remote backups
This commit is contained in:
parent
c618a11430
commit
355b5a0029
3 changed files with 37 additions and 13 deletions
14
Dockerfile
14
Dockerfile
|
@ -4,12 +4,18 @@ MAINTAINER "f <f@sutty.nl>"
|
|||
ENV BORG_HOST_ID borg
|
||||
ENV BORG_PASSPHRASE ""
|
||||
ENV KEEP 30
|
||||
|
||||
COPY ./monit.conf /etc/monit.d/borg.conf
|
||||
COPY ./backup.sh /usr/local/bin/backup
|
||||
RUN chmod 755 /usr/local/bin/backup
|
||||
ENV SSH_ALIAS ""
|
||||
ENV SSH_SERVER ""
|
||||
ENV SSH_USER root
|
||||
ENV SSH_PORT 22
|
||||
|
||||
RUN apk add --no-cache borgbackup
|
||||
|
||||
COPY ./monit.conf /etc/monit.d/borg.conf
|
||||
COPY ./backup.sh /usr/local/bin/backup
|
||||
COPY ./ssh_config /root/.ssh/config
|
||||
RUN chmod 755 /usr/local/bin/backup
|
||||
RUN chmod -R u=rX,g=,o= /root/.ssh
|
||||
|
||||
VOLUME /srv/data
|
||||
VOLUME /srv/backups
|
||||
|
|
29
backup.sh
29
backup.sh
|
@ -3,18 +3,29 @@ set -e
|
|||
|
||||
# Password can't be empty
|
||||
test -n "${BORG_PASSPHRASE}"
|
||||
test -n "${DEST}"
|
||||
test -n "${SSH_ALIAS}"
|
||||
|
||||
date="$(date +%F)"
|
||||
orig=/srv/data
|
||||
dest=/srv/backups
|
||||
DATE="$(date +%F)"
|
||||
ORIG=/srv/data
|
||||
|
||||
# Let other users have read access, since the backup is encrypted
|
||||
# anyway. This allows for synchronization from other containers.
|
||||
umask 0022
|
||||
if ! grep -q "${SSH_ALIAS}" /root/.ssh/config ; then
|
||||
echo "Host ${SSH_ALIAS}" >> /root/.ssh/config
|
||||
echo " Port ${SSH_PORT:-22}" >> /root/.ssh/config
|
||||
echo " HostName ${SSH_SERVER:-${SSH_ALIAS}}" >> /root/.ssh/config
|
||||
echo " User ${SSH_USER:-root}" >> /root/.ssh/config
|
||||
echo " IdentityFile ${ORIG}/id_ed25519" >> /root/.ssh/config
|
||||
fi
|
||||
|
||||
test -f "${dest}/config" || borg init --encryption=repokey "${dest}"
|
||||
ssh -fN ${SSH_ALIAS}
|
||||
|
||||
borg create -v --stats "${dest}::${date}" "${orig}"
|
||||
borg prune -v --stats --keep-daily ${KEEP} "${dest}"
|
||||
for signal in TERM QUIT HUP EXIT INT KILL; do
|
||||
trap "ssh -O exit \"${SSH_ALIAS}\"" ${signal}
|
||||
done
|
||||
|
||||
# It'll fail the second time
|
||||
borg init --encryption=repokey "${SSH_ALIAS}:${DEST}" || :
|
||||
borg create -v --stats "${SSH_ALIAS}:${DEST}::${DATE}" "${ORIG}"
|
||||
borg prune -v --stats --keep-daily ${KEEP} "${SSH_ALIAS}:${DEST}"
|
||||
|
||||
exit $?
|
||||
|
|
7
ssh_config
Normal file
7
ssh_config
Normal file
|
@ -0,0 +1,7 @@
|
|||
Host *
|
||||
Protocol 2
|
||||
ControlMaster auto
|
||||
ControlPath /tmp/ssh-%r@%h:%p
|
||||
VerifyHostKeyDNS yes
|
||||
HashKnownHosts yes
|
||||
StrictHostKeyChecking ask
|
Loading…
Reference in a new issue