git Service of IN-Ulm e.V. Explore Help
Sign In
ulpeters
/
borg
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki

Container image for creating cron-scheduled backups with borg backup based on Alpine Linux.

Tree: 504924e297
Branches Tags
borg
ZIP TAR.GZ
toastie89 504924e297 initial 5 months ago
build 504924e297 initial 5 months ago
scripts 504924e297 initial 5 months ago
.env.template 504924e297 initial 5 months ago
.gitignore 504924e297 initial 5 months ago
README.md 504924e297 initial 5 months ago
docker-compose.restore.yml 504924e297 initial 5 months ago
docker-compose.yml 504924e297 initial 5 months ago

README.md

Borg Backup

Container image to create cron scheduled backups using borg backup based on Alpine Linux.

Why to use Borg Backup

  • Space efficient storage due to deduplication and compression
  • Quick backup runs including pruning of old backups on disk
  • Encryption allows storing in insecure offsite locations
  • Fuse-mount of backups ease restore
  • For remote backups, you may take a look in restic

Security considerations:

  • This container will run with root priveliges in order to access all data for backup
  • The backup source volume is mounted read-only to avoid alering data by mistake

Prepare for backup restore

Following files MUST be stored along with the backup to enable encryption of backup data

  • .env-file which contains the Passphrase
  • Keyfiles, stored in ./data/.config/borg/keys/

Monitoring

  • Status and statistics are sent to Prometheus using a simple bash script and curl

Build

  • Alpine and borg version are hard-coded in docker compose so we don't mess up backups due to version upgrades
  • Run docker compose build to build the container image from ./build/Dockerfile

Installation & Setup

  • Configuration: cp .env.template .env and adapt .env (parameters are explained in the template file)
  • Init the backup archive: docker exec --rm -it borg bash -c "borg init --encryption repokey-blake2"
  • Start the container: docker-compose up -d

Progam flow

  • /scripts/entry.sh is called during container startup and installs the cronjob defined in .env variable $CRON
  • crond starts /scripts/do-backup.sh which
    • notifies prometheus about the status and stats
    • executes borg backup
    • prunes and compacts old backups in

Backup restore

  1. Stop the backup container: docker compose down
  2. Run an interactive shell: docker compose -f docker-compose.yml -f docker-compose.restore.yml run borg bash
  3. Fuse-mount the backup: borg mount $BORG_REPO <mount_point>
  4. Restore your files
  5. Finally unmount and exit: borg umount <mount_point> && exit.

Failure handling

  • In case Borg fails to create/acquire a lock: borg break-lock /mnt/repository