# Borg Backup Container image to create cron scheduled backups using [borg backup](https://www.borgbackup.org/) based on Alpine Linux. ## Why to use Borg Backup - Space efficient storage due to deduplication and compression - Quick backup runs including pruning of old backups on disk - Encryption allows storing in insecure offsite locations - Fuse-mount of backups ease restore - For remote backups, you may take a look in restic ## Security considerations: - This container will run with root priveliges in order to access all data for backup - The backup source volume is mounted read-only to avoid alering data by mistake ## Prepare for backup restore Following files MUST be stored along with the backup to enable encryption of backup data - `.env`-file which contains the Passphrase - Keyfiles, stored in ./data/.config/borg/keys/ ## Monitoring - Status and statistics are sent to Prometheus using a simple bash script and curl ## Build - Alpine and borg version are hard-coded in docker compose so we don't mess up backups due to version upgrades - Run `docker compose build` to build the container image from `./build/Dockerfile` ## Installation & Setup - Configuration: `cp .env.template .env ` and adapt `.env` (parameters are explained in the template file) - Init the backup archive: `docker exec --rm -it borg bash -c "borg init --encryption repokey-blake2"` - Start the container: `docker-compose up -d` ## Progam flow - `/scripts/entry.sh` is called during container startup and installs the cronjob defined in `.env` variable $CRON - crond starts `/scripts/do-backup.sh` which - notifies prometheus about the status and stats - executes borg backup - prunes and compacts old backups in ## Backup restore 1. Stop the backup container: `docker compose down` 2. Run an interactive shell: `docker compose -f docker-compose.yml -f docker-compose.restore.yml run borg bash` 3. Fuse-mount the backup: `borg mount $BORG_REPO ` 4. Restore your files 5. Finally unmount and exit: `borg umount && exit`. # Failure handling - In case Borg fails to create/acquire a lock: `borg break-lock /mnt/repository`