remote backups
This commit is contained in:
f
parent
c618a11430
commit
355b5a0029
3 changed files with 37 additions and 13 deletions
14
Dockerfile
14
Dockerfile
|
|
@ -4,12 +4,18 @@ MAINTAINER "f <f@sutty.nl>"
|
||||||
ENV BORG_HOST_ID borg
|
ENV BORG_HOST_ID borg
|
||||||
ENV BORG_PASSPHRASE ""
|
ENV BORG_PASSPHRASE ""
|
||||||
ENV KEEP 30
|
ENV KEEP 30
|
||||||
|
ENV SSH_ALIAS ""
|
||||||
COPY ./monit.conf /etc/monit.d/borg.conf
|
ENV SSH_SERVER ""
|
||||||
COPY ./backup.sh /usr/local/bin/backup
|
ENV SSH_USER root
|
||||||
RUN chmod 755 /usr/local/bin/backup
|
ENV SSH_PORT 22
|
||||||
|
|
||||||
RUN apk add --no-cache borgbackup
|
RUN apk add --no-cache borgbackup
|
||||||
|
|
||||||
|
COPY ./monit.conf /etc/monit.d/borg.conf
|
||||||
|
COPY ./backup.sh /usr/local/bin/backup
|
||||||
|
COPY ./ssh_config /root/.ssh/config
|
||||||
|
RUN chmod 755 /usr/local/bin/backup
|
||||||
|
RUN chmod -R u=rX,g=,o= /root/.ssh
|
||||||
|
|
||||||
VOLUME /srv/data
|
VOLUME /srv/data
|
||||||
VOLUME /srv/backups
|
VOLUME /srv/backups
|
||||||
|
|
|
||||||
29
backup.sh
29
backup.sh
|
|
@ -3,18 +3,29 @@ set -e
|
||||||
|
|
||||||
# Password can't be empty
|
# Password can't be empty
|
||||||
test -n "${BORG_PASSPHRASE}"
|
test -n "${BORG_PASSPHRASE}"
|
||||||
|
test -n "${DEST}"
|
||||||
|
test -n "${SSH_ALIAS}"
|
||||||
|
|
||||||
date="$(date +%F)"
|
DATE="$(date +%F)"
|
||||||
orig=/srv/data
|
ORIG=/srv/data
|
||||||
dest=/srv/backups
|
|
||||||
|
|
||||||
# Let other users have read access, since the backup is encrypted
|
if ! grep -q "${SSH_ALIAS}" /root/.ssh/config ; then
|
||||||
# anyway. This allows for synchronization from other containers.
|
echo "Host ${SSH_ALIAS}" >> /root/.ssh/config
|
||||||
umask 0022
|
echo " Port ${SSH_PORT:-22}" >> /root/.ssh/config
|
||||||
|
echo " HostName ${SSH_SERVER:-${SSH_ALIAS}}" >> /root/.ssh/config
|
||||||
|
echo " User ${SSH_USER:-root}" >> /root/.ssh/config
|
||||||
|
echo " IdentityFile ${ORIG}/id_ed25519" >> /root/.ssh/config
|
||||||
|
fi
|
||||||
|
|
||||||
test -f "${dest}/config" || borg init --encryption=repokey "${dest}"
|
ssh -fN ${SSH_ALIAS}
|
||||||
|
|
||||||
borg create -v --stats "${dest}::${date}" "${orig}"
|
for signal in TERM QUIT HUP EXIT INT KILL; do
|
||||||
borg prune -v --stats --keep-daily ${KEEP} "${dest}"
|
trap "ssh -O exit \"${SSH_ALIAS}\"" ${signal}
|
||||||
|
done
|
||||||
|
|
||||||
|
# It'll fail the second time
|
||||||
|
borg init --encryption=repokey "${SSH_ALIAS}:${DEST}" || :
|
||||||
|
borg create -v --stats "${SSH_ALIAS}:${DEST}::${DATE}" "${ORIG}"
|
||||||
|
borg prune -v --stats --keep-daily ${KEEP} "${SSH_ALIAS}:${DEST}"
|
||||||
|
|
||||||
exit $?
|
exit $?
|
||||||
|
|
|
||||||
7
ssh_config
Normal file
7
ssh_config
Normal file
|
|
@ -0,0 +1,7 @@
|
||||||
|
Host *
|
||||||
|
Protocol 2
|
||||||
|
ControlMaster auto
|
||||||
|
ControlPath /tmp/ssh-%r@%h:%p
|
||||||
|
VerifyHostKeyDNS yes
|
||||||
|
HashKnownHosts yes
|
||||||
|
StrictHostKeyChecking ask
|
||||||
Loading…
Reference in a new issue