borg container image feature/review-docker: pipelines and scripts revisions (#1)

Co-authored-by: Márcio Fernandes <marcio.fernandes@outlook.pt> Reviewed-on: #1
2025-09-21 19:23:37 +00:00
parent 9fd2b7dd8b
commit 3180d653d3
10 changed files with 254 additions and 129 deletions
--- a/README.md
+++ b/README.md
@@ -2,46 +2,51 @@

 <https://www.borgbackup.org/>

+- [container image](#container-image)
+  - [environment variables](#environment-variables)
+  - [borg init repo](#borg-init-repo)
+  - [creating a backup](#creating-a-backup)
+  - [using a bash script](#using-a-bash-script)
+- [Using binding volumes](#using-binding-volumes)
+  - [dev](#dev)
+
 ## container image

-## environment variables
+### environment variables

 <https://borgbackup.readthedocs.io/en/stable/usage/general.html#environment-variables>

-``` bash
-docker run git.limbosolutions.com/kb/borg-backup:latest
-```
+### borg init repo

-## repo init
-
-```bash
+```yaml
 services:
   borg-backup:
    image: git.limbosolutions.com/kb/borg-backup:latest
    restart: no
-    tty: true
    environment:
-      - BORG_REPO: ssh://user@server/home/user/borg-repo
-      - BORG_RSH: "-o StrictHostKeyChecking=no -o LogLevel=ERROR"
+      - BORG_REPO=${BORG_REPO}
+      - BORG_RSH=ssh -o StrictHostKeyChecking=no -p 2222
+      - BORG_PASSPHRASE="${BORG_PASSPHRASE}"
+      - MODE=SHELL # Valid modes are: BORG, SCRIPT, SHELL, default is BORG
    configs:
-      - source: id_ed25519 # required for ssh client
-        target: /home/borg/.ssh/id_ed25519     
+
+      - source: id_ed25519
+        target: /root/.ssh/id_ed25519
+        mode: 0400
+
+    command:
+      - |
+        borg init --encryption=keyfile-blake2 $BORG_REPO
+        cat /root/.config/borg/keys/*

 configs:
-  create.sh:
-  content:
-    while true; do
-    sleep 5
-   done
-   # execute for example
-   #borg init --encryption=keyfile-blake2 $BORG_REPO
-   # dont forget to copy key file content on borg folder (/root/.borg/keys/*) and BORG_PASSPHRASE
-   
-```

-### docker compose
+  id_ed25519:
+      file: ~/.ssh/id_ed25519

-Example of simple usage for creating a backup
+  ```
+
+### creating a backup

 ```yaml
 services:
@@ -54,127 +59,145 @@ services:
      - ./home/user:/mnt/user  # Mount local folder to container

    environment:
-      - BORG_REPO=?????
-      - BORG_RSH: "-o StrictHostKeyChecking=no -o LogLevel=ERROR"
-      - BORG_PASSPHRASE=????
+      - BORG_REPO=${BORG_REPO}
+      - BORG_RSH=ssh -o StrictHostKeyChecking=no -p 2222
+      - BORG_PASSPHRASE="${BORG_PASSPHRASE}"

    configs:
      - source: id_ed25519 # required for ssh client
-        target: /home/borg/.ssh/id_ed25519     
+        mode: 0400
+        target: /root/.ssh/id_ed25519     
      - source: borg_key # required for borg client
        target: /app/borg/key
-
+        mode: 0400
        
 configs:

  id_ed25519:
-      content: |
-        -----BEGIN OPENSSH PRIVATE KEY-----
-            **************
-            **************
-        -----END OPENSSH PRIVATE KEY-----
+      file: ~/.ssh/id_ed25519

  borg_key:
-      content: |
-        BORG_KEY ???????
-        ????????????????
-        ????????????????
-    
-
+    content: |
+      ${BORG_KEY}
 ```

-Example using an bash script
+### using a bash script

 ```yaml
 services:
-   borg-backup:
-    restart: no
-    image: git.limbosolutions.com/kb/borg-backup:latest
-    entrypoint: ["bash", "backup.sh"]
+  borg:
+    image: git.limbosolutions.com/kb/borg-backup:alpha
+
+    environment:
+      - BORG_REPO=${BORG_REPO}
+      - BORG_RSH=${BORG_RSH}
+      - OFFSITE_TARGET_FOLDER=${OFFSITE_TARGET_FOLDER}
+      - BORG_PASSPHRASE="${BORG_PASSPHRASE}"
+      - REPO_SYNC_MAX_SIZE=10737418240 #10GB
+      - MODE=SCRIPT
+    volumes:
+        - "/home/mf/repos:/backup/repos"
+
    configs:
      - source: backup_script
-        target: /backup.sh
+        target: /app/backup-scripts/backup
+        mode: 0400
+
      - source: id_ed25519
        target: /root/.ssh/id_ed25519
        mode: 0400
      - source: borg_key
        target: /app/borg/key
-    environment:
-      BORG_REPO: ssh://user@server/path
-      BORG_RSH: "ssh -o StrictHostKeyChecking=no"
-      BORG_PASSPHRASE: *****
-      REPO_SYNC_MAX_SIZE: 10737418240 #10GB
-    
-
-    volumes:
-      - /home/mf/repos:/mnt/repos
-
+        mode: 0400      
 configs:
  backup_script:
    content: |
-      source loadenv
+
+      #!/bin/bash
      set -e
-
-      # while true; do
-      #   sleep 5
-      # done      
-      
      SCRIPT_START_TIME=$$(date +%s)
-      
-      borg create $${BORG_REPO}::repos-$$(date +%Y%m%d%H%M%S) /mnt/backup
-
-      #cleanup
-      borg prune -v --list --keep-daily=10 --keep-weekly=7 --keep-monthly=-1 $${BORG_REPO} --glob-archives='backup*'
-      borg compact $${BORG_REPO} 

+      borg create $${BORG_REPO}::backup-$$(date +%Y%m%d%H%M%S) /backup
+      borg prune -v --list --keep-daily=10 --keep-weekly=7 --keep-monthly=-1 $${BORG_REPO} --glob-archives='backup-*'
+               
      # check repo size
-      REPO_SIZE_IN_BYTES=$$(remote-connect du -b "$$SSH_FOLDER" -d 0  | awk '{print $$1}')
+      REPO_SIZE_IN_BYTES="$$(remote-get-folder-size)"
      echo "Repository size: $$((REPO_SIZE_IN_BYTES / 1024 / 1024)) MB"
-      echo "Repository max size: $$((REPO_SYNC_MAX_SIZE / 1024 / 1024)) MB"
-      if [ $$REPO_SIZE_IN_BYTES -gt $$REPO_SYNC_MAX_SIZE ]; then \
-        echo "ERROR: Repository size exceeds $$REPO_SYNC_MAX_SIZE";
-        exit 1;
-      else 
-        # Repository size is within limits for offsite sync
-        # ssh to backup server and enforce rclone to onedrive
-        remote-connect "rclone sync $$SSH_FOLDER xxxxx:.backups/xxxxxx" && \
-        SCRIPT_DURATION=$$(($(date +%s) - SCRIPT_START_TIME)) && \
-        echo "INFO: Finished Backup (offsite) ($((SCRIPT_DURATION / 60 / 60)):$$((SCRIPT_DURATION / 60)):$$((SCRIPT_DURATION % 60))) "
-      fi

-      #outputs info
-      borg info ${BORG_REPO}
+      if [ $$REPO_SIZE_IN_BYTES -gt $$REPO_SYNC_MAX_SIZE ]; then \
+          echo "ERROR: Repository size exceeds $$REPO_SYNC_MAX_SIZE";
+          exit 1;
+      else 
+          # Repository size is within limits for offsite sync
+          # ssh to backup server and enforce rclone to offsite
+          remote-connect "rclone sync $$SSH_FOLDER $$OFFSITE_TARGET_FOLDER --progress" && \
+          echo "INFO: Backup offsite sync Finished.($$(date -u -d "@$$(($$(date +%s) - SCRIPT_START_TIME))" +%H:%M:%S))"
+      fi
      exit 0

-
  id_ed25519:
-    content: |
-      -----BEGIN OPENSSH PRIVATE KEY-----
-      `*****************************´
-      -----END OPENSSH PRIVATE KEY-----
+    file: ~/.ssh/id_ed25519

  borg_key:
    content: |
-      BORG_KEY ******
-      ***************
+      ${BORG_KEY}
+```
+
+## Using binding volumes
+
+Creates folder ./backup-scripts
+And file ./backup-scripts/backup.
+
+```yaml
+services:
+  borg:
+    image: git.limbosolutions.com/kb/borg-backup:latest
+
+    environment:
+      - BORG_REPO=${BORG_REPO}
+      - BORG_RSH=${BORG_RSH}
+      - BORG_PASSPHRASE="${BORG_PASSPHRASE}"
+      - MODE=SCRIPT
+    volumes:
+        - "./backup-scripts:/app/backup-scripts"
+        - "/home/mf/repos:/backup/repos"
+
+    configs:
+      - source: id_ed25519
+        target: /root/.ssh/id_ed25519
+        mode: 0400
+      - source: borg_key
+        target: /app/borg/key
+        mode: 0400      
+configs:
+   
+  id_ed25519:
+    file: ~/.ssh/id_ed25519
+
+  borg_key:
+    content: |
+      ${BORG_KEY}
+
 ```

 ### dev

+For development environment and testing this docker compose files.
+
 ``` bash
+BUILD=""
+
+# uncomment do force build
+BUILD="--build"
+
+if [ ! -f ./docker-compose.dev.local.yaml ]; then
+  touch ./docker-compose.dev.local.yaml
+EOF
+fi
+
 docker compose \
 --project-name borg-backup-dev \
 -f docker-compose.dev.yaml \
 -f docker-compose.dev.local.yaml \
-up 
-```
-
-Force Build:
-
-``` bash
-docker compose \
--project-name borg-backup-dev \
-f docker-compose.dev.yaml \
-f docker-compose.dev.local.yaml \
-up --build
+up $BUILD
 ```