borg/README.md

# borg-backup

<https://www.borgbackup.org/>

- [container image](#container-image)
  - [environment variables](#environment-variables)
  - [borg repo init](#borg-repo-init)
  - [creating a backup](#creating-a-backup)
  - [using a bash script](#using-a-bash-script)
  - [dev](#dev)

## container image

### environment variables

<https://borgbackup.readthedocs.io/en/stable/usage/general.html#environment-variables>

### borg repo init

```bash
services:
   borg-backup:
    image: git.limbosolutions.com/kb/borg-backup:latest
    restart: no
    tty: true
    entrypoint: [ "bash", "-c", "loadenv && /init-repo"]
    environment:
      - BORG_REPO: ssh://user@server/home/user/borg-repo
      - BORG_RSH: "-o StrictHostKeyChecking=no -o LogLevel=ERROR"
    configs:
      - source: id_ed25519 # required for ssh client
        target: /home/borg/.ssh/id_ed25519     
      - source: borg_init_repo_sh
        target: /init-repo

configs:
  borg_init_repo_sh:
    # Example, execute
    # borg init --encryption=keyfile-blake2 $BORG_REPO
    # don't forget to copy key file content on borg folder (/root/.borg/keys/*) and BORG_PASSPHRASE used during initialization
    content:
      while true; do
      sleep 5
    done

  id_ed25519:
      content: |
        -----BEGIN OPENSSH PRIVATE KEY-----
            **************
            **************
        -----END OPENSSH PRIVATE KEY-----   
  ```

``` bash
docker run git.limbosolutions.com/kb/borg-backup:latest
```

### creating a backup

```yaml
services:
   borg-backup:
    image: git.limbosolutions.com/kb/borg-backup:latest
    command: create ${BORG_REPO}::repos-$(date +%Y%m%d%H%M%S) /mnt/user
    restart: no

    volumes:
      - ./home/user:/mnt/user  # Mount local folder to container

    environment:
      - BORG_REPO: "?????"
      - BORG_RSH: "-o StrictHostKeyChecking=no -o LogLevel=ERROR"
      - BORG_PASSPHRASE: "????"

    configs:
      - source: id_ed25519 # required for ssh client
        mode: 0400
        target: /root/.ssh/id_ed25519     
      - source: borg_key # required for borg client
        target: /app/borg/key
        mode: 0400
        
configs:

  id_ed25519:
      content: |
        -----BEGIN OPENSSH PRIVATE KEY-----
            **************
            **************
        -----END OPENSSH PRIVATE KEY-----

  borg_key:
      content: |
        BORG_KEY ???????
        ????????????????
        ????????????????
```

### using a bash script

```yaml
services:
   borg-backup:
    restart: no
    image: git.limbosolutions.com/kb/borg-backup:latest
    # execute loadenv before you re scripts
    # so some enviromnent variables are set
    entrypoint: ["bash", "loadenv & /backup"]
    configs:
      - source: backup_script
        target: /backup
      - source: id_ed25519
        target: /root/.ssh/id_ed25519
        mode: 0400
      - source: borg_key
        target: /app/borg/key
        mode: 0400
    environment:
      BORG_REPO: ssh://user@server/path
      BORG_RSH: "ssh -o StrictHostKeyChecking=no"
      BORG_PASSPHRASE: *****
      REPO_SYNC_MAX_SIZE: 10737418240 #10GB
    

    volumes:
      - /home/user/repos:/mnt/repos

configs:
  # $$ instead of $ so it replaced during runtime and not on docker compose up
  
  backup_script:
    content: |

      #/!bin/bash
      set -e

      # while true; do
      #   sleep 5
      # done      
      
      SCRIPT_START_TIME=$$(date +%s)
      
      borg create $${BORG_REPO}::repos-$$(date +%Y%m%d%H%M%S) /mnt/backup

      #cleanup
      borg prune -v --list --keep-daily=10 --keep-weekly=7 --keep-monthly=-1 $${BORG_REPO} --glob-archives='backup*'
      borg compact $${BORG_REPO} 

      # check repo size
      REPO_SIZE_IN_BYTES=$$(remote-connect du -b "$$SSH_FOLDER" -d 0  | awk '{print $$1}')
      echo "Repository size: $$((REPO_SIZE_IN_BYTES / 1024 / 1024)) MB"
      echo "Repository max size: $$((REPO_SYNC_MAX_SIZE / 1024 / 1024)) MB"
      if [ $$REPO_SIZE_IN_BYTES -gt $$REPO_SYNC_MAX_SIZE ]; then \
        echo "ERROR: Repository size exceeds $$REPO_SYNC_MAX_SIZE";
        exit 1;
      else 
        # Repository size is within limits for offsite sync
        # ssh to backup server and enforce rclone to onedrive
        remote-connect "rclone sync $$SSH_FOLDER xxxxx:.backups/xxxxxx" && \
        SCRIPT_DURATION=$$(($(date +%s) - SCRIPT_START_TIME)) && \
        echo "INFO: Finished Backup (offsite) ($((SCRIPT_DURATION / 60 / 60)):$$((SCRIPT_DURATION / 60)):$$((SCRIPT_DURATION % 60))) "
      fi

      #outputs info
      borg info ${BORG_REPO}
      exit 0


  id_ed25519:
    content: |
      -----BEGIN OPENSSH PRIVATE KEY-----
      `*****************************´
      -----END OPENSSH PRIVATE KEY-----

  borg_key:
    content: |
      BORG_KEY ******
      ***************
```

### dev

For development environment and testing this docker compose files.

``` bash
BUILD=""

# uncomment do force build
#BUILD="--build"

docker compose \
--project-name borg-backup-dev \
-f docker-compose.dev.yaml \
-f docker-compose.dev.local.yaml \
up $BUILD
```