kopia lustrzana https://github.com/modem7/docker-borgmatic
Initial commit - cloned from b3vis/docker-borgmatic
modem7
commit
5d4314ebcb
|
|
@ -0,0 +1,11 @@
|
|||
TZ=Europe/Berlin
|
||||
BORG_PASSPHRASE=ReplaceWithYourSecretPassPhrase
|
||||
VOLUME_SOURCE=/home
|
||||
VOLUME_TARGET=./data/repository
|
||||
VOLUME_ETC_BORGMATIC=./data/borgmatic.d
|
||||
VOLUME_DOT_BORGMATIC=./data/.borgmatic
|
||||
VOLUME_BORG_CONFIG=./data/.config/borg
|
||||
VOLUME_SSH=./data/.ssh
|
||||
VOLUME_BORG_CACHE=./data/.cache/borg
|
||||
# for NTFY flavour only
|
||||
#VOLUME_NTFY=./data/ntfy
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
data/.cache/
|
||||
data/.config/
|
||||
data/.ssh/
|
||||
data/repository/
|
||||
.env
|
||||
|
|
@ -0,0 +1,54 @@
|
|||
FROM alpine:3.13 as builder
|
||||
LABEL mainainer='b3vis'
|
||||
ARG BORG_VERSION=1.1.17
|
||||
ARG BORGMATIC_VERSION=1.5.18
|
||||
ARG LLFUSE_VERSION=1.4.1
|
||||
RUN apk upgrade --no-cache \
|
||||
&& apk add --no-cache \
|
||||
alpine-sdk \
|
||||
python3-dev \
|
||||
py3-pip \
|
||||
openssl-dev \
|
||||
lz4-dev \
|
||||
acl-dev \
|
||||
linux-headers \
|
||||
fuse-dev \
|
||||
attr-dev \
|
||||
py3-wheel \
|
||||
&& pip3 install --upgrade pip \
|
||||
&& pip3 install --upgrade borgbackup==${BORG_VERSION} \
|
||||
&& pip3 install --upgrade borgmatic==${BORGMATIC_VERSION} \
|
||||
&& pip3 install --upgrade llfuse==${LLFUSE_VERSION}
|
||||
|
||||
FROM alpine:3.13
|
||||
LABEL mainainer='b3vis'
|
||||
COPY entry.sh /entry.sh
|
||||
RUN apk upgrade --no-cache \
|
||||
&& apk add --no-cache \
|
||||
tzdata \
|
||||
sshfs \
|
||||
python3 \
|
||||
openssl \
|
||||
fuse \
|
||||
ca-certificates \
|
||||
lz4-libs \
|
||||
libacl \
|
||||
postgresql-client \
|
||||
mariadb-client \
|
||||
curl \
|
||||
&& rm -rf /var/cache/apk/* \
|
||||
&& chmod 755 /entry.sh
|
||||
VOLUME /mnt/source
|
||||
VOLUME /mnt/borg-repository
|
||||
VOLUME /etc/borgmatic.d
|
||||
VOLUME /root/.config/borg
|
||||
VOLUME /root/.ssh
|
||||
VOLUME /root/.cache/borg
|
||||
COPY --from=builder /usr/lib/python3.8/site-packages /usr/lib/python3.8/
|
||||
COPY --from=builder /usr/bin/borg /usr/bin/
|
||||
COPY --from=builder /usr/bin/borgfs /usr/bin/
|
||||
COPY --from=builder /usr/bin/borgmatic /usr/bin/
|
||||
COPY --from=builder /usr/bin/generate-borgmatic-config /usr/bin/
|
||||
COPY --from=builder /usr/bin/upgrade-borgmatic-config /usr/bin/
|
||||
COPY --from=builder /usr/bin/validate-borgmatic-config /usr/bin/
|
||||
CMD ["/entry.sh"]
|
||||
|
|
@ -0,0 +1,88 @@
|
|||
# Borgmatic Container
|
||||
<img src="https://github.com/witten/borgmatic/raw/master/docs/static/borgmatic.png" />
|
||||
|
||||
[](https://microbadger.com/images/b3vis/borgmatic "Get your own image badge on microbadger.com") <img src="https://img.shields.io/docker/pulls/b3vis/borgmatic.svg" />
|
||||
|
||||
### Description
|
||||
|
||||
A little container I wrote to automate my [Borgbackup](https://github.com/borgbackup)'s using the excellent [Borgmatic](https://github.com/witten/borgmatic).
|
||||
|
||||
It uses cron to run the backups at a time you can configure in `data/borgmatic.d/crontab.txt`.
|
||||
|
||||
### Usage
|
||||
|
||||
To set your backup timing and configuration, you will need to create [crontab.txt](data/borgmatic.d/crontab.txt) and your borgmatic [config.yaml](data/borgmatic.d/config.yaml) and mount these files into the `/etc/borgmatic.d/` directory. When the container starts it creates the crontab from `crontab.txt` and starts crond. By cloning this repo in `/opt/docker/`, you will have a working setup to get started.
|
||||
|
||||
If using remote repositories mount your .ssh to /root/.ssh within the container.
|
||||
|
||||
### Example run command
|
||||
```
|
||||
docker run \
|
||||
--detach --name borgmatic \
|
||||
-v /home:/mnt/source:ro \
|
||||
-v /opt/docker/docker-borgmatic/data/repository:/mnt/borg-repository \
|
||||
-v /opt/docker/docker-borgmatic/data/borgmatic.d:/etc/borgmatic.d/ \
|
||||
-v /opt/docker/docker-borgmatic/data/.config/borg:/root/.config/borg \
|
||||
-v /opt/docker/docker-borgmatic/data/.ssh:/root/.ssh \
|
||||
-v /opt/docker/docker-borgmatic/data/.cache/borg:/root/.cache/borg \
|
||||
-e TZ=Europe/Berlin \
|
||||
b3vis/borgmatic
|
||||
```
|
||||
While the parameters above are sufficient for regular backups, following additional privileges will be needed to mount an archive as FUSE filesystem:
|
||||
```
|
||||
--cap-add SYS_ADMIN \
|
||||
--device /dev/fuse \
|
||||
--security-opt label:disable \
|
||||
--security-opt apparmor:unconfined
|
||||
```
|
||||
Depending on your security system, `--security-opt` parameters may not be necessary. `label:disable` is needed for *SELinux*, while `apparmor:unconfined` is needed for *AppArmor*.
|
||||
|
||||
To init the repo with encryption, run:
|
||||
```
|
||||
docker exec borgmatic \
|
||||
sh -c "borgmatic --init --encryption repokey-blake2"
|
||||
```
|
||||
|
||||
### Layout
|
||||
#### /mnt/source
|
||||
Your data you wish to backup. For *some* safety you may want to mount read-only. Borgmatic is running as root so all files can be backed up.
|
||||
#### /mnt/borg-repository
|
||||
Mount your borg backup repository here.
|
||||
#### /etc/borgmatic.d
|
||||
Where you need to create crontab.txt and your borgmatic config.yml
|
||||
- To generate an example borgmatic configuration, run:
|
||||
```
|
||||
docker exec borgmatic \
|
||||
sh -c "cd && generate-borgmatic-config -d /etc/borgmatic.d/config.yaml"
|
||||
```
|
||||
- crontab.txt example: In this file set the time you wish for your backups to take place default is 1am every day. In here you can add any other tasks you want ran
|
||||
```
|
||||
0 1 * * * PATH=$PATH:/usr/bin /usr/bin/borgmatic --stats -v 0 2>&1
|
||||
```
|
||||
#### /root/.borgmatic
|
||||
**Note** this is now redundant and has been deprecated, please remove this from your configs
|
||||
#### /root/.config/borg
|
||||
Here the borg config and keys for keyfile encryption modes are stored. Make sure to backup your keyfiles! Also needed when encryption is set to none.
|
||||
#### /root/.ssh
|
||||
Mount either your own .ssh here or create a new one with ssh keys in for your remote repo locations.
|
||||
#### /root/.cache/borg
|
||||
A non-volatile place to store the borg chunk cache.
|
||||
|
||||
### Environment
|
||||
- Time zone, e.g. `TZ="Europe/Berlin"'`.
|
||||
- SSH parameters, e.g. `BORG_RSH="ssh -i /root/.ssh/id_ed25519 -p 50221"`
|
||||
- BORG_RSH="ssh -i /root/.ssh/id_ed25519 -p 50221"
|
||||
- Repository passphrase, e.g. `BORG_PASSPHRASE="DonNotMissToChangeYourPassphrase"`
|
||||
|
||||
### Docker Compose
|
||||
- Prepare your configuration
|
||||
1. `cp .env.template .env`
|
||||
2. Set your environment and adapt volumes as needed
|
||||
- To start the container for backup: `docker-compose up -d`
|
||||
- For backup restore:
|
||||
1. Stop the backup container: `docker-compose down`
|
||||
2. Run an interactive shell: `docker-compose -f docker-compose.yml -f docker-compose.restore.yml run borgmatic`
|
||||
3. Fuse-mount the backup: `borg mount /mnt/borg-repository <mount_point>`
|
||||
4. Restore your files
|
||||
5. Finally unmount and exit: `borg umount <mount_point> && exit`.
|
||||
- In case Borg fails to create/acquire a lock: `borg break-lock /mnt/repository`
|
||||
|
|
@ -0,0 +1,35 @@
|
|||
location:
|
||||
source_directories:
|
||||
- /mnt/source
|
||||
repositories:
|
||||
- /mnt/borg-repository
|
||||
one_file_system: true
|
||||
|
||||
storage:
|
||||
# Passphase is set in varibable $BORG_PASSPHRASE
|
||||
# encryption_passphrase: "DonNotMissToChangeYourPassphrase"
|
||||
compression: lz4
|
||||
archive_name_format: 'backup-{now}'
|
||||
|
||||
retention:
|
||||
keep_hourly: 2
|
||||
keep_daily: 7
|
||||
keep_weekly: 4
|
||||
keep_monthly: 12
|
||||
keep_yearly: 10
|
||||
prefix: 'backup-'
|
||||
|
||||
consistency:
|
||||
checks:
|
||||
- repository
|
||||
- archives
|
||||
check_last: 3
|
||||
prefix: 'backup-'
|
||||
|
||||
hooks:
|
||||
before_backup:
|
||||
- echo "Starting a backup job."
|
||||
after_backup:
|
||||
- echo "Backup created."
|
||||
on_error:
|
||||
- echo "Error while creating a backup."
|
||||
|
|
@ -0,0 +1 @@
|
|||
0 1 * * * PATH=$PATH:/usr/bin /usr/bin/borgmatic --stats -v 0 2>&1
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
version: '3'
|
||||
services:
|
||||
borgmatic:
|
||||
container_name: borg-restore
|
||||
|
||||
cap_add:
|
||||
- SYS_ADMIN
|
||||
|
||||
security_opt:
|
||||
- apparmor:unconfined
|
||||
- label:disable
|
||||
|
||||
devices:
|
||||
- /dev/fuse:/dev/fuse
|
||||
|
||||
command: /bin/sh
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
version: '3'
|
||||
services:
|
||||
borgmatic:
|
||||
image: b3vis/borgmatic
|
||||
container_name: borgmatic
|
||||
volumes:
|
||||
- ${VOLUME_SOURCE}:/mnt/source:ro # backup source
|
||||
- ${VOLUME_TARGET}:/mnt/borg-repository # backup target
|
||||
- ${VOLUME_ETC_BORGMATIC}:/etc/borgmatic.d/ # borgmatic config file(s) + crontab.txt
|
||||
- ${VOLUME_BORG_CONFIG}:/root/.config/borg # config and keyfiles
|
||||
- ${VOLUME_SSH}:/root/.ssh # ssh key for remote repositories
|
||||
- ${VOLUME_BORG_CACHE}:/root/.cache/borg # checksums used for deduplication
|
||||
environment:
|
||||
- TZ=${TZ}
|
||||
- BORG_PASSPHRASE=${BORG_PASSPHRASE}
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
#!/bin/sh
|
||||
# Import your cron file
|
||||
/usr/bin/crontab /etc/borgmatic.d/crontab.txt
|
||||
# Start cron
|
||||
/usr/sbin/crond -f -L /dev/stdout
|
||||
Ładowanie…
Reference in New Issue