From 886cbb292ffc894644f3a3dc8fddac7cb99e3cee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A1rcio=20Fernandes?= Date: Sun, 21 Sep 2025 15:51:47 +0100 Subject: [PATCH 01/10] refactored container image and gitea workflows --- .../workflows/ docker-image.deploy.beta.yml | 33 +++++++ ...ploy.yml => docker-image.deploy.prod.yml} | 1 + .gitignore | 1 + README.md | 96 +++++++++++-------- docker-compose.dev.yaml | 33 ++++--- docker/Dockerfile | 39 ++++++-- docker/app/README.md | 9 ++ docker/app/scripts/entrypoint.sh | 33 +++++++ docker/app/scripts/loadenv | 3 +- 9 files changed, 185 insertions(+), 63 deletions(-) create mode 100644 .gitea/workflows/ docker-image.deploy.beta.yml rename .gitea/workflows/{ docker-image.deploy.yml => docker-image.deploy.prod.yml} (97%) create mode 100644 docker/app/README.md create mode 100755 docker/app/scripts/entrypoint.sh diff --git a/.gitea/workflows/ docker-image.deploy.beta.yml b/.gitea/workflows/ docker-image.deploy.beta.yml new file mode 100644 index 0000000..7ca4b8c --- /dev/null +++ b/.gitea/workflows/ docker-image.deploy.beta.yml @@ -0,0 +1,33 @@ +on: + push: + branches: [ feature/* ] + paths: + - "docker/**" + - ".gitea/**" + schedule: + - cron: "0 02 * * *" +jobs: + + build-docker-image: + runs-on: ubuntu-latest + + steps: + + - name: Checkout code + uses: actions/checkout@v2 + + - name: Log in to git.limbosolutions.com docker registry + uses: docker/login-action@v3 + with: + registry: git.limbosolutions.com + username: ${{ secrets.GITLIMBO_DOCKER_REGISTRY_USERNAME }} + password: ${{ secrets.GITLIMBO_DOCKER_REGISTRY_PASSWORD }} + + - name: Build and push Docker images + id: push + uses: docker/build-push-action@v6 + with: + context: . + file: ${{gitea.workspace}}/docker/Dockerfile + push: true + tags: git.limbosolutions.com/kb/borg-backup:alpha \ No newline at end of file diff --git a/.gitea/workflows/ docker-image.deploy.yml b/.gitea/workflows/ docker-image.deploy.prod.yml similarity index 97% rename from .gitea/workflows/ docker-image.deploy.yml rename to .gitea/workflows/ docker-image.deploy.prod.yml index 3d421aa..3ccebba 100644 --- a/.gitea/workflows/ docker-image.deploy.yml +++ b/.gitea/workflows/ docker-image.deploy.prod.yml @@ -1,5 +1,6 @@ on: push: + branches: [ main ] paths: - "docker/**" - ".gitea/**" diff --git a/.gitignore b/.gitignore index 621cb7b..4afd74e 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ **.local.** +.env diff --git a/README.md b/README.md index 406ff97..cd99dbb 100644 --- a/README.md +++ b/README.md @@ -2,17 +2,20 @@ +- [container image](#container-image) + - [environment variables](#environment-variables) + - [borg repo init](#borg-repo-init) + - [creating a backup](#creating-a-backup) + - [using a bash script](#using-a-bash-script) + - [dev](#dev) + ## container image -## environment variables +### environment variables -``` bash -docker run git.limbosolutions.com/kb/borg-backup:latest -``` - -## repo init +### borg repo init ```bash services: @@ -20,28 +23,39 @@ services: image: git.limbosolutions.com/kb/borg-backup:latest restart: no tty: true + entrypoint: [ "bash", "-c", "loadenv && /init-repo"] environment: - BORG_REPO: ssh://user@server/home/user/borg-repo - BORG_RSH: "-o StrictHostKeyChecking=no -o LogLevel=ERROR" configs: - source: id_ed25519 # required for ssh client target: /home/borg/.ssh/id_ed25519 + - source: borg_init_repo_sh + target: /init-repo configs: - create.sh: - content: - while true; do - sleep 5 - done - # execute for example - #borg init --encryption=keyfile-blake2 $BORG_REPO - # dont forget to copy key file content on borg folder (/root/.borg/keys/*) and BORG_PASSPHRASE - + borg_init_repo_sh: + # Example, execute + # borg init --encryption=keyfile-blake2 $BORG_REPO + # don't forget to copy key file content on borg folder (/root/.borg/keys/*) and BORG_PASSPHRASE used during initialization + content: + while true; do + sleep 5 + done + + id_ed25519: + content: | + -----BEGIN OPENSSH PRIVATE KEY----- + ************** + ************** + -----END OPENSSH PRIVATE KEY----- + ``` + +``` bash +docker run git.limbosolutions.com/kb/borg-backup:latest ``` -### docker compose - -Example of simple usage for creating a backup +### creating a backup ```yaml services: @@ -54,16 +68,17 @@ services: - ./home/user:/mnt/user # Mount local folder to container environment: - - BORG_REPO=????? + - BORG_REPO: "?????" - BORG_RSH: "-o StrictHostKeyChecking=no -o LogLevel=ERROR" - - BORG_PASSPHRASE=???? + - BORG_PASSPHRASE: "????" configs: - source: id_ed25519 # required for ssh client - target: /home/borg/.ssh/id_ed25519 + mode: 0400 + target: /root/.ssh/id_ed25519 - source: borg_key # required for borg client target: /app/borg/key - + mode: 0400 configs: @@ -79,26 +94,27 @@ configs: BORG_KEY ??????? ???????????????? ???????????????? - - ``` -Example using an bash script +### using a bash script ```yaml services: borg-backup: restart: no image: git.limbosolutions.com/kb/borg-backup:latest - entrypoint: ["bash", "backup.sh"] + # execute loadenv before you re scripts + # so some enviromnent variables are set + entrypoint: ["bash", "loadenv & /backup"] configs: - source: backup_script - target: /backup.sh + target: /backup - source: id_ed25519 target: /root/.ssh/id_ed25519 mode: 0400 - source: borg_key target: /app/borg/key + mode: 0400 environment: BORG_REPO: ssh://user@server/path BORG_RSH: "ssh -o StrictHostKeyChecking=no" @@ -107,12 +123,15 @@ services: volumes: - - /home/mf/repos:/mnt/repos + - /home/user/repos:/mnt/repos configs: + # $$ instead of $ so it replaced during runtime and not on docker compose up + backup_script: content: | - source loadenv + + #/!bin/bash set -e # while true; do @@ -161,20 +180,17 @@ configs: ### dev +For development environment and testing this docker compose files. + ``` bash +BUILD="" + +# uncomment do force build +#BUILD="--build" + docker compose \ --project-name borg-backup-dev \ -f docker-compose.dev.yaml \ -f docker-compose.dev.local.yaml \ -up -``` - -Force Build: - -``` bash -docker compose \ ---project-name borg-backup-dev \ --f docker-compose.dev.yaml \ --f docker-compose.dev.local.yaml \ -up --build +up $BUILD ``` diff --git a/docker-compose.dev.yaml b/docker-compose.dev.yaml index e874d4a..5ea78ea 100644 --- a/docker-compose.dev.yaml +++ b/docker-compose.dev.yaml @@ -2,34 +2,41 @@ services: borg: tty: true stdin_open: true - # entrypoint: ["bash"] + build: dockerfile: docker/Dockerfile context: . - environment: - - BORG_REPO=??????? - - BORG_RSH="ssh -o StrictHostKeyChecking=no" - - BORG_PASSPHRASE=???? + environment: + - BORG_REPO="${BORG_REPO}" + - BORG_RSH="${BORG_REPO}" + - BORG_PASSPHRASE="${BORG_PASSPHRASE}" + - MODE=SCRIPT # Valid modes are: BORG, SCRIPT, SHELL, default is BORG + command: "${CONTAINER_COMMAND:-list}" configs: + # - source: backup_script + # target: /app/backup-scripts/run - source: id_ed25519 target: /root/.ssh/id_ed25519 + mode: 0400 - source: borg_key target: /app/borg/key - + mode: 0400 volumes: - ./docker/app/scripts:/app/scripts + - ./docker/dev-backup-scripts:/app/backup-scripts configs: + + # backup_script: + # content: | + # #!bin/bash + # echo "hello work!!!! (please override me)" + id_ed25519: content: | - -----BEGIN OPENSSH PRIVATE KEY----- - ??????? - ??????? - -----END OPENSSH PRIVATE KEY----- + ${ID_ED25519} borg_key: content: | - BORG_KEY ??????? - ???????????????? - ???????????????? \ No newline at end of file + ${BORG_KEY} \ No newline at end of file diff --git a/docker/Dockerfile b/docker/Dockerfile index 0478bd9..593eb11 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,25 +1,48 @@ FROM alpine:latest -# Install BorgBackup and OpenSSH client +# Installs +# - BorgBackup +# - OpenSSH client +RUN echo "Installing packages." RUN apk update && apk add --no-cache \ borgbackup \ openssh \ bash \ tzdata +RUN echo "Copying app." COPY ./docker/app /app -RUN chmod +x /app/scripts -R + + + +# having some problems if app/scripts files not set with executable permissions +# this is not working, so please confirm files are executable on host building docker file +# setting app owner. +# RUN chown -R root:root /app +#RUN echo "Setting app permissions" +#RUN chown -R root:root /app/scripts && find /app/scripts -type f -exec chmod +x {} \; +# use this entrypoint to verify final permissions on container +#ENTRYPOINT ["ls", "-lah", "/app/scripts"] + + +RUN echo "creating symbolic links to app/scripts." RUN ln -s /app/scripts/loadenv /usr/local/bin/loadenv RUN ln -s /app/scripts/remote-connect /usr/local/bin/remote-connect -RUN ln -s /app/scripts/remote-connect /usr/local/bin/remote-get-folder-size +RUN ln -s /app/scriptsremote-get-folder-size /usr/local/bin/remote-get-folder-size -#RUN addgroup -g 1001 -S borg && adduser -u 1001 -S borg -G borg -#USER borg -#WORKDIR /app +RUN echo "creating .ssh folder." +RUN mkdir /root/.ssh +RUN echo "setting .ssh folder permissions." +RUN chmod 700 /root/.ssh + +# for files inside correct permission is chmod 600 /root/.ssh/key + +RUN echo "Setting loadenv to bashrc and bash_profile" RUN echo "source /usr/local/bin/loadenv" > /root/.bash_profile RUN echo "source /usr/local/bin/loadenv" > /root/.bashrc -ENTRYPOINT ["bash" , "-c", "borg $0"] +RUN echo "setting entrypoint." +ENTRYPOINT ["/app/scripts/entrypoint.sh"] -CMD ["--help"] \ No newline at end of file +#CMD ["--help"] \ No newline at end of file diff --git a/docker/app/README.md b/docker/app/README.md new file mode 100644 index 0000000..ade21f2 --- /dev/null +++ b/docker/app/README.md @@ -0,0 +1,9 @@ +# borg backup helper + +for mode SCRIPT, file /app/backup-scripts/backup must be created. + +- Docker Compose Configs Sections (check repo readme file for more information); +- binding mounts (Ex: ./backup-scripts:/app/backup-scripts); +- kubernetes secrets, configSections or even volumes; + +The file backup will be automatically executed if exists. diff --git a/docker/app/scripts/entrypoint.sh b/docker/app/scripts/entrypoint.sh new file mode 100755 index 0000000..7d7c2b7 --- /dev/null +++ b/docker/app/scripts/entrypoint.sh @@ -0,0 +1,33 @@ +#!/bin/bash + +source /app/scripts/loadenv + + +case "$MODE" in + + BORG) + echo "executing borg cli" + borg "${@:1}" # Forward all arguments except $0 to another CLI so first argument (the name of this scripts don't passthrough)" + ;; + + SCRIPT) + # check if file exists + if [ ! -f /app/backup-scripts/backup ]; then + cat /app/README.md + exit 1 + fi + echo "Executing: backup script with arguments: "\${@:1\"." + cd /app/backup-scripts && bash backup "${@:1}" + ;; + + SHELL) + echo "Executing: bash -c \"${@:1}\"." + bash -c "${@:1}" + ;; + + *) + echo "Unknown mode: $MODE." + echo "Valid modes are: BORG, SCRIPT, SHELL" + exit 1 + ;; +esac \ No newline at end of file diff --git a/docker/app/scripts/loadenv b/docker/app/scripts/loadenv index c28b179..19b3497 100755 --- a/docker/app/scripts/loadenv +++ b/docker/app/scripts/loadenv @@ -25,8 +25,7 @@ fi export SSH_COMMAND="$SSH_COMMAND $SSH_CONNECTION" - - + : "${MODE:=BORG}" # Set default if MODE is unset to borg cli -- 2.49.1 From 94b800d819b212c37576b88bdd5c4d10221a48cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A1rcio=20Fernandes?= Date: Sun, 21 Sep 2025 16:15:15 +0100 Subject: [PATCH 02/10] . --- docker-compose.dev.yaml | 4 ++-- docker/app/scripts/entrypoint.sh | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docker-compose.dev.yaml b/docker-compose.dev.yaml index 5ea78ea..43d4a71 100644 --- a/docker-compose.dev.yaml +++ b/docker-compose.dev.yaml @@ -11,8 +11,8 @@ services: - BORG_REPO="${BORG_REPO}" - BORG_RSH="${BORG_REPO}" - BORG_PASSPHRASE="${BORG_PASSPHRASE}" - - MODE=SCRIPT # Valid modes are: BORG, SCRIPT, SHELL, default is BORG - command: "${CONTAINER_COMMAND:-list}" + - MODE=SHELL # Valid modes are: BORG, SCRIPT, SHELL, default is BORG + command: "ls -lah" configs: # - source: backup_script # target: /app/backup-scripts/run diff --git a/docker/app/scripts/entrypoint.sh b/docker/app/scripts/entrypoint.sh index 7d7c2b7..a9c2b1b 100755 --- a/docker/app/scripts/entrypoint.sh +++ b/docker/app/scripts/entrypoint.sh @@ -17,7 +17,7 @@ case "$MODE" in exit 1 fi echo "Executing: backup script with arguments: "\${@:1\"." - cd /app/backup-scripts && bash backup "${@:1}" + cd /app/backup-scripts && bash backup \"${@:1}" ;; SHELL) -- 2.49.1 From 4a2e5ba4dc351c8521fde41e392feef5e155e640 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A1rcio=20Fernandes?= Date: Sun, 21 Sep 2025 16:20:04 +0100 Subject: [PATCH 03/10] . --- docker/app/scripts/entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/app/scripts/entrypoint.sh b/docker/app/scripts/entrypoint.sh index a9c2b1b..7ba536c 100755 --- a/docker/app/scripts/entrypoint.sh +++ b/docker/app/scripts/entrypoint.sh @@ -21,7 +21,7 @@ case "$MODE" in ;; SHELL) - echo "Executing: bash -c \"${@:1}\"." + echo "Executing: bash script." bash -c "${@:1}" ;; -- 2.49.1 From c965abb70289aeeffae72aeb0c2b93c3c1c30a6c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A1rcio=20Fernandes?= Date: Sun, 21 Sep 2025 17:02:35 +0100 Subject: [PATCH 04/10] . --- .gitignore | 2 ++ README.md | 5 +++++ docker-compose.dev.yaml | 4 ++-- docker/app/scripts/entrypoint.sh | 4 ++-- 4 files changed, 11 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 4afd74e..935f06a 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,4 @@ **.local.** +local/** .env + diff --git a/README.md b/README.md index cd99dbb..d2e8c15 100644 --- a/README.md +++ b/README.md @@ -188,6 +188,11 @@ BUILD="" # uncomment do force build #BUILD="--build" +if [ ! -f ./docker-compose.dev.local.yaml ]; then + touch ./docker-compose.dev.local.yaml +EOF +fi + docker compose \ --project-name borg-backup-dev \ -f docker-compose.dev.yaml \ diff --git a/docker-compose.dev.yaml b/docker-compose.dev.yaml index 43d4a71..1c5e1dd 100644 --- a/docker-compose.dev.yaml +++ b/docker-compose.dev.yaml @@ -11,8 +11,8 @@ services: - BORG_REPO="${BORG_REPO}" - BORG_RSH="${BORG_REPO}" - BORG_PASSPHRASE="${BORG_PASSPHRASE}" - - MODE=SHELL # Valid modes are: BORG, SCRIPT, SHELL, default is BORG - command: "ls -lah" + - MODE=SCRIPT # Valid modes are: BORG, SCRIPT, SHELL, default is BORG + #command: "ls -lah" configs: # - source: backup_script # target: /app/backup-scripts/run diff --git a/docker/app/scripts/entrypoint.sh b/docker/app/scripts/entrypoint.sh index 7ba536c..3813f43 100755 --- a/docker/app/scripts/entrypoint.sh +++ b/docker/app/scripts/entrypoint.sh @@ -16,8 +16,8 @@ case "$MODE" in cat /app/README.md exit 1 fi - echo "Executing: backup script with arguments: "\${@:1\"." - cd /app/backup-scripts && bash backup \"${@:1}" + echo "Executing: backup script with arguments: ${@:1} " + cd /app/backup-scripts && bash backup "${@:1}" ;; SHELL) -- 2.49.1 From 86bc19b15b88d523c211be896aa8ba374798ec35 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A1rcio=20Fernandes?= Date: Sun, 21 Sep 2025 18:44:23 +0100 Subject: [PATCH 05/10] . --- README.md | 12 ++++-------- docker-compose.dev.yaml | 17 +++++------------ docker/app/scripts/entrypoint.sh | 3 +++ 3 files changed, 12 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md index d2e8c15..5d77991 100644 --- a/README.md +++ b/README.md @@ -23,13 +23,13 @@ services: image: git.limbosolutions.com/kb/borg-backup:latest restart: no tty: true - entrypoint: [ "bash", "-c", "loadenv && /init-repo"] + environment: - BORG_REPO: ssh://user@server/home/user/borg-repo - BORG_RSH: "-o StrictHostKeyChecking=no -o LogLevel=ERROR" configs: - source: id_ed25519 # required for ssh client - target: /home/borg/.ssh/id_ed25519 + target: /root/.ssh/id_ed25519 - source: borg_init_repo_sh target: /init-repo @@ -51,10 +51,6 @@ configs: -----END OPENSSH PRIVATE KEY----- ``` -``` bash -docker run git.limbosolutions.com/kb/borg-backup:latest -``` - ### creating a backup ```yaml @@ -105,7 +101,7 @@ services: image: git.limbosolutions.com/kb/borg-backup:latest # execute loadenv before you re scripts # so some enviromnent variables are set - entrypoint: ["bash", "loadenv & /backup"] + configs: - source: backup_script target: /backup @@ -120,7 +116,7 @@ services: BORG_RSH: "ssh -o StrictHostKeyChecking=no" BORG_PASSPHRASE: ***** REPO_SYNC_MAX_SIZE: 10737418240 #10GB - + MODE: volumes: - /home/user/repos:/mnt/repos diff --git a/docker-compose.dev.yaml b/docker-compose.dev.yaml index 1c5e1dd..1e60d2d 100644 --- a/docker-compose.dev.yaml +++ b/docker-compose.dev.yaml @@ -1,5 +1,5 @@ services: - borg: + borg-dev: tty: true stdin_open: true @@ -9,13 +9,11 @@ services: environment: - BORG_REPO="${BORG_REPO}" - - BORG_RSH="${BORG_REPO}" + - BORG_RSH="${BORG_RSH}" - BORG_PASSPHRASE="${BORG_PASSPHRASE}" - MODE=SCRIPT # Valid modes are: BORG, SCRIPT, SHELL, default is BORG - #command: "ls -lah" configs: - # - source: backup_script - # target: /app/backup-scripts/run + - source: id_ed25519 target: /root/.ssh/id_ed25519 mode: 0400 @@ -27,15 +25,10 @@ services: - ./docker/dev-backup-scripts:/app/backup-scripts configs: - # backup_script: - # content: | - # #!bin/bash - # echo "hello work!!!! (please override me)" - + id_ed25519: - content: | - ${ID_ED25519} + file: ~/.ssh/id_ed25519 borg_key: content: | diff --git a/docker/app/scripts/entrypoint.sh b/docker/app/scripts/entrypoint.sh index 3813f43..a831bb4 100755 --- a/docker/app/scripts/entrypoint.sh +++ b/docker/app/scripts/entrypoint.sh @@ -2,6 +2,9 @@ source /app/scripts/loadenv +#fix if its an string instead of an array +IFS=' ' read -r -a rsh_parts <<< "$BORG_RSH" +export BORG_RSH="${rsh_parts[@]}" case "$MODE" in -- 2.49.1 From 9fcd107db82950fdc86ef235b9ba9c63ad0fc0af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A1rcio=20Fernandes?= Date: Sun, 21 Sep 2025 19:12:35 +0100 Subject: [PATCH 06/10] . --- README.md | 42 ++++++++++++++++++----------------------- docker-compose.dev.yaml | 4 ++-- 2 files changed, 20 insertions(+), 26 deletions(-) diff --git a/README.md b/README.md index 5d77991..5938933 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ - [container image](#container-image) - [environment variables](#environment-variables) - - [borg repo init](#borg-repo-init) + - [borg init repo](#borg-init-repo) - [creating a backup](#creating-a-backup) - [using a bash script](#using-a-bash-script) - [dev](#dev) @@ -15,40 +15,34 @@ -### borg repo init +### borg init repo ```bash services: borg-backup: image: git.limbosolutions.com/kb/borg-backup:latest restart: no - tty: true - environment: - - BORG_REPO: ssh://user@server/home/user/borg-repo - - BORG_RSH: "-o StrictHostKeyChecking=no -o LogLevel=ERROR" + - BORG_REPO=${BORG_REPO} + - BORG_RSH=${BORG_RSH} + - BORG_PASSPHRASE="${BORG_PASSPHRASE}" + - MODE=SCRIPT # Valid modes are: BORG, SCRIPT, SHELL, default is BORG configs: - - source: id_ed25519 # required for ssh client - target: /root/.ssh/id_ed25519 - - source: borg_init_repo_sh - target: /init-repo + + - source: id_ed25519 + target: /root/.ssh/id_ed25519 + mode: 0400 + + command: + - | + borg init --encryption=keyfile-blake2 $BORG_REPO + cat /root/.config/borg/keys/* configs: - borg_init_repo_sh: - # Example, execute - # borg init --encryption=keyfile-blake2 $BORG_REPO - # don't forget to copy key file content on borg folder (/root/.borg/keys/*) and BORG_PASSPHRASE used during initialization - content: - while true; do - sleep 5 - done id_ed25519: - content: | - -----BEGIN OPENSSH PRIVATE KEY----- - ************** - ************** - -----END OPENSSH PRIVATE KEY----- + file: ~/.ssh/id_ed25519 + ``` ### creating a backup @@ -182,7 +176,7 @@ For development environment and testing this docker compose files. BUILD="" # uncomment do force build -#BUILD="--build" +BUILD="--build" if [ ! -f ./docker-compose.dev.local.yaml ]; then touch ./docker-compose.dev.local.yaml diff --git a/docker-compose.dev.yaml b/docker-compose.dev.yaml index 1e60d2d..4f7f74d 100644 --- a/docker-compose.dev.yaml +++ b/docker-compose.dev.yaml @@ -8,8 +8,8 @@ services: context: . environment: - - BORG_REPO="${BORG_REPO}" - - BORG_RSH="${BORG_RSH}" + - BORG_REPO=${BORG_REPO} + - BORG_RSH=${BORG_RSH} - BORG_PASSPHRASE="${BORG_PASSPHRASE}" - MODE=SCRIPT # Valid modes are: BORG, SCRIPT, SHELL, default is BORG configs: -- 2.49.1 From b8d08df128b2639769317f488e18479fb596103b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A1rcio=20Fernandes?= Date: Sun, 21 Sep 2025 19:50:34 +0100 Subject: [PATCH 07/10] . --- README.md | 85 +++++++++++++++-------- docker/app/scripts/remote-get-folder-size | 4 +- 2 files changed, 58 insertions(+), 31 deletions(-) diff --git a/README.md b/README.md index 5938933..7e23eaf 100644 --- a/README.md +++ b/README.md @@ -7,6 +7,7 @@ - [borg init repo](#borg-init-repo) - [creating a backup](#creating-a-backup) - [using a bash script](#using-a-bash-script) +- [Using binding volumes](#using-binding-volumes) - [dev](#dev) ## container image @@ -17,16 +18,16 @@ ### borg init repo -```bash +```yaml services: borg-backup: image: git.limbosolutions.com/kb/borg-backup:latest restart: no environment: - BORG_REPO=${BORG_REPO} - - BORG_RSH=${BORG_RSH} + - BORG_RSH=ssh -o StrictHostKeyChecking=no -p 2222 - BORG_PASSPHRASE="${BORG_PASSPHRASE}" - - MODE=SCRIPT # Valid modes are: BORG, SCRIPT, SHELL, default is BORG + - MODE=SHELL # Valid modes are: BORG, SCRIPT, SHELL, default is BORG configs: - source: id_ed25519 @@ -58,9 +59,9 @@ services: - ./home/user:/mnt/user # Mount local folder to container environment: - - BORG_REPO: "?????" - - BORG_RSH: "-o StrictHostKeyChecking=no -o LogLevel=ERROR" - - BORG_PASSPHRASE: "????" + - BORG_REPO=${BORG_REPO} + - BORG_RSH=ssh -o StrictHostKeyChecking=no -p 2222 + - BORG_PASSPHRASE="${BORG_PASSPHRASE}" configs: - source: id_ed25519 # required for ssh client @@ -73,17 +74,11 @@ services: configs: id_ed25519: - content: | - -----BEGIN OPENSSH PRIVATE KEY----- - ************** - ************** - -----END OPENSSH PRIVATE KEY----- + file: ~/.ssh/id_ed25519 borg_key: - content: | - BORG_KEY ??????? - ???????????????? - ???????????????? + content: | + ${BORG_KEY} ``` ### using a bash script @@ -98,7 +93,7 @@ services: configs: - source: backup_script - target: /backup + target: /app/backup-scripts/backup - source: id_ed25519 target: /root/.ssh/id_ed25519 mode: 0400 @@ -106,14 +101,15 @@ services: target: /app/borg/key mode: 0400 environment: - BORG_REPO: ssh://user@server/path - BORG_RSH: "ssh -o StrictHostKeyChecking=no" - BORG_PASSPHRASE: ***** - REPO_SYNC_MAX_SIZE: 10737418240 #10GB - MODE: + - BORG_REPO=${BORG_REPO} + - BORG_RSH=ssh -o StrictHostKeyChecking=no -p 2222 + - BORG_PASSPHRASE="${BORG_PASSPHRASE}" + - REPO_SYNC_MAX_SIZE=10737418240 #10GB + - MODE=SCRIPT volumes: - - /home/user/repos:/mnt/repos + - "./backup-scripts:/app/backup-scripts" + - /home/user/data:/mnt/backup configs: # $$ instead of $ so it replaced during runtime and not on docker compose up @@ -157,15 +153,48 @@ configs: id_ed25519: - content: | - -----BEGIN OPENSSH PRIVATE KEY----- - `*****************************ยด - -----END OPENSSH PRIVATE KEY----- + file: ~/.ssh/id_ed25519 borg_key: content: | - BORG_KEY ****** - *************** + ${BORG_KEY} +``` + +## Using binding volumes + +Creates folder ./backup-scripts +And file ./backup-scripts/backup. + +```yaml +services: + borg: + image: git.limbosolutions.com/kb/borg-backup:latest + + environment: + - BORG_REPO=${BORG_REPO} + - BORG_RSH=${BORG_RSH} + - BORG_PASSPHRASE="${BORG_PASSPHRASE}" + - MODE=SCRIPT + volumes: + - "./backup-scripts:/app/backup-scripts" + - "/home/mf/repos:/backup/repos" + + configs: + - source: id_ed25519 + target: /root/.ssh/id_ed25519 + mode: 0400 + - source: borg_key + target: /app/borg/key + mode: 0400 +configs: + + id_ed25519: + file: ~/.ssh/id_ed25519 + + borg_key: + content: | + ${BORG_KEY} + ``` ### dev diff --git a/docker/app/scripts/remote-get-folder-size b/docker/app/scripts/remote-get-folder-size index d02b5c6..d1a4f0e 100755 --- a/docker/app/scripts/remote-get-folder-size +++ b/docker/app/scripts/remote-get-folder-size @@ -1,5 +1,3 @@ #/bin/bash source loadenv -repo_size_bytes=$(remote-connect du -b "$SSH_FOLDER" -d 0) -repo_size_bytes=$(echo "$repo_size_bytes" | awk '{print $1}') -echo "$repo_size_bytes" \ No newline at end of file +$(remote-connect du -b "$SSH_FOLDER" -d 0 | awk '{print $1}') \ No newline at end of file -- 2.49.1 From 7317779e18ac1c9d045010396943ae9e70e15929 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A1rcio=20Fernandes?= Date: Sun, 21 Sep 2025 19:54:57 +0100 Subject: [PATCH 08/10] . --- docker/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 593eb11..cc7a26c 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -28,7 +28,7 @@ COPY ./docker/app /app RUN echo "creating symbolic links to app/scripts." RUN ln -s /app/scripts/loadenv /usr/local/bin/loadenv RUN ln -s /app/scripts/remote-connect /usr/local/bin/remote-connect -RUN ln -s /app/scriptsremote-get-folder-size /usr/local/bin/remote-get-folder-size +RUN ln -s /app/scripts/remote-get-folder-size /usr/local/bin/remote-get-folder-size RUN echo "creating .ssh folder." RUN mkdir /root/.ssh -- 2.49.1 From 29b78a1e4c6a9511751ad7753ad17dcbe43df165 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A1rcio=20Fernandes?= Date: Sun, 21 Sep 2025 19:57:14 +0100 Subject: [PATCH 09/10] . --- docker/app/scripts/remote-get-folder-size | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/app/scripts/remote-get-folder-size b/docker/app/scripts/remote-get-folder-size index d1a4f0e..10525ad 100755 --- a/docker/app/scripts/remote-get-folder-size +++ b/docker/app/scripts/remote-get-folder-size @@ -1,3 +1,3 @@ #/bin/bash source loadenv -$(remote-connect du -b "$SSH_FOLDER" -d 0 | awk '{print $1}') \ No newline at end of file +echo $(remote-connect du -b "$SSH_FOLDER" -d 0 | awk '{print $1}') \ No newline at end of file -- 2.49.1 From fed2735d96f5e9d3564c271fbb818510446f9ccd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A1rcio=20Fernandes?= Date: Sun, 21 Sep 2025 20:20:57 +0100 Subject: [PATCH 10/10] . --- README.md | 77 ++++++++++++++++++++++--------------------------------- 1 file changed, 30 insertions(+), 47 deletions(-) diff --git a/README.md b/README.md index 7e23eaf..ee77311 100644 --- a/README.md +++ b/README.md @@ -85,75 +85,58 @@ configs: ```yaml services: - borg-backup: - restart: no - image: git.limbosolutions.com/kb/borg-backup:latest - # execute loadenv before you re scripts - # so some enviromnent variables are set + borg: + image: git.limbosolutions.com/kb/borg-backup:alpha + + environment: + - BORG_REPO=${BORG_REPO} + - BORG_RSH=${BORG_RSH} + - OFFSITE_TARGET_FOLDER=${OFFSITE_TARGET_FOLDER} + - BORG_PASSPHRASE="${BORG_PASSPHRASE}" + - REPO_SYNC_MAX_SIZE=10737418240 #10GB + - MODE=SCRIPT + volumes: + - "/home/mf/repos:/backup/repos" configs: - source: backup_script target: /app/backup-scripts/backup + mode: 0400 + - source: id_ed25519 target: /root/.ssh/id_ed25519 mode: 0400 - source: borg_key target: /app/borg/key - mode: 0400 - environment: - - BORG_REPO=${BORG_REPO} - - BORG_RSH=ssh -o StrictHostKeyChecking=no -p 2222 - - BORG_PASSPHRASE="${BORG_PASSPHRASE}" - - REPO_SYNC_MAX_SIZE=10737418240 #10GB - - MODE=SCRIPT - - volumes: - - "./backup-scripts:/app/backup-scripts" - - /home/user/data:/mnt/backup - + mode: 0400 configs: - # $$ instead of $ so it replaced during runtime and not on docker compose up - backup_script: content: | - #/!bin/bash + #!/bin/bash set -e - - # while true; do - # sleep 5 - # done - SCRIPT_START_TIME=$$(date +%s) - - borg create $${BORG_REPO}::repos-$$(date +%Y%m%d%H%M%S) /mnt/backup - - #cleanup - borg prune -v --list --keep-daily=10 --keep-weekly=7 --keep-monthly=-1 $${BORG_REPO} --glob-archives='backup*' - borg compact $${BORG_REPO} + borg create $${BORG_REPO}::backup-$$(date +%Y%m%d%H%M%S) /backup + borg prune -v --list --keep-daily=10 --keep-weekly=7 --keep-monthly=-1 $${BORG_REPO} --glob-archives='backup-*' + # check repo size - REPO_SIZE_IN_BYTES=$$(remote-connect du -b "$$SSH_FOLDER" -d 0 | awk '{print $$1}') + REPO_SIZE_IN_BYTES="$$(remote-get-folder-size)" echo "Repository size: $$((REPO_SIZE_IN_BYTES / 1024 / 1024)) MB" - echo "Repository max size: $$((REPO_SYNC_MAX_SIZE / 1024 / 1024)) MB" - if [ $$REPO_SIZE_IN_BYTES -gt $$REPO_SYNC_MAX_SIZE ]; then \ - echo "ERROR: Repository size exceeds $$REPO_SYNC_MAX_SIZE"; - exit 1; - else - # Repository size is within limits for offsite sync - # ssh to backup server and enforce rclone to onedrive - remote-connect "rclone sync $$SSH_FOLDER xxxxx:.backups/xxxxxx" && \ - SCRIPT_DURATION=$$(($(date +%s) - SCRIPT_START_TIME)) && \ - echo "INFO: Finished Backup (offsite) ($((SCRIPT_DURATION / 60 / 60)):$$((SCRIPT_DURATION / 60)):$$((SCRIPT_DURATION % 60))) " - fi - #outputs info - borg info ${BORG_REPO} + if [ $$REPO_SIZE_IN_BYTES -gt $$REPO_SYNC_MAX_SIZE ]; then \ + echo "ERROR: Repository size exceeds $$REPO_SYNC_MAX_SIZE"; + exit 1; + else + # Repository size is within limits for offsite sync + # ssh to backup server and enforce rclone to offsite + remote-connect "rclone sync $$SSH_FOLDER $$OFFSITE_TARGET_FOLDER --progress" && \ + echo "INFO: Backup offsite sync Finished.($$(date -u -d "@$$(($$(date +%s) - SCRIPT_START_TIME))" +%H:%M:%S))" + fi exit 0 - id_ed25519: - file: ~/.ssh/id_ed25519 + file: ~/.ssh/id_ed25519 borg_key: content: | -- 2.49.1