djmaze/resticker djmaze/resticker

  • Stars
    star
    442
  • Rank 98,053 (Top 2 %)
  • Language
    Shell
  • License
    Apache License 2.0
  • Created almost 7 years ago
  • Updated 6 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
djmaze/resticker
github

djmaze

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Run automatic restic backups via a Docker container.

Resticker

Docker Pulls Build status

Run automatic restic backups via a Docker container.

Features

  • run scheduled backups
  • backup to any (local or remote) target supported by restic
  • support for tags, exclude definitions, and all other optional restic options
  • automatic forgetting of old backups
  • prune backups on a schedule
  • remove a stale repository lock
  • can be used as a (global) Docker swarm service in order to backup every cluster node
  • multi-arch: the image mazzolino/restic runs on amd64 as well as armv7 (for now)

Usage

Use the supplied example configs to set up a backup schedule.

The Compose files contain a backup and a prune service which can be scheduled independently of each other. Feel free to remove the prune service if you want to run the prune jobs manually.

With Docker Compose

Adjust the supplied docker-compose.yml as needed. Then run:

docker-compose up -d

With Docker Swarm mode

Adjust the supplied docker-swarm.yml as needed. Then deploy it as a stack:

docker stack deploy -f docker-swarm.yml backup

Versioning scheme

This project uses semantic versioning. The docker images (under mazzolino/restic) are tagged accordingly:

  • latest - built from the latest master commit
  • 1.6.0 - one tag for each patch release
  • 1.6, 1 - points to the latest patch release below that minor / major version (in this case 1.6.0)

It is recommended to pin to the latest patch version (e.g. 1.6.0) and update the version manually (or using an automated process like Renovate).

Look at the CHANGELOG or Github releases to find the latest version.

Also, an image will be generated for each pull request. The tags are labeled pr-xxx where xxx is the id of the pull request.

Restoring

In order to restore files on a host where the container is already running via Docker Compose, you can use exec:

# Find the latest snapshot for the current host (note the ID)
docker-compose exec app restic snapshots -H <HOSTNAME>
# Restore the given file on the host
docker-compose exec app restic restore --include /path/to/file <ID>

When using Swarm mode, you need to manually SSH into the host and run docker exec -it .. accordingly.

Advanced usage

You can use the same config to run any restic command with the given configuration.

When using the Docker Compose setup:

docker-compose run --rm app <RESTIC ARGS>

E.g.

docker-compose run --rm app snapshots

When given the unlock command, the repository check will be skipped (because it will fail on a locked repository either way).

Configuration options

Note: BACKUP_CRON, PRUNE_CRON and CHECK_CRON are mutually exclusive.

  • BACKUP_CRON - A cron expression for when to run the backup. E.g. 0 30 3 * * * in order to run every night at 3:30 am. See the go-cron documentation for details on the expression format (a customized go-cron is used which allows the definition of seconds as first parameter).
  • PRUNE_CRON - A cron expression for when to run the prune job. E.g. 0 0 4 * * * in order to run every night at 4:00 am. See the go-cron documentation for details on the expression format (a customized go-cron is used which allows the definition of seconds as first parameter).
  • CHECK_CRON - A cron expression for when to run the check job. E.g. 0 15 5 * * * in order to run every night at 5:15 am. See the go-cron documentation for details on the expression format (a customized go-cron is used which allows the definition of seconds as first parameter).
  • RUN_ON_STARTUP - Set to "true" to execute a backup or prune job right on startup, in addition to the given cron expression. Disabled by default
  • RESTIC_REPOSITORY - Location of the restic repository. You can use any target supported by restic. Default /mnt/restic
  • RESTIC_BACKUP_SOURCES - Source directory to backup. Make sure to mount this into the container as a volume (see the example configs). Default /data
  • RESTIC_PASSWORD - Password for the restic repository. Will also be used to initialize the repository if it is not yet initialized
  • RESTIC_BACKUP_ARGS - If specified restic backup is run with the given arguments, e.g. for tags, exclude definitions, or verbose logging: --tag docker-volumes --exclude-file 'exclude.txt' --verbose. Make sure not to use the = form of assignment, but use spaces between parameter and value. See the restic backup documentation for available options
  • RESTIC_BACKUP_TAGS - Deprecated. Tags to set for each snapshot, separated by commas. This option will soon be removed. Please use RESTIC_BACKUP_ARGS to define tags.
  • RESTIC_FORGET_ARGS - If specified restic forget is run with the given arguments after each backup or before every prune, e.g. --prune --keep-last 14 --keep-daily 1. See the restic forget documentation for available options
  • RESTIC_PRUNE_ARGS - If specified restic prune is run with the given arguments, e.g. for B2 concurrent connection settings and verbose logging: -o b2.connections=10 --verbose.
  • RESTIC_CHECK_ARGS - If specified restic check is run with the given arguments, e.g. --read-data-subset=10% to check a randomly choosen subset (10%) of the repository pack files. Without option, only the structure of the repository is checked. The option --read-data-subset will also check data, at the cost of transfering them from the repository.; e.g. for B2 concurrent connection settings and verbose logging: -o b2.connections=10 --verbose.
  • (Additional variables as needed for the chosen backup target. E.g. B2_ACCOUNT_ID and B2_ACCOUNT_KEY for Backblaze B2. See official restic documentation about supported environment variables.)
  • TZ - Optional. Set your timezone for the correct cron execution time.

Using the rclone repository type

In order to use the rclone repository type, you need to prepare an rclone.conf file and mount it inside the container at /run/secrets/rclone.conf.

So when in swarm mode, you can just use rclone.conf as a Docker secret.

Example for Docker Compose:

services:
  backup:
    # ...
    volumes:
      - ./rclone.conf:/run/secrets/rclone.conf:ro

Example for Docker swarm mode:

services:
  backup:
    # ...
    secrets:
      - rclone.conf

secrets:
  rclone.conf:
    file: ./rclone.conf

Note for backends with token-based access

If you are using rclone backends which make use of oauth refresh tokens (B2, OneDrive, Google) the rclone.conf needs to be writable inside the container. That means you need to directly mount a directory (r/w) which contains the config file to the final config directory inside the container.

Example for Docker Compose:

services:
  backup:
    # ...
    volumes:
      - ./rclone:/root/.config/rclone

Where ./rclone should be a local directory which contains your rclone.conf.

Using sftp repository type

In order to use the sftp repository type, you need to prepare a .ssh directory with your private ssh key(s), known_hosts (and an optional config file) and mount it inside the container at /run/secrets/.ssh.

Example for Docker Compose:

services:
  backup:
    # ...
    volumes:
      - ./.ssh:/run/secrets/.ssh:ro

Using restic mount

If you want to mount your backup repository inside the container using restic mount, you need to give the container SYS_ADMIN privilege and allow the fuse device.

Example for Docker Compose:

services:
  backup:
    # ...
    cap_add:
      - SYS_ADMIN
    devices:
      - /dev/fuse

Also the fuse kernel module should be loaded (modprobe fuse).

Execute commands prior to backup

It's possible to optionally execute commands (like database dumps, or stopping a running container to avoid inconsistent backup data) before the actual backup starts. If you want to execute docker commands on the host, mount the Docker socket to the container. To do that add the following volume to the compose or swarm configuration:

- /var/run/docker.sock:/var/run/docker.sock

You can add one or multiple commands by specifying the following environment variable:

PRE_COMMANDS: |-
            docker exec nextcloud-postgres pg_dumpall -U nextcloud -f /data/nextcloud.sql
            docker exec other-postgres pg_dumpall -U other -f /data/other.sql
            docker stop my_container

The commands specified in PRE_COMMANDS are executed one by one.

Execute commands after backup

It's possible to optionally execute commands (like restarting a temporarily stopped container, send a mail...) once the actual backup has finished. Like for pre-backup commands, if you want to execute docker commands on the host, mount the Docker socket to the container.

You can add one or multiple commands by specifying the following environment variables:

POST_COMMANDS_SUCCESS: |-
	/my/scripts/mail-success.sh

POST_COMMANDS_FAILURE: |-
	/my/scripts/mail-failure.sh

POST_COMMANDS_INCOMPLETE: |-
	/my/scripts/mail-incomplete.sh

POST_COMMANDS_EXIT: |-
	docker start my_container

The commands specified are executed one by one.

  • POST_COMMANDS_SUCCESS commands will be executed after a fully successful backup run (i.e. all files could be read).
  • POST_COMMANDS_FAILURE commands will be executed after a failed backup run.
  • POST_COMMANDS_INCOMPLETE commands will be executed if the backup is incomplete (i.e. one or more files could not be read).
  • POST_COMMANDS_EXIT will always be executed, after both successful or failed backup runs.

By default, when any file could not be backed up, the commands from POST_COMMANDS_FAILURE will be executed. When SUCCESS_ON_INCOMPLETE_BACKUP is set to "true", the commands from POST_COMMANDS_INCOMPLETE will be executed instead. Unless those are not configured – then the commands from POST_COMMANDS_SUCCESS will be executed.

Notification example

The Resticker docker image does not contain any tools for sending notifications, apart from curl. You should thus connect a second container for that purpose. For example, this is how mail notifications can be sent using apprise-microservice:

services:
  app:
    image: mazzolino/restic:1.1
    environment:
      # ...
      POST_COMMANDS_FAILURE: |-
        curl -X POST --data "{\"title\": \"Backup failed\", \"body\": \"\"}" http://notify:5000
    networks:
      - notification

  notify:
    image: mazzolino/apprise-microservice:0.1
    environment:
      NOTIFICATION_URLS: mailto://...
    networks:
      - notification

networks:
  notification:

Build instructions

Use the supplied Makefile in order to build your own image:

make image IMAGE=myuser/restic

You can also push images and build on a different architecture:

make image IMAGE=myuser/restic ARCH=arm

For more targets, see the Makefile.

Testing

There are automated tests for the scripts running in the container. You need to install shellspec to run them.

The test suite can be executed by running the following in the resticker source directory:

shellspec

This will build the image, create a container and run the tests inside the container.

Credits

restic-backup-docker was used as a starting point. Thanks!

More Repositories

1

tiddlywiki-docker

Run TIddlyWiki 5 via Docker
Shell
109
star
2

armhf-ubuntu-docker

Ubuntu-Core images for armhf (ARMv7+) devices
Shell
59
star
3

librespot-snapserver

Snapcast server with Spotify support as a Docker container
Shell
59
star
4

mailinabox-docker

Mailserver using Docker Compose (Mail-in-a-Box port)
Shell
35
star
5

apprise-microservice

A small JSON API server for delivering notifications using Apprise
Python
29
star
6

docker-prosody

Prosody XMPP server with full-featured and secure setup, running in a docker container
Lua
24
star
7

swarm-tcp-proxy

TCP load balancer service for other swarm services
Shell
17
star
8

docker-caching-proxy

Caching proxy docker image
Shell
16
star
9

synapse-purge

Purge old room events from synapse, a homeserver for the Matrix network
Ruby
12
star
10

swarmdns

DNS service for Docker swarm mode which always returns the IP(s) of all active swarm nodes
Go
12
star
11

nina-matrix-bot

Matrix-Bot, mit dem man Warnmeldungen aus der NINA-API des Bundes abonnieren kann
TypeScript
8
star
12

docker-appimage-recipe-builder

Build AppImage recipes using Docker
Makefile
7
star
13

graylog-docker

Running Graylog 2 with Docker Compose
Shell
6
star
14

dobs-volume-plugin

Docker volume driver for Digital Ocean block storage
Go
6
star
15

s3-auth-proxy

Reverse proxy for S3-compatible services which allows to restrict access to selected buckets
JavaScript
4
star
16

dind-image-with-armhf

Docker in docker image with up-to-date armhf support
4
star
17

swm

The missing tooling for a great Docker swarm experience
Crystal
4
star
18

docker-volume-ceph-rbd

Ceph RBD Docker volume plugin
Go
4
star
19

rails-dev-env-with-docker-and-compose

Scripts for using a Rails development environment with Docker and Docker Compose
Shell
4
star
20

coreos-ubuntu-toolbox

CoreOS toolbox image based on Ubuntu
3
star
21

docker-gluster-cluster

Ansible playbocks for a Docker cluster with GlusterFS volumes
3
star
22

docker-qemu-arm-static

Docker image for generating qemu-arm-static
3
star
23

docker-custom-tor-alpine

Small, customizable docker image with Tor on Alpine Linux
Dockerfile
2
star
24

mxbridge

Matrix-XMPP-Bridge as a bot
Elixir
2
star
25

docker-element-web

Docker image for riot-web
Dockerfile
2
star
26

docker-compose-in-docker

Docker image which runs Docker Compose
Dockerfile
2
star
27

docker-snapcast-client

Snapcast client as a Docker container
Dockerfile
2
star
28

arid_cache

Fork of arid_cache which defines caching methods once on a class instead of per object, thus preventing "singleton can't be dumped" from memcached!
Ruby
2
star
29

dockerfiles

Useful Docker build scripts
Shell
1
star
30

gluster-on-docker

Containerized Gluster cluster using Docker
Shell
1
star
31

swm-sh

The missing tooling for a great Docker swarm experience (bash version)
Shell
1
star
32

docker-truffleruby

Docker image for TruffleRuby
1
star
33

swex

Export Docker swarm stacks from running cluster to compose files
Go
1
star
34

docker-patchwork

Docker image for ssb-patchwork
Shell
1
star
35

Heartbleed-docker

Docker encapsulation for the Heartbleed OpenSSL vulnerability checker
Shell
1
star
36

armhf-forego

forego built for armhf devices
1
star
37

docker-xu4-linux-kernel-4.2

Docker image for building a 4.2 Linux kernel for the ODROID-XU4
Shell
1
star
38

pacifier

Get your Github notifications done!
CoffeeScript
1
star
39

power-bot

A custom chat bot built on the Hubot framework
CoffeeScript
1
star
40

guacamole

WIP: An ODM for ArangoDB in Ruby
Ruby
1
star
41

twister-core-windows-docker

Twister core build for Windows using Docker
Shell
1
star
42

docker-plugin-volume-mounter

Automatically mount docker plugin mounts under a central path
Go
1
star
43

do-api-proxy

Proxies DigitalOcean API calls restricting the allowed resources using a custom API token
Go
1
star