Add S6 support

Add S6 support
Make sure SIGTERM is handled
Add some config examples

updated dockercli image

.drone.yml

@@ -13,7 +13,6 @@ steps:
   image: hadolint/hadolint:latest-alpine
   pull: if-not-exists
   commands:
-    - hadolint --version
     - hadolint base-fullbuild/Dockerfile*
 
 - name: FullBuild

.hadolint.yaml

@@ -2,4 +2,5 @@ override:
   style:
     - DL3013
     - DL3018
-    - DL3042
+    - DL3042
+    - DL3006

base-dockercli/Dockerfile

@@ -2,8 +2,9 @@
 
 FROM modem7/borgmatic-docker:latest
 
-COPY --chmod=755 --link entry.sh /
+COPY --link root/ /
+
 RUN apk add --update --no-cache \
     docker-cli
 
-CMD ["/entry.sh"]
+ENTRYPOINT [ "/init" ]

base-dockercli/root/etc/s6-overlay/s6-rc.d/svc-cron/finish

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+if test "$1" -eq 256 ; then
+  e=$((128 + $2))
+else
+  e="$1"
+fi
+
+echo "$e" > /run/s6-linux-init-container-results/exitcode

base-dockercli/root/etc/s6-overlay/s6-rc.d/svc-cron/run

@@ -0,0 +1,56 @@
+#!/usr/bin/with-contenv bash
+
+# Version variables
+dockerver=$(docker --version | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+')
+borgver=$(borg --version)
+borgmaticver=$(borgmatic --version)
+apprisever=$(apprise --version | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+')
+pythonver=$(python3 --version | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+')
+
+# Software versions
+echo "Software Versions:
+-----------------------------------
+docker $dockerver
+borgmatic $borgmaticver
+$borgver
+apprise $apprisever
+python $pythonver
+-----------------------------------
+Time Zone: $TZ
+-----------------------------------
+"
+
+# Disable cron if it's set to disabled.
+if [[ "$CRON" =~ ^(false|disabled|off)$ ]]; then
+    echo "Disabling cron, removing configuration"
+    # crontab -r # quite destructive
+    # echo -n > /etc/crontabs/root # Empty config, doesn't look as nice with "crontab -l"
+    echo "# Cron disabled" > /etc/crontabs/root
+    echo "Cron is now disabled"
+# Apply default or custom cron if $CRON is unset or set (not null):
+elif [[ -v CRON ]]; then
+    CRON="${CRON:-"0 1 * * *"}"
+    CRON_COMMAND="${CRON_COMMAND:-"borgmatic --stats -v 0 2>&1"}"
+    echo "$CRON $CRON_COMMAND" > /etc/crontabs/root
+    echo "Applying custom cron"
+# If nothing is set, revert to default behaviour
+else
+    echo "Applying crontab.txt"
+    crontab /etc/borgmatic.d/crontab.txt
+fi
+
+# Apply extra cron if it's set
+if [ -v EXTRA_CRON ]
+then
+    echo "$EXTRA_CRON" >> /etc/crontabs/root
+fi
+
+# Current crontab var
+crontab=$(crontab -l)
+
+# Output cron settings to console
+printf "Cron job set as: \n$crontab\n"
+
+# Start Cron
+# exec supercronic -passthrough-logs /etc/crontabs/root
+exec /usr/sbin/crond -f -L /dev/stdout

base-dockercli/root/etc/s6-overlay/s6-rc.d/svc-cron/type

@@ -0,0 +1 @@
+longrun

base-fullbuild/Dockerfile

@@ -1,48 +1,81 @@
 # syntax = docker/dockerfile:latest
 
-FROM python:3.11.5-alpine3.18
-LABEL mainainer='modem7'
-VOLUME /mnt/source
-VOLUME /mnt/borg-repository
-VOLUME /root/.borgmatic
-VOLUME /etc/borgmatic.d
-VOLUME /root/.config/borg
-VOLUME /root/.ssh
-VOLUME /root/.cache/borg
-HEALTHCHECK --interval=30s --timeout=10s --start-period=20s --retries=3 CMD borgmatic --version || exit 1
+FROM python:3.11.4-alpine3.18 as base
+ARG TARGETARCH
+
+LABEL maintainer='modem7'
+
+FROM base AS base-amd64
+ENV S6_OVERLAY_ARCH=x86_64
+
+FROM base AS base-arm64
+ENV S6_OVERLAY_ARCH=aarch64
+
+FROM base-${TARGETARCH}${TARGETVARIANT}
+
+ARG S6_OVERLAY_VERSION=3.1.5.0
+
+# Add S6 Overlay
+ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-${S6_OVERLAY_ARCH}.tar.xz /tmp/s6-overlay.tar.xz
+ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz /tmp
+
+# Add S6 optional symlinks
+ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-symlinks-noarch.tar.xz /tmp
+ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-symlinks-arch.tar.xz /tmp
+
+ENV LANG='en_US.UTF-8'                   \
+    LANGUAGE='en_US.UTF-8'               \
+    TERM='xterm'                         \
+    S6_LOGGING="1"                         \
+    S6_VERBOSITY="0"                     \
+    S6_CMD_WAIT_FOR_SERVICES_MAXTIME="0" \
+    TZ="Europe/London"
+
 RUN <<EOF
     set -x
-    apk add --no-cache -U \
-        bash \
-        bash-completion \
-        bash-doc \
-        ca-certificates \
-        curl \
-        findmnt \
-        fuse \
-        libacl \
-        libxxhash \
-        logrotate \
-        lz4-libs \
-        mariadb-client \
+    apk upgrade --update --no-cache
+    tar -C / -Jxpf /tmp/s6-overlay.tar.xz
+    tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz
+    tar -C / -Jxpf /tmp/s6-overlay-symlinks-noarch.tar.xz
+    tar -C / -Jxpf /tmp/s6-overlay-symlinks-arch.tar.xz
+
+    apk add --no-cache -U   \
+        bash                \
+        bash-completion     \
+        bash-doc            \
+        ca-certificates     \
+        curl                \
+        findmnt             \
+        fuse                \
+        libacl              \
+        libxxhash           \
+        logrotate           \
+        lz4-libs            \
+        mariadb-client      \
         mariadb-connector-c \
-        mongodb-tools \
-        openssl1.1-compat \
-        postgresql-client \
-        sshfs \
-        sqlite \
+        mongodb-tools       \
+        openssl1.1-compat   \
+        postgresql-client   \
+        sshfs               \
+        sqlite              \
         tzdata
     apk upgrade --no-cache
 EOF
 
 COPY --link requirements.txt /
-COPY --chmod=755 --link entry.sh /
 
-RUN --mount=type=cache,id=pip,target=/root/.cache,sharing=locked python3 -m pip install -Ur requirements.txt
+RUN --mount=type=cache,id=pip,target=/root/.cache,sharing=locked python3 -m pip install --upgrade pip && python3 -m pip install -Ur requirements.txt
 RUN <<EOF
     set -x
-    borgmatic --bash-completion > /usr/share/bash-completion/completions/borgmatic
-    echo "source /etc/profile.d/bash_completion.sh" > /root/.bashrc
+    borgmatic --bash-completion > "$(pkg-config --variable=completionsdir bash-completion)"/borgmatic
 EOF
 
-CMD ["/entry.sh"]
+COPY --link root/ /
+
+VOLUME /root/.borgmatic
+VOLUME /root/.config/borg
+VOLUME /root/.cache/borg
+
+HEALTHCHECK --interval=30s --timeout=10s --start-period=20s --retries=3 CMD borgmatic --version || exit 1
+
+ENTRYPOINT [ "/init" ]

base-fullbuild/data/borgmatic.d/after-backup.example

@@ -0,0 +1,25 @@
+#shellcheck shell=sh
+#!/usr/bin/with-contenv sh
+
+timestamp() {
+  date -I'seconds' # ISO-8601 format
+}
+
+cleanup() {
+  rm -rf /backup.tar.gz
+}
+
+last_backup_info() {
+  export BORG_REMOTE_PATH=borg1
+  export BORG_PASSCOMMAND='cat /borgmatic/passphrase'
+  export BORG_CACHE_DIR='/cache'
+  # vars will be replaced by Ansible's templating engine
+  # shellcheck disable=SC1083
+  last_backup_name="$(borg list --short --last 1 user@borg.example.com:myborgrepo)"
+
+  borg info "user@borg.example.com:myborgrepo::${last_backup_name}"
+}
+
+echo "$(timestamp) - Backup completed"
+last_backup_info
+cleanup

base-fullbuild/data/borgmatic.d/before-backup.example

@@ -0,0 +1,15 @@
+# shellcheck shell=sh
+#!/usr/bin/with-contenv sh
+
+timestamp() {
+  date -I'seconds' # ISO-8601 format
+}
+
+# Any steps necessary to prepare the backup (stopping the service/taking
+# a snapshot...
+do_something() {
+  echo 'Doing something'
+}
+
+echo "$(timestamp) - Starting backup"
+do_something

base-fullbuild/data/borgmatic.d/config.full.yaml.example

@@ -0,0 +1,168 @@
+# Where to look for files to backup, and where to store those backups. See
+# https://borgbackup.readthedocs.io/en/stable/quickstart.html and
+# https://borgbackup.readthedocs.io/en/stable/usage.html#borg-create for details.
+location:
+    # List of source directories to backup (required). Globs and tildes are expanded.
+    source_directories:
+        - /home
+        - /etc
+        - /var/log/syslog*
+
+    # Stay in same file system (do not cross mount points).
+    one_file_system: true
+
+    # Mode in which to operate the files cache. See
+    # https://borgbackup.readthedocs.io/en/stable/usage/create.html#description for
+    # details.
+    files_cache: ctime,size,inode
+
+    # Alternate Borg local executable. Defaults to "borg".
+    local_path: borg1
+
+    # Alternate Borg remote executable. Defaults to "borg".
+    remote_path: borg1
+
+    # Paths to local or remote repositories (required). Tildes are expanded. Multiple
+    # repositories are backed up to in sequence. See ssh_command for SSH options like
+    # identity file or port.
+    repositories:
+        - user@backupserver:sourcehostname.borg
+
+    # Any paths matching these patterns are included/excluded from backups. Globs are
+    # expanded. (Tildes are not.) Note that Borg considers this option experimental.
+    # See the output of "borg help patterns" for more details. Quote any value if it
+    # contains leading punctuation, so it parses correctly.
+    patterns:
+        - R /
+        - '- /home/*/.cache'
+        - + /home/susan
+        - '- /home/*'
+
+    # Read include/exclude patterns from one or more separate named files, one pattern
+    # per line. Note that Borg considers this option experimental. See the output of
+    # "borg help patterns" for more details.
+    patterns_from:
+        - /etc/borgmatic/patterns
+
+    # Any paths matching these patterns are excluded from backups. Globs and tildes
+    # are expanded. See the output of "borg help patterns" for more details.
+    exclude_patterns:
+        - '*.pyc'
+        - ~/*/.cache
+        - /etc/ssl
+
+    # Read exclude patterns from one or more separate named files, one pattern per
+    # line. See the output of "borg help patterns" for more details.
+    exclude_from:
+        - /etc/borgmatic/excludes
+
+    # Exclude directories that contain a CACHEDIR.TAG file. See
+    # http://www.brynosaurus.com/cachedir/spec.html for details.
+    exclude_caches: true
+
+    # Exclude directories that contain a file with the given filename.
+    exclude_if_present: .nobackup
+
+# Repository storage options. See
+# https://borgbackup.readthedocs.io/en/stable/usage.html#borg-create and
+# https://borgbackup.readthedocs.io/en/stable/usage/general.html#environment-variables for
+# details.
+storage:
+    # The standard output of this command is used to unlock the encryption key. Only
+    # use on repositories that were initialized with passcommand/repokey encryption.
+    # Note that if both encryption_passcommand and encryption_passphrase are set,
+    # then encryption_passphrase takes precedence.
+    encryption_passcommand: secret-tool lookup borg-repository repo-name
+
+    # Passphrase to unlock the encryption key with. Only use on repositories that were
+    # initialized with passphrase/repokey encryption. Quote the value if it contains
+    # punctuation, so it parses correctly. And backslash any quote or backslash
+    # literals as well.
+    encryption_passphrase: "!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~"
+
+    # Type of compression to use when creating archives. See
+    # https://borgbackup.readthedocs.org/en/stable/usage.html#borg-create for details.
+    # Defaults to no compression.
+    compression: lz4
+
+    # Remote network upload rate limit in kiBytes/second.
+    remote_rate_limit: 100
+
+    # Command to use instead of just "ssh". This can be used to specify ssh options.
+    ssh_command: ssh -i /path/to/private/key
+
+    # Umask to be used for borg create.
+    umask: 0077
+
+    # Maximum seconds to wait for acquiring a repository/cache lock.
+    lock_wait: 5
+
+    # Name of the archive. Borg placeholders can be used. See the output of
+    # "borg help placeholders" for details. Default is
+    # "{hostname}-{now:%Y-%m-%dT%H:%M:%S.%f}". If you specify this option, you must
+    # also specify a prefix in the retention section to avoid accidental pruning of
+    # archives with a different archive name format.
+    archive_name_format: '{hostname}-documents-{now}'
+
+# Retention policy for how many backups to keep in each category. See
+# https://borgbackup.readthedocs.org/en/stable/usage.html#borg-prune for details.
+# At least one of the "keep" options is required for pruning to work.
+retention:
+    # Keep all archives within this time interval.
+    keep_within: 3H
+
+    # Number of minutely archives to keep.
+    keep_minutely: 60
+
+    # Number of hourly archives to keep.
+    keep_hourly: 24
+
+    # Number of daily archives to keep.
+    keep_daily: 7
+
+    # Number of weekly archives to keep.
+    keep_weekly: 4
+
+    # Number of monthly archives to keep.
+    keep_monthly: 6
+
+    # Number of yearly archives to keep.
+    keep_yearly: 1
+
+    # When pruning, only consider archive names starting with this prefix.
+    # Borg placeholders can be used. See the output of "borg help placeholders" for
+    # details. Default is "{hostname}-".
+    prefix: sourcehostname
+
+# Consistency checks to run after backups. See
+# https://borgbackup.readthedocs.org/en/stable/usage.html#borg-check and
+# https://borgbackup.readthedocs.org/en/stable/usage.html#borg-extract for details.
+consistency:
+    # List of one or more consistency checks to run: "repository", "archives", and/or
+    # "extract". Defaults to "repository" and "archives". Set to "disabled" to disable
+    # all consistency checks. "repository" checks the consistency of the repository,
+    # "archive" checks all of the archives, and "extract" does an extraction dry-run
+    # of just the most recent archive.
+    checks:
+        - repository
+        - archives
+
+    # Restrict the number of checked archives to the last n. Applies only to the "archives" check.
+    check_last: 3
+
+# Shell commands or scripts to execute before and after a backup or if an error has occurred.
+# IMPORTANT: All provided commands and scripts are executed with user permissions of borgmatic.
+# Do not forget to set secure permissions on this file as well as on any script listed (chmod 0700) to
+# prevent potential shell injection or privilege escalation.
+hooks:
+    # List of one or more shell commands or scripts to execute before creating a backup.
+    before_backup:
+        - echo "`date` - Starting a backup job."
+
+    # List of one or more shell commands or scripts to execute after creating a backup.
+    after_backup:
+        - echo "`date` - Backup created."
+
+    # List of one or more shell commands or scripts to execute in case an exception has occurred.
+    on_error:
+        - echo "`date` - Error while creating a backup."

base-fullbuild/data/borgmatic.d/config.yaml.example

@@ -0,0 +1,40 @@
+---
+# see https://torsion.org/borgmatic/ for more info on this file
+location:
+  source_directories:
+    - /backup.tar.gz
+  files_cache: ctime,size,inode
+  remote_path: borg1
+  repositories:
+    - user@borg.example.com:myborgrepo
+  exclude_caches: true
+
+storage:
+  encryption_passcommand: cat /borgmatic/passphrase
+  compression: auto,lz4
+  umask: 0077
+  lock_wait: 5
+  archive_name_format: 'myservice-{now}'
+
+retention:
+  keep_within: 3H
+  keep_hourly: 24
+  keep_daily: 7
+  keep_weekly: 4
+  keep_monthly: 6
+  keep_yearly: 1
+  prefix: 'myservice-'
+
+consistency:
+  checks:
+    - repository
+    - archives
+  check_last: 3
+
+hooks:
+  before_backup:
+    - /borgmatic/before-backup
+  after_backup:
+    - /borgmatic/after-backup
+  on_error:
+    - /borgmatic/failed-backup

base-fullbuild/data/borgmatic.d/failed-backup.example

@@ -0,0 +1,14 @@
+# shellcheck shell=sh
+#!/usr/bin/with-contenv sh
+
+timestamp() {
+  date -I'seconds' # ISO-8601 format
+}
+
+# things to when the backup has failed
+notify_admin() {
+  echo 'the backup has failed'
+}
+
+echo "$(timestamp) - Backup failed"
+notify_admin

base-fullbuild/root/etc/s6-overlay/s6-rc.d/svc-cron/finish

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+if test "$1" -eq 256 ; then
+  e=$((128 + $2))
+else
+  e="$1"
+fi
+
+echo "$e" > /run/s6-linux-init-container-results/exitcode

base-fullbuild/root/etc/s6-overlay/s6-rc.d/svc-cron/run

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/with-contenv bash
 
 # Version variables
 borgver=$(borg --version)
@@ -7,10 +7,16 @@ apprisever=$(apprise --version | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+')
 pythonver=$(python3 --version | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+')
 
 # Software versions
-echo borgmatic $borgmaticver
-echo $borgver
-echo apprise $apprisever
-echo python $pythonver
+echo "Software Versions:
+-----------------------------------
+borgmatic $borgmaticver
+$borgver
+apprise $apprisever
+python $pythonver
+-----------------------------------
+Time Zone: $TZ
+-----------------------------------
+"
 
 # Disable cron if it's set to disabled.
 if [[ "$CRON" =~ ^(false|disabled|off)$ ]]; then
@@ -44,4 +50,5 @@ crontab=$(crontab -l)
 printf "Cron job set as: \n$crontab\n"
 
 # Start Cron
-crond -f -L /dev/stdout
+# exec supercronic -passthrough-logs /etc/crontabs/root
+exec /usr/sbin/crond -f -L /dev/stdout

base-fullbuild/root/etc/s6-overlay/s6-rc.d/svc-cron/type

@@ -0,0 +1 @@
+longrun