remote backups

This commit is contained in:
f 2020-09-03 12:43:52 -03:00
parent c618a11430
commit 355b5a0029
3 changed files with 37 additions and 13 deletions

View file

@ -4,12 +4,18 @@ MAINTAINER "f <f@sutty.nl>"
ENV BORG_HOST_ID borg
ENV BORG_PASSPHRASE ""
ENV KEEP 30
COPY ./monit.conf /etc/monit.d/borg.conf
COPY ./backup.sh /usr/local/bin/backup
RUN chmod 755 /usr/local/bin/backup
ENV SSH_ALIAS ""
ENV SSH_SERVER ""
ENV SSH_USER root
ENV SSH_PORT 22
RUN apk add --no-cache borgbackup
COPY ./monit.conf /etc/monit.d/borg.conf
COPY ./backup.sh /usr/local/bin/backup
COPY ./ssh_config /root/.ssh/config
RUN chmod 755 /usr/local/bin/backup
RUN chmod -R u=rX,g=,o= /root/.ssh
VOLUME /srv/data
VOLUME /srv/backups

View file

@ -3,18 +3,29 @@ set -e
# Password can't be empty
test -n "${BORG_PASSPHRASE}"
test -n "${DEST}"
test -n "${SSH_ALIAS}"
date="$(date +%F)"
orig=/srv/data
dest=/srv/backups
DATE="$(date +%F)"
ORIG=/srv/data
# Let other users have read access, since the backup is encrypted
# anyway. This allows for synchronization from other containers.
umask 0022
if ! grep -q "${SSH_ALIAS}" /root/.ssh/config ; then
echo "Host ${SSH_ALIAS}" >> /root/.ssh/config
echo " Port ${SSH_PORT:-22}" >> /root/.ssh/config
echo " HostName ${SSH_SERVER:-${SSH_ALIAS}}" >> /root/.ssh/config
echo " User ${SSH_USER:-root}" >> /root/.ssh/config
echo " IdentityFile ${ORIG}/id_ed25519" >> /root/.ssh/config
fi
test -f "${dest}/config" || borg init --encryption=repokey "${dest}"
ssh -fN ${SSH_ALIAS}
borg create -v --stats "${dest}::${date}" "${orig}"
borg prune -v --stats --keep-daily ${KEEP} "${dest}"
for signal in TERM QUIT HUP EXIT INT KILL; do
trap "ssh -O exit \"${SSH_ALIAS}\"" ${signal}
done
# It'll fail the second time
borg init --encryption=repokey "${SSH_ALIAS}:${DEST}" || :
borg create -v --stats "${SSH_ALIAS}:${DEST}::${DATE}" "${ORIG}"
borg prune -v --stats --keep-daily ${KEEP} "${SSH_ALIAS}:${DEST}"
exit $?

7
ssh_config Normal file
View file

@ -0,0 +1,7 @@
Host *
Protocol 2
ControlMaster auto
ControlPath /tmp/ssh-%r@%h:%p
VerifyHostKeyDNS yes
HashKnownHosts yes
StrictHostKeyChecking ask