgmatic config.yml
- To generate an example borgmatic configuration, run:
docker exec borgmatic \
sh -c "generate-borgmatic-config -d /etc/borgmatic.d/config.yaml"
- crontab.txt example: In this file set the time you wish for your backups to take place default is 1am every day. In here you can add any other tasks you want ran
0 1 * * * PATH=$PATH:/usr/bin /usr/bin/borgmatic --stats -v 0 2>&1
/root/.config/borg
Here the borg config and keys for keyfile encryption modes are stored. Make sure to backup your keyfiles!
/root/.ssh
Mount either your own .ssh here or create a new one with ssh keys in for your remote repo locations.
/root/.cache/borg
A non volatile place to store the borg chunk cache.
Environment
TZ
You can set TZ to specify a time zone, Europe/Berlin
.