kopia lustrzana https://github.com/Ovski4/docker-borgbackup-cron
Initial commit
commit
4dbe8a5394
|
@ -0,0 +1,32 @@
|
|||
image: docker:latest
|
||||
|
||||
services:
|
||||
- docker:dind
|
||||
|
||||
stages:
|
||||
- build
|
||||
- push
|
||||
|
||||
before_script:
|
||||
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
|
||||
|
||||
build-borgbackup-cron:
|
||||
stage: build
|
||||
script:
|
||||
- docker build --pull -t $CI_REGISTRY_IMAGE/borgbackup-cron .
|
||||
|
||||
push-borgbackup-cron-latest:
|
||||
stage: push
|
||||
script:
|
||||
- docker build --pull -t $CI_REGISTRY_IMAGE/borgbackup-cron:latest .
|
||||
- docker push $CI_REGISTRY_IMAGE/borgbackup-cron:latest
|
||||
only:
|
||||
- master
|
||||
|
||||
push-borgbackup-cron-tagged:
|
||||
stage: push
|
||||
script:
|
||||
- docker build --pull -t $CI_REGISTRY_IMAGE/borgbackup-cron:$CI_COMMIT_TAG .
|
||||
- docker push $CI_REGISTRY_IMAGE/borgbackup-cron:$CI_COMMIT_TAG
|
||||
only:
|
||||
- tags
|
|
@ -0,0 +1,27 @@
|
|||
FROM ovski/ansible:v2.7.8
|
||||
|
||||
# Install borg
|
||||
RUN apt-get install -y \
|
||||
python3 \
|
||||
python3-dev \
|
||||
python3-pip \
|
||||
python-virtualenv \
|
||||
libssl-dev openssl \
|
||||
libacl1-dev libacl1 \
|
||||
build-essential \
|
||||
borgbackup
|
||||
|
||||
# Install cron
|
||||
RUN apt-get install -y cron
|
||||
|
||||
COPY entrypoint.sh /var/entrypoint.sh
|
||||
RUN chmod +x /var/entrypoint.sh
|
||||
|
||||
COPY backup_script.sh /var/backup_script.sh
|
||||
RUN chmod +x /var/backup_script.sh
|
||||
|
||||
COPY borgbackup_cron /etc/cron.d/borgbackup_cron
|
||||
RUN chmod +x /etc/cron.d/borgbackup_cron
|
||||
RUN crontab /etc/cron.d/borgbackup_cron
|
||||
|
||||
CMD [ "/var/entrypoint.sh" ]
|
|
@ -0,0 +1,40 @@
|
|||
Borg backup cron
|
||||
=================
|
||||
|
||||
A docker image to backup periodically a folder using borg
|
||||
|
||||
Build
|
||||
-----
|
||||
|
||||
```
|
||||
git clone git@gitlab.com:ovski-projects/docker-images/borgbackup-cron.git
|
||||
cd borgbackup-cron
|
||||
docker build -t ovski/borgbackup-cron:latest .
|
||||
```
|
||||
|
||||
Usage
|
||||
-----
|
||||
|
||||
docker run \
|
||||
-d \
|
||||
-v /path/to/folder_to_backup:/var/folder_to_backup \
|
||||
-v /path/to/backup_user_private_key:/var/run/backup_user_private_key \
|
||||
-e SSH_KNOWN_HOSTS=my-server.com,27.189.111.145 \
|
||||
-e SSH_CONNECTION=backup_user@my-server.com \
|
||||
-e PRIVATE_KEY_PATH=/var/run/backup_user_private_key \
|
||||
-e BORG_REPO_PATH=/home/backup_user/borg_repositories \
|
||||
-e BORG_REPO_NAME=folder_to_backup \
|
||||
-e BORG_PASSPHRASE=youyouthatsnotgood \
|
||||
-e LOCAL_FOLDER=/var/folder_to_backup \
|
||||
-e GITLAB_USER=gitlab+deploy-token-99999 \
|
||||
-e GITLAB_PASSWORD=keyhereverysecret \
|
||||
ovski/borgbackup-cron
|
||||
|
||||
You can also use secrets in a stack to store sensitive information.
|
||||
Instead of specifiying environment variables, create the following secrets in /var/secrets (default location):
|
||||
|
||||
```
|
||||
/run/secrets/borg_passphrase
|
||||
/run/secrets/gitlab_user
|
||||
/run/secrets/gitlab_password
|
||||
```
|
|
@ -0,0 +1,9 @@
|
|||
#!/bin/bash
|
||||
|
||||
ansible-playbook /var/ansible/playbooks/borg-backup/main.yml \
|
||||
-e ssh_connection=$SSH_CONNECTION \
|
||||
-e private_key_path=$PRIVATE_KEY_PATH \
|
||||
-e borg_repo_path=$BORG_REPO_PATH \
|
||||
-e borg_repo_name=$BORG_REPO_NAME \
|
||||
-e borg_passphrase=$BORG_PASSPHRASE \
|
||||
-e local_folder=$LOCAL_FOLDER
|
|
@ -0,0 +1,13 @@
|
|||
PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
|
||||
SHELL=/bin/bash
|
||||
BASH_ENV=/container.env
|
||||
|
||||
# minutes hours day-of-month month day-0f-week command
|
||||
|
||||
# Every 5 minutes
|
||||
*/5 * * * * echo "=== I'm alive ===" > /proc/1/fd/1 2>/proc/1/fd/2
|
||||
|
||||
# Backup every day at 1AM
|
||||
0 1 * * * /var/backup_script.sh > /proc/1/fd/1 2>/proc/1/fd/2
|
||||
|
||||
# Don't remove the empty line at the end of this file. It is required to run the cron job
|
|
@ -0,0 +1,42 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Add known hosts
|
||||
if [[ -n "$SSH_KNOWN_HOSTS" ]]; then
|
||||
echo "Adding domains and ips to known hosts"
|
||||
mkdir -p ~/.ssh
|
||||
touch ~/.ssh/known_hosts
|
||||
chmod 644 ~/.ssh/known_hosts
|
||||
while IFS=' ' read -ra entries; do
|
||||
for entry in "${entries[@]}"; do
|
||||
ssh-keyscan -Ht rsa ${entry} >> ~/.ssh/known_hosts
|
||||
done
|
||||
done <<< "$SSH_KNOWN_HOSTS"
|
||||
fi
|
||||
|
||||
# Clone ansible playbooks
|
||||
if [[ ! -z "$GITLAB_USER" && ! -z "$GITLAB_PASSWORD" ]]; then
|
||||
echo "Cloning ansible gitlab repository"
|
||||
git clone https://${GITLAB_USER}:${GITLAB_PASSWORD}@gitlab.com/ovski-projects/infra/ansible.git /var/ansible
|
||||
elif [[ -f /run/secrets/gitlab_user && -f /run/secrets/gitlab_password ]]; then
|
||||
GITLAB_USER=$(cat /run/secrets/gitlab_user)
|
||||
GITLAB_PASSWORD=$(cat /run/secrets/gitlab_password)
|
||||
git clone https://${GITLAB_USER}:${GITLAB_PASSWORD}@gitlab.com/ovski-projects/infra/ansible.git /var/ansible
|
||||
else
|
||||
echo "Gitlab credentials not set. Exiting"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Set borg passphrase env variable
|
||||
if [[ -f /run/secrets/borg_passphrase ]]; then
|
||||
echo "Setting BORG_PASSPHRASE env variable from secret"
|
||||
export BORG_PASSPHRASE=$(cat /run/secrets/borg_passphrase)
|
||||
elif [[ -z "$BORG_PASSPHRASE" ]]; then
|
||||
echo "BORG_PASSPHRASE env variable not set. Exiting"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Make env variables accessible in crontab
|
||||
declare -p | grep -Ev 'BASHOPTS|BASH_VERSINFO|EUID|PPID|SHELLOPTS|UID' > /container.env
|
||||
|
||||
echo "Run the crontab in the foreground"
|
||||
cron -f
|
Ładowanie…
Reference in New Issue