|
@@ -6,7 +6,7 @@ Container image for creating cron-scheduled backups with [borg backup](https://w
|
|
- Fast backup runs and pruning of old backups.
|
|
- Fast backup runs and pruning of old backups.
|
|
- Encryption to allow backup storage in insecure offsite-locations.
|
|
- Encryption to allow backup storage in insecure offsite-locations.
|
|
- FUSE mount support for easy recovery.
|
|
- FUSE mount support for easy recovery.
|
|
- - Focus on local backups. For cloud backups [restic](https://restic.net/) might be an alternative.
|
|
|
|
|
|
+ - Focus on local backups. For cloud backups, [restic](https://restic.net/) might be an alternative.
|
|
|
|
|
|
## Installation & Setup
|
|
## Installation & Setup
|
|
0. Clone this repository
|
|
0. Clone this repository
|
|
@@ -25,7 +25,7 @@ Container image for creating cron-scheduled backups with [borg backup](https://w
|
|
- [Borg Release Notes](https://github.com/borgbackup/borg/releases) should be consulted for breaking changes.
|
|
- [Borg Release Notes](https://github.com/borgbackup/borg/releases) should be consulted for breaking changes.
|
|
|
|
|
|
## Preparation for disaster recovery
|
|
## Preparation for disaster recovery
|
|
-Very IMPORTANT! Following files MUST be stored along with the backup to enable decryption of the backup data:
|
|
|
|
|
|
+Very IMPORTANT! The following files MUST be stored along with the backup to enable decryption of the backup data:
|
|
- `.env`-file containing the passphrase
|
|
- `.env`-file containing the passphrase
|
|
- Keyfile(s), stored in ./data/.config/borg/keys/
|
|
- Keyfile(s), stored in ./data/.config/borg/keys/
|
|
|
|
|
|
@@ -46,14 +46,14 @@ Very IMPORTANT! Following files MUST be stored along with the backup to enable d
|
|
Simple bash [scripts](scripts/) sent the backup status and statistics using `curl` to a Prometheus [Pushgateway](https://prometheus.io/docs/practices/pushing/) defined in `.env`.
|
|
Simple bash [scripts](scripts/) sent the backup status and statistics using `curl` to a Prometheus [Pushgateway](https://prometheus.io/docs/practices/pushing/) defined in `.env`.
|
|
|
|
|
|
## Security considerations
|
|
## Security considerations
|
|
- - This container runs with root priveliges to allow backup of all data independant of permissions.
|
|
|
|
- - The backup source-volume is mounted read-only to avoid alering data by mistake.
|
|
|
|
- - This image has a reduced feature set for sake of simplicity.
|
|
|
|
- - If neccessary, [borgmatic](https://torsion.org/borgmatic/) offers more features such as notifications and backup of databases.
|
|
|
|
|
|
+ - This container runs with root privileges to allow backup of all data independent of permissions.
|
|
|
|
+ - The backup source-volume is mounted read-only to avoid altering data by mistake.
|
|
|
|
+ - This image has a reduced feature set for the sake of simplicity.
|
|
|
|
+ - If necessary, [borgmatic](https://torsion.org/borgmatic/) offers more features such as notifications and backup of databases.
|
|
- py3-llfuse and bash are included for comfort during backup restore and could be potentially removed
|
|
- py3-llfuse and bash are included for comfort during backup restore and could be potentially removed
|
|
- curl is included to push Promethous metrics and could be removed if this functionality is not used
|
|
- curl is included to push Promethous metrics and could be removed if this functionality is not used
|
|
|
|
|
|
-## Progam flow
|
|
|
|
|
|
+## Program flow
|
|
- [docker-compose.yml](docker-compose.yml) sets variables `.env` as environment variables in the container
|
|
- [docker-compose.yml](docker-compose.yml) sets variables `.env` as environment variables in the container
|
|
- `/scripts/entry.sh` is called during container startup
|
|
- `/scripts/entry.sh` is called during container startup
|
|
and installs the cronjob defined in the $CRON
|
|
and installs the cronjob defined in the $CRON
|
|
@@ -63,5 +63,5 @@ Simple bash [scripts](scripts/) sent the backup status and statistics using `cur
|
|
- notifies Prometheus about the backup start/stop/fail and stats
|
|
- notifies Prometheus about the backup start/stop/fail and stats
|
|
|
|
|
|
# Failure handling
|
|
# Failure handling
|
|
- - Break lock in case Borg has been interrupted and fails to create/acquire a new lock:
|
|
|
|
|
|
+ - Break the lock in case Borg has been interrupted and fails to create/acquire a new lock:
|
|
- `docker exec borg bash -c 'borg break-lock'`
|
|
- `docker exec borg bash -c 'borg break-lock'`
|