git Service des IN-Ulm e.V. Erkunden Hilfe
Anmelden
ulpeters
/
borg
1
0
Fork 0
Dateien Issues 0 Pull-Requests 0 Wiki

Container image for creating cron-scheduled backups with borg backup based on Alpine Linux.

Struktur: 504924e297
Branches Tags
borg
ZIP TAR.GZ
toastie89 504924e297 initial vor 10 Monaten
build 504924e297 initial vor 10 Monaten
scripts 504924e297 initial vor 10 Monaten
.env.template 504924e297 initial vor 10 Monaten
.gitignore 504924e297 initial vor 10 Monaten
README.md 504924e297 initial vor 10 Monaten
docker-compose.restore.yml 504924e297 initial vor 10 Monaten
docker-compose.yml 504924e297 initial vor 10 Monaten

README.md

Borg Backup

Container image to create cron scheduled backups using borg backup based on Alpine Linux.

Why to use Borg Backup

  • Space efficient storage due to deduplication and compression
  • Quick backup runs including pruning of old backups on disk
  • Encryption allows storing in insecure offsite locations
  • Fuse-mount of backups ease restore
  • For remote backups, you may take a look in restic

Security considerations:

  • This container will run with root priveliges in order to access all data for backup
  • The backup source volume is mounted read-only to avoid alering data by mistake

Prepare for backup restore

Following files MUST be stored along with the backup to enable encryption of backup data

  • .env-file which contains the Passphrase
  • Keyfiles, stored in ./data/.config/borg/keys/

Monitoring

  • Status and statistics are sent to Prometheus using a simple bash script and curl

Build

  • Alpine and borg version are hard-coded in docker compose so we don't mess up backups due to version upgrades
  • Run docker compose build to build the container image from ./build/Dockerfile

Installation & Setup

  • Configuration: cp .env.template .env and adapt .env (parameters are explained in the template file)
  • Init the backup archive: docker exec --rm -it borg bash -c "borg init --encryption repokey-blake2"
  • Start the container: docker-compose up -d

Progam flow

  • /scripts/entry.sh is called during container startup and installs the cronjob defined in .env variable $CRON
  • crond starts /scripts/do-backup.sh which
    • notifies prometheus about the status and stats
    • executes borg backup
    • prunes and compacts old backups in

Backup restore

  1. Stop the backup container: docker compose down
  2. Run an interactive shell: docker compose -f docker-compose.yml -f docker-compose.restore.yml run borg bash
  3. Fuse-mount the backup: borg mount $BORG_REPO <mount_point>
  4. Restore your files
  5. Finally unmount and exit: borg umount <mount_point> && exit.

Failure handling

  • In case Borg fails to create/acquire a lock: borg break-lock /mnt/repository