From d173dd6e4af4ebc7898bd6406e2f3f261e68eb17 Mon Sep 17 00:00:00 2001 From: f Date: Tue, 10 Sep 2019 21:15:08 -0300 Subject: [PATCH 1/5] borg --- Dockerfile | 12 ++++++++++++ backup.sh | 16 ++++++++++++++++ monit.conf | 4 ++++ 3 files changed, 32 insertions(+) create mode 100644 backup.sh create mode 100644 monit.conf diff --git a/Dockerfile b/Dockerfile index 59c5898..bc376ba 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,2 +1,14 @@ FROM sutty/monit:latest MAINTAINER "f " + +ENV BORG_HOST_ID borg +ENV BORG_PASSPHRASE "" +ENV KEEP 30 + +COPY ./monit.conf /etc/monit.d/borg.conf +COPY ./backup.sh /usr/local/bin/backup + +RUN apk add --no-cache borgbackup + +VOLUME /srv/data +VOLUME /srv/backups diff --git a/backup.sh b/backup.sh new file mode 100644 index 0000000..b546780 --- /dev/null +++ b/backup.sh @@ -0,0 +1,16 @@ +#!/bin/sh +set -e + +# Password can't be empty +test -n "${BORG_PASSPHRASE}" + +date="$(date +%F)" +orig=/srv/data +dest=/srv/backups + +test -f "${dest}/config" || borg init --encryption=repokey "${dest}" + +borg create -v --stats "${dest}::${date}" "${orig}" +borg prune -v --stats --keep-daily ${KEEP} "${dest}" + +exit $? diff --git a/monit.conf b/monit.conf new file mode 100644 index 0000000..c96f0fc --- /dev/null +++ b/monit.conf @@ -0,0 +1,4 @@ +check program backup + with path "/usr/local/bin/backup" + if status != 0 then alert + every "53 3 * * *" From e68be56e3b790f218283ad666f976e13fd621e0f Mon Sep 17 00:00:00 2001 From: f Date: Wed, 18 Sep 2019 16:32:45 -0300 Subject: [PATCH 2/5] exec --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index bc376ba..fa467fd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,6 +7,7 @@ ENV KEEP 30 COPY ./monit.conf /etc/monit.d/borg.conf COPY ./backup.sh /usr/local/bin/backup +RUN chmod 755 /usr/local/bin/backup RUN apk add --no-cache borgbackup From c618a11430b088d165e365ce9b788876515579f4 Mon Sep 17 00:00:00 2001 From: f Date: Mon, 30 Sep 2019 16:46:17 -0300 Subject: [PATCH 3/5] umask --- backup.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/backup.sh b/backup.sh index b546780..9f575af 100644 --- a/backup.sh +++ b/backup.sh @@ -8,6 +8,10 @@ date="$(date +%F)" orig=/srv/data dest=/srv/backups +# Let other users have read access, since the backup is encrypted +# anyway. This allows for synchronization from other containers. +umask 0022 + test -f "${dest}/config" || borg init --encryption=repokey "${dest}" borg create -v --stats "${dest}::${date}" "${orig}" From 355b5a002915a8ed60a62ee9bc14bc025d2cd113 Mon Sep 17 00:00:00 2001 From: f Date: Thu, 3 Sep 2020 12:43:52 -0300 Subject: [PATCH 4/5] remote backups --- Dockerfile | 14 ++++++++++---- backup.sh | 29 ++++++++++++++++++++--------- ssh_config | 7 +++++++ 3 files changed, 37 insertions(+), 13 deletions(-) create mode 100644 ssh_config diff --git a/Dockerfile b/Dockerfile index fa467fd..e0fdc70 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,12 +4,18 @@ MAINTAINER "f " ENV BORG_HOST_ID borg ENV BORG_PASSPHRASE "" ENV KEEP 30 - -COPY ./monit.conf /etc/monit.d/borg.conf -COPY ./backup.sh /usr/local/bin/backup -RUN chmod 755 /usr/local/bin/backup +ENV SSH_ALIAS "" +ENV SSH_SERVER "" +ENV SSH_USER root +ENV SSH_PORT 22 RUN apk add --no-cache borgbackup +COPY ./monit.conf /etc/monit.d/borg.conf +COPY ./backup.sh /usr/local/bin/backup +COPY ./ssh_config /root/.ssh/config +RUN chmod 755 /usr/local/bin/backup +RUN chmod -R u=rX,g=,o= /root/.ssh + VOLUME /srv/data VOLUME /srv/backups diff --git a/backup.sh b/backup.sh index 9f575af..02f9af6 100644 --- a/backup.sh +++ b/backup.sh @@ -3,18 +3,29 @@ set -e # Password can't be empty test -n "${BORG_PASSPHRASE}" +test -n "${DEST}" +test -n "${SSH_ALIAS}" -date="$(date +%F)" -orig=/srv/data -dest=/srv/backups +DATE="$(date +%F)" +ORIG=/srv/data -# Let other users have read access, since the backup is encrypted -# anyway. This allows for synchronization from other containers. -umask 0022 +if ! grep -q "${SSH_ALIAS}" /root/.ssh/config ; then + echo "Host ${SSH_ALIAS}" >> /root/.ssh/config + echo " Port ${SSH_PORT:-22}" >> /root/.ssh/config + echo " HostName ${SSH_SERVER:-${SSH_ALIAS}}" >> /root/.ssh/config + echo " User ${SSH_USER:-root}" >> /root/.ssh/config + echo " IdentityFile ${ORIG}/id_ed25519" >> /root/.ssh/config +fi -test -f "${dest}/config" || borg init --encryption=repokey "${dest}" +ssh -fN ${SSH_ALIAS} -borg create -v --stats "${dest}::${date}" "${orig}" -borg prune -v --stats --keep-daily ${KEEP} "${dest}" +for signal in TERM QUIT HUP EXIT INT KILL; do + trap "ssh -O exit \"${SSH_ALIAS}\"" ${signal} +done + +# It'll fail the second time +borg init --encryption=repokey "${SSH_ALIAS}:${DEST}" || : +borg create -v --stats "${SSH_ALIAS}:${DEST}::${DATE}" "${ORIG}" +borg prune -v --stats --keep-daily ${KEEP} "${SSH_ALIAS}:${DEST}" exit $? diff --git a/ssh_config b/ssh_config new file mode 100644 index 0000000..eafda2b --- /dev/null +++ b/ssh_config @@ -0,0 +1,7 @@ +Host * + Protocol 2 + ControlMaster auto + ControlPath /tmp/ssh-%r@%h:%p + VerifyHostKeyDNS yes + HashKnownHosts yes + StrictHostKeyChecking ask From fa55e15ba8e57d820e864bf15452e1e5e9164dd2 Mon Sep 17 00:00:00 2001 From: f Date: Fri, 4 Sep 2020 09:29:04 -0300 Subject: [PATCH 5/5] ssh client --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index e0fdc70..6f78311 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,7 +9,7 @@ ENV SSH_SERVER "" ENV SSH_USER root ENV SSH_PORT 22 -RUN apk add --no-cache borgbackup +RUN apk add --no-cache borgbackup openssh-client COPY ./monit.conf /etc/monit.d/borg.conf COPY ./backup.sh /usr/local/bin/backup