kopia lustrzana https://github.com/modem7/docker-borgmatic
Add S6 support
Add S6 support Make sure SIGTERM is handled Add some config examples updated dockercli imagepull/119/head
rodzic
fd1c593715
commit
9db421afb0
|
@ -13,7 +13,6 @@ steps:
|
|||
image: hadolint/hadolint:latest-alpine
|
||||
pull: if-not-exists
|
||||
commands:
|
||||
- hadolint --version
|
||||
- hadolint base-fullbuild/Dockerfile*
|
||||
|
||||
- name: FullBuild
|
||||
|
|
|
@ -2,4 +2,5 @@ override:
|
|||
style:
|
||||
- DL3013
|
||||
- DL3018
|
||||
- DL3042
|
||||
- DL3042
|
||||
- DL3006
|
|
@ -2,8 +2,9 @@
|
|||
|
||||
FROM modem7/borgmatic-docker:latest
|
||||
|
||||
COPY --chmod=755 --link entry.sh /
|
||||
COPY --link root/ /
|
||||
|
||||
RUN apk add --update --no-cache \
|
||||
docker-cli
|
||||
|
||||
CMD ["/entry.sh"]
|
||||
ENTRYPOINT [ "/init" ]
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
#!/bin/bash
|
||||
|
||||
if test "$1" -eq 256 ; then
|
||||
e=$((128 + $2))
|
||||
else
|
||||
e="$1"
|
||||
fi
|
||||
|
||||
echo "$e" > /run/s6-linux-init-container-results/exitcode
|
|
@ -0,0 +1,56 @@
|
|||
#!/usr/bin/with-contenv bash
|
||||
|
||||
# Version variables
|
||||
dockerver=$(docker --version | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+')
|
||||
borgver=$(borg --version)
|
||||
borgmaticver=$(borgmatic --version)
|
||||
apprisever=$(apprise --version | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+')
|
||||
pythonver=$(python3 --version | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+')
|
||||
|
||||
# Software versions
|
||||
echo "Software Versions:
|
||||
-----------------------------------
|
||||
docker $dockerver
|
||||
borgmatic $borgmaticver
|
||||
$borgver
|
||||
apprise $apprisever
|
||||
python $pythonver
|
||||
-----------------------------------
|
||||
Time Zone: $TZ
|
||||
-----------------------------------
|
||||
"
|
||||
|
||||
# Disable cron if it's set to disabled.
|
||||
if [[ "$CRON" =~ ^(false|disabled|off)$ ]]; then
|
||||
echo "Disabling cron, removing configuration"
|
||||
# crontab -r # quite destructive
|
||||
# echo -n > /etc/crontabs/root # Empty config, doesn't look as nice with "crontab -l"
|
||||
echo "# Cron disabled" > /etc/crontabs/root
|
||||
echo "Cron is now disabled"
|
||||
# Apply default or custom cron if $CRON is unset or set (not null):
|
||||
elif [[ -v CRON ]]; then
|
||||
CRON="${CRON:-"0 1 * * *"}"
|
||||
CRON_COMMAND="${CRON_COMMAND:-"borgmatic --stats -v 0 2>&1"}"
|
||||
echo "$CRON $CRON_COMMAND" > /etc/crontabs/root
|
||||
echo "Applying custom cron"
|
||||
# If nothing is set, revert to default behaviour
|
||||
else
|
||||
echo "Applying crontab.txt"
|
||||
crontab /etc/borgmatic.d/crontab.txt
|
||||
fi
|
||||
|
||||
# Apply extra cron if it's set
|
||||
if [ -v EXTRA_CRON ]
|
||||
then
|
||||
echo "$EXTRA_CRON" >> /etc/crontabs/root
|
||||
fi
|
||||
|
||||
# Current crontab var
|
||||
crontab=$(crontab -l)
|
||||
|
||||
# Output cron settings to console
|
||||
printf "Cron job set as: \n$crontab\n"
|
||||
|
||||
# Start Cron
|
||||
# exec supercronic -passthrough-logs /etc/crontabs/root
|
||||
exec /usr/sbin/crond -f -L /dev/stdout
|
|
@ -0,0 +1 @@
|
|||
longrun
|
|
@ -1,48 +1,81 @@
|
|||
# syntax = docker/dockerfile:latest
|
||||
|
||||
FROM python:3.11.5-alpine3.18
|
||||
LABEL mainainer='modem7'
|
||||
VOLUME /mnt/source
|
||||
VOLUME /mnt/borg-repository
|
||||
VOLUME /root/.borgmatic
|
||||
VOLUME /etc/borgmatic.d
|
||||
VOLUME /root/.config/borg
|
||||
VOLUME /root/.ssh
|
||||
VOLUME /root/.cache/borg
|
||||
HEALTHCHECK --interval=30s --timeout=10s --start-period=20s --retries=3 CMD borgmatic --version || exit 1
|
||||
FROM python:3.11.4-alpine3.18 as base
|
||||
ARG TARGETARCH
|
||||
|
||||
LABEL maintainer='modem7'
|
||||
|
||||
FROM base AS base-amd64
|
||||
ENV S6_OVERLAY_ARCH=x86_64
|
||||
|
||||
FROM base AS base-arm64
|
||||
ENV S6_OVERLAY_ARCH=aarch64
|
||||
|
||||
FROM base-${TARGETARCH}${TARGETVARIANT}
|
||||
|
||||
ARG S6_OVERLAY_VERSION=3.1.5.0
|
||||
|
||||
# Add S6 Overlay
|
||||
ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-${S6_OVERLAY_ARCH}.tar.xz /tmp/s6-overlay.tar.xz
|
||||
ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz /tmp
|
||||
|
||||
# Add S6 optional symlinks
|
||||
ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-symlinks-noarch.tar.xz /tmp
|
||||
ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-symlinks-arch.tar.xz /tmp
|
||||
|
||||
ENV LANG='en_US.UTF-8' \
|
||||
LANGUAGE='en_US.UTF-8' \
|
||||
TERM='xterm' \
|
||||
S6_LOGGING="1" \
|
||||
S6_VERBOSITY="0" \
|
||||
S6_CMD_WAIT_FOR_SERVICES_MAXTIME="0" \
|
||||
TZ="Europe/London"
|
||||
|
||||
RUN <<EOF
|
||||
set -x
|
||||
apk add --no-cache -U \
|
||||
bash \
|
||||
bash-completion \
|
||||
bash-doc \
|
||||
ca-certificates \
|
||||
curl \
|
||||
findmnt \
|
||||
fuse \
|
||||
libacl \
|
||||
libxxhash \
|
||||
logrotate \
|
||||
lz4-libs \
|
||||
mariadb-client \
|
||||
apk upgrade --update --no-cache
|
||||
tar -C / -Jxpf /tmp/s6-overlay.tar.xz
|
||||
tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz
|
||||
tar -C / -Jxpf /tmp/s6-overlay-symlinks-noarch.tar.xz
|
||||
tar -C / -Jxpf /tmp/s6-overlay-symlinks-arch.tar.xz
|
||||
|
||||
apk add --no-cache -U \
|
||||
bash \
|
||||
bash-completion \
|
||||
bash-doc \
|
||||
ca-certificates \
|
||||
curl \
|
||||
findmnt \
|
||||
fuse \
|
||||
libacl \
|
||||
libxxhash \
|
||||
logrotate \
|
||||
lz4-libs \
|
||||
mariadb-client \
|
||||
mariadb-connector-c \
|
||||
mongodb-tools \
|
||||
openssl1.1-compat \
|
||||
postgresql-client \
|
||||
sshfs \
|
||||
sqlite \
|
||||
mongodb-tools \
|
||||
openssl1.1-compat \
|
||||
postgresql-client \
|
||||
sshfs \
|
||||
sqlite \
|
||||
tzdata
|
||||
apk upgrade --no-cache
|
||||
EOF
|
||||
|
||||
COPY --link requirements.txt /
|
||||
COPY --chmod=755 --link entry.sh /
|
||||
|
||||
RUN --mount=type=cache,id=pip,target=/root/.cache,sharing=locked python3 -m pip install -Ur requirements.txt
|
||||
RUN --mount=type=cache,id=pip,target=/root/.cache,sharing=locked python3 -m pip install --upgrade pip && python3 -m pip install -Ur requirements.txt
|
||||
RUN <<EOF
|
||||
set -x
|
||||
borgmatic --bash-completion > /usr/share/bash-completion/completions/borgmatic
|
||||
echo "source /etc/profile.d/bash_completion.sh" > /root/.bashrc
|
||||
borgmatic --bash-completion > "$(pkg-config --variable=completionsdir bash-completion)"/borgmatic
|
||||
EOF
|
||||
|
||||
CMD ["/entry.sh"]
|
||||
COPY --link root/ /
|
||||
|
||||
VOLUME /root/.borgmatic
|
||||
VOLUME /root/.config/borg
|
||||
VOLUME /root/.cache/borg
|
||||
|
||||
HEALTHCHECK --interval=30s --timeout=10s --start-period=20s --retries=3 CMD borgmatic --version || exit 1
|
||||
|
||||
ENTRYPOINT [ "/init" ]
|
||||
|
|
|
@ -0,0 +1,25 @@
|
|||
#shellcheck shell=sh
|
||||
#!/usr/bin/with-contenv sh
|
||||
|
||||
timestamp() {
|
||||
date -I'seconds' # ISO-8601 format
|
||||
}
|
||||
|
||||
cleanup() {
|
||||
rm -rf /backup.tar.gz
|
||||
}
|
||||
|
||||
last_backup_info() {
|
||||
export BORG_REMOTE_PATH=borg1
|
||||
export BORG_PASSCOMMAND='cat /borgmatic/passphrase'
|
||||
export BORG_CACHE_DIR='/cache'
|
||||
# vars will be replaced by Ansible's templating engine
|
||||
# shellcheck disable=SC1083
|
||||
last_backup_name="$(borg list --short --last 1 user@borg.example.com:myborgrepo)"
|
||||
|
||||
borg info "user@borg.example.com:myborgrepo::${last_backup_name}"
|
||||
}
|
||||
|
||||
echo "$(timestamp) - Backup completed"
|
||||
last_backup_info
|
||||
cleanup
|
|
@ -0,0 +1,15 @@
|
|||
# shellcheck shell=sh
|
||||
#!/usr/bin/with-contenv sh
|
||||
|
||||
timestamp() {
|
||||
date -I'seconds' # ISO-8601 format
|
||||
}
|
||||
|
||||
# Any steps necessary to prepare the backup (stopping the service/taking
|
||||
# a snapshot...
|
||||
do_something() {
|
||||
echo 'Doing something'
|
||||
}
|
||||
|
||||
echo "$(timestamp) - Starting backup"
|
||||
do_something
|
|
@ -0,0 +1,168 @@
|
|||
# Where to look for files to backup, and where to store those backups. See
|
||||
# https://borgbackup.readthedocs.io/en/stable/quickstart.html and
|
||||
# https://borgbackup.readthedocs.io/en/stable/usage.html#borg-create for details.
|
||||
location:
|
||||
# List of source directories to backup (required). Globs and tildes are expanded.
|
||||
source_directories:
|
||||
- /home
|
||||
- /etc
|
||||
- /var/log/syslog*
|
||||
|
||||
# Stay in same file system (do not cross mount points).
|
||||
one_file_system: true
|
||||
|
||||
# Mode in which to operate the files cache. See
|
||||
# https://borgbackup.readthedocs.io/en/stable/usage/create.html#description for
|
||||
# details.
|
||||
files_cache: ctime,size,inode
|
||||
|
||||
# Alternate Borg local executable. Defaults to "borg".
|
||||
local_path: borg1
|
||||
|
||||
# Alternate Borg remote executable. Defaults to "borg".
|
||||
remote_path: borg1
|
||||
|
||||
# Paths to local or remote repositories (required). Tildes are expanded. Multiple
|
||||
# repositories are backed up to in sequence. See ssh_command for SSH options like
|
||||
# identity file or port.
|
||||
repositories:
|
||||
- user@backupserver:sourcehostname.borg
|
||||
|
||||
# Any paths matching these patterns are included/excluded from backups. Globs are
|
||||
# expanded. (Tildes are not.) Note that Borg considers this option experimental.
|
||||
# See the output of "borg help patterns" for more details. Quote any value if it
|
||||
# contains leading punctuation, so it parses correctly.
|
||||
patterns:
|
||||
- R /
|
||||
- '- /home/*/.cache'
|
||||
- + /home/susan
|
||||
- '- /home/*'
|
||||
|
||||
# Read include/exclude patterns from one or more separate named files, one pattern
|
||||
# per line. Note that Borg considers this option experimental. See the output of
|
||||
# "borg help patterns" for more details.
|
||||
patterns_from:
|
||||
- /etc/borgmatic/patterns
|
||||
|
||||
# Any paths matching these patterns are excluded from backups. Globs and tildes
|
||||
# are expanded. See the output of "borg help patterns" for more details.
|
||||
exclude_patterns:
|
||||
- '*.pyc'
|
||||
- ~/*/.cache
|
||||
- /etc/ssl
|
||||
|
||||
# Read exclude patterns from one or more separate named files, one pattern per
|
||||
# line. See the output of "borg help patterns" for more details.
|
||||
exclude_from:
|
||||
- /etc/borgmatic/excludes
|
||||
|
||||
# Exclude directories that contain a CACHEDIR.TAG file. See
|
||||
# http://www.brynosaurus.com/cachedir/spec.html for details.
|
||||
exclude_caches: true
|
||||
|
||||
# Exclude directories that contain a file with the given filename.
|
||||
exclude_if_present: .nobackup
|
||||
|
||||
# Repository storage options. See
|
||||
# https://borgbackup.readthedocs.io/en/stable/usage.html#borg-create and
|
||||
# https://borgbackup.readthedocs.io/en/stable/usage/general.html#environment-variables for
|
||||
# details.
|
||||
storage:
|
||||
# The standard output of this command is used to unlock the encryption key. Only
|
||||
# use on repositories that were initialized with passcommand/repokey encryption.
|
||||
# Note that if both encryption_passcommand and encryption_passphrase are set,
|
||||
# then encryption_passphrase takes precedence.
|
||||
encryption_passcommand: secret-tool lookup borg-repository repo-name
|
||||
|
||||
# Passphrase to unlock the encryption key with. Only use on repositories that were
|
||||
# initialized with passphrase/repokey encryption. Quote the value if it contains
|
||||
# punctuation, so it parses correctly. And backslash any quote or backslash
|
||||
# literals as well.
|
||||
encryption_passphrase: "!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~"
|
||||
|
||||
# Type of compression to use when creating archives. See
|
||||
# https://borgbackup.readthedocs.org/en/stable/usage.html#borg-create for details.
|
||||
# Defaults to no compression.
|
||||
compression: lz4
|
||||
|
||||
# Remote network upload rate limit in kiBytes/second.
|
||||
remote_rate_limit: 100
|
||||
|
||||
# Command to use instead of just "ssh". This can be used to specify ssh options.
|
||||
ssh_command: ssh -i /path/to/private/key
|
||||
|
||||
# Umask to be used for borg create.
|
||||
umask: 0077
|
||||
|
||||
# Maximum seconds to wait for acquiring a repository/cache lock.
|
||||
lock_wait: 5
|
||||
|
||||
# Name of the archive. Borg placeholders can be used. See the output of
|
||||
# "borg help placeholders" for details. Default is
|
||||
# "{hostname}-{now:%Y-%m-%dT%H:%M:%S.%f}". If you specify this option, you must
|
||||
# also specify a prefix in the retention section to avoid accidental pruning of
|
||||
# archives with a different archive name format.
|
||||
archive_name_format: '{hostname}-documents-{now}'
|
||||
|
||||
# Retention policy for how many backups to keep in each category. See
|
||||
# https://borgbackup.readthedocs.org/en/stable/usage.html#borg-prune for details.
|
||||
# At least one of the "keep" options is required for pruning to work.
|
||||
retention:
|
||||
# Keep all archives within this time interval.
|
||||
keep_within: 3H
|
||||
|
||||
# Number of minutely archives to keep.
|
||||
keep_minutely: 60
|
||||
|
||||
# Number of hourly archives to keep.
|
||||
keep_hourly: 24
|
||||
|
||||
# Number of daily archives to keep.
|
||||
keep_daily: 7
|
||||
|
||||
# Number of weekly archives to keep.
|
||||
keep_weekly: 4
|
||||
|
||||
# Number of monthly archives to keep.
|
||||
keep_monthly: 6
|
||||
|
||||
# Number of yearly archives to keep.
|
||||
keep_yearly: 1
|
||||
|
||||
# When pruning, only consider archive names starting with this prefix.
|
||||
# Borg placeholders can be used. See the output of "borg help placeholders" for
|
||||
# details. Default is "{hostname}-".
|
||||
prefix: sourcehostname
|
||||
|
||||
# Consistency checks to run after backups. See
|
||||
# https://borgbackup.readthedocs.org/en/stable/usage.html#borg-check and
|
||||
# https://borgbackup.readthedocs.org/en/stable/usage.html#borg-extract for details.
|
||||
consistency:
|
||||
# List of one or more consistency checks to run: "repository", "archives", and/or
|
||||
# "extract". Defaults to "repository" and "archives". Set to "disabled" to disable
|
||||
# all consistency checks. "repository" checks the consistency of the repository,
|
||||
# "archive" checks all of the archives, and "extract" does an extraction dry-run
|
||||
# of just the most recent archive.
|
||||
checks:
|
||||
- repository
|
||||
- archives
|
||||
|
||||
# Restrict the number of checked archives to the last n. Applies only to the "archives" check.
|
||||
check_last: 3
|
||||
|
||||
# Shell commands or scripts to execute before and after a backup or if an error has occurred.
|
||||
# IMPORTANT: All provided commands and scripts are executed with user permissions of borgmatic.
|
||||
# Do not forget to set secure permissions on this file as well as on any script listed (chmod 0700) to
|
||||
# prevent potential shell injection or privilege escalation.
|
||||
hooks:
|
||||
# List of one or more shell commands or scripts to execute before creating a backup.
|
||||
before_backup:
|
||||
- echo "`date` - Starting a backup job."
|
||||
|
||||
# List of one or more shell commands or scripts to execute after creating a backup.
|
||||
after_backup:
|
||||
- echo "`date` - Backup created."
|
||||
|
||||
# List of one or more shell commands or scripts to execute in case an exception has occurred.
|
||||
on_error:
|
||||
- echo "`date` - Error while creating a backup."
|
|
@ -0,0 +1,40 @@
|
|||
---
|
||||
# see https://torsion.org/borgmatic/ for more info on this file
|
||||
location:
|
||||
source_directories:
|
||||
- /backup.tar.gz
|
||||
files_cache: ctime,size,inode
|
||||
remote_path: borg1
|
||||
repositories:
|
||||
- user@borg.example.com:myborgrepo
|
||||
exclude_caches: true
|
||||
|
||||
storage:
|
||||
encryption_passcommand: cat /borgmatic/passphrase
|
||||
compression: auto,lz4
|
||||
umask: 0077
|
||||
lock_wait: 5
|
||||
archive_name_format: 'myservice-{now}'
|
||||
|
||||
retention:
|
||||
keep_within: 3H
|
||||
keep_hourly: 24
|
||||
keep_daily: 7
|
||||
keep_weekly: 4
|
||||
keep_monthly: 6
|
||||
keep_yearly: 1
|
||||
prefix: 'myservice-'
|
||||
|
||||
consistency:
|
||||
checks:
|
||||
- repository
|
||||
- archives
|
||||
check_last: 3
|
||||
|
||||
hooks:
|
||||
before_backup:
|
||||
- /borgmatic/before-backup
|
||||
after_backup:
|
||||
- /borgmatic/after-backup
|
||||
on_error:
|
||||
- /borgmatic/failed-backup
|
|
@ -0,0 +1,14 @@
|
|||
# shellcheck shell=sh
|
||||
#!/usr/bin/with-contenv sh
|
||||
|
||||
timestamp() {
|
||||
date -I'seconds' # ISO-8601 format
|
||||
}
|
||||
|
||||
# things to when the backup has failed
|
||||
notify_admin() {
|
||||
echo 'the backup has failed'
|
||||
}
|
||||
|
||||
echo "$(timestamp) - Backup failed"
|
||||
notify_admin
|
|
@ -0,0 +1,9 @@
|
|||
#!/bin/bash
|
||||
|
||||
if test "$1" -eq 256 ; then
|
||||
e=$((128 + $2))
|
||||
else
|
||||
e="$1"
|
||||
fi
|
||||
|
||||
echo "$e" > /run/s6-linux-init-container-results/exitcode
|
|
@ -1,4 +1,4 @@
|
|||
#!/bin/bash
|
||||
#!/usr/bin/with-contenv bash
|
||||
|
||||
# Version variables
|
||||
borgver=$(borg --version)
|
||||
|
@ -7,10 +7,16 @@ apprisever=$(apprise --version | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+')
|
|||
pythonver=$(python3 --version | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+')
|
||||
|
||||
# Software versions
|
||||
echo borgmatic $borgmaticver
|
||||
echo $borgver
|
||||
echo apprise $apprisever
|
||||
echo python $pythonver
|
||||
echo "Software Versions:
|
||||
-----------------------------------
|
||||
borgmatic $borgmaticver
|
||||
$borgver
|
||||
apprise $apprisever
|
||||
python $pythonver
|
||||
-----------------------------------
|
||||
Time Zone: $TZ
|
||||
-----------------------------------
|
||||
"
|
||||
|
||||
# Disable cron if it's set to disabled.
|
||||
if [[ "$CRON" =~ ^(false|disabled|off)$ ]]; then
|
||||
|
@ -44,4 +50,5 @@ crontab=$(crontab -l)
|
|||
printf "Cron job set as: \n$crontab\n"
|
||||
|
||||
# Start Cron
|
||||
crond -f -L /dev/stdout
|
||||
# exec supercronic -passthrough-logs /etc/crontabs/root
|
||||
exec /usr/sbin/crond -f -L /dev/stdout
|
|
@ -0,0 +1 @@
|
|||
longrun
|
Ładowanie…
Reference in New Issue