steffo/backup-duplicity
steffo/backup-duplicity
1
Fork 0
mirror of https://github.com/Steffo99/backup-duplicity.git synced 2024-10-16 06:07:25 +00:00
Code Activity
Backup solution for Docker volumes based on Duplicity
9 commits 1 branch 17 tags 89 KiB
Dockerfile 52.4%
Shell 47.6%
Find a file
Stefano Pigozzi ad0496f0d2
Add proper python cryptography requirements
2023-05-14 18:13:13 +02:00
.github/workflows v0.1.0 2023-03-14 19:32:14 +01:00
example v0.1.0 2023-03-14 19:32:14 +01:00
.gitmodules v0.1.0 2023-03-14 19:32:14 +01:00
backup.sh v0.1.0 2023-03-14 19:32:14 +01:00
Dockerfile Add proper python cryptography requirements 2023-05-14 18:13:13 +02:00
README.md Use spaces in the README 2023-03-14 19:40:58 +01:00
test.docker-compose.yml v0.1.0 2023-03-14 19:32:14 +01:00

README.md

docker-backup-duplicity

Backup solution for Docker volumes based on Duplicity

Usage

Note

: The following instructions assume Google Drive is used as a storage backend; refer to duplicity's man page to find out how to configure different backends!

  1. Create a new volume in Docker with the name duplicity_credentials:

    # docker volume create duplicity_credentials

  2. Create a new file in the host system with the name /root/secrets/backup/passphrase.txt, and enter in it a secure passphrase to use to encrypt files:

    # echo 'CorrectHorseBatteryStaple' >> /root/secrets/backup/passphrase.txt

  3. Obtain Desktop Application OAuth credentials from the Google Cloud Console.

  4. Create a new file in the host system with the name /root/secrets/backup/client_config.yml, and enter the following content in it:

    # edit /root/secrets/backup/client_config.yml

    client_config_backend: settings
client_config:
    client_id: "YOUR_GOOGLE_CLIENT_ID_GOES_HERE"
    client_secret: "YOUR_GOOGLE_CLIENT_SECRET_GOES_HERE"
save_credentials: True
save_credentials_backend: file
save_credentials_file: "/var/lib/duplicity/credentials"
get_refresh_token: True

  5. Add the following keys to the docker-compose.yml file of the project you want to backup:

    # edit ./docker-compose.yml

    1. If you haven't already, upgrade your docker-compose.yml file to version 3.9:

      version: "3.9"

    2. Connect the previously created duplicity_credentials volume to the project:

      volumes:
    duplicity_credentials:
        external: true

    3. Setup the two previously created files as Docker secrets:

      secrets:
    duplicity_passphrase:
        file: "/root/secrets/backup/passphrase.txt"
    google_client_config:
        file: "/root/secrets/backup/client_config.yml"

    4. Add the following service:

      services:
    backup:
        image: "ghcr.io/steffo99/backup-duplicity:latest"
        restart: unless-stopped
        secrets:
            - google_client_config
            - duplicity_passphrase
        volumes:
            - "duplicity_credentials:/var/lib/duplicity" 
            # Mount whatever you want to backup in subdirectories of /mnt
            - ".:/mnt/compose"  # Backup the current directory?
            - "data:/mnt/data"  # Backup a named volume?
        environment:
            MODE: "backup"  # Change this to "restore" to restore the latest backup
            DUPLICITY_TARGET_URL: "pydrive://YOUR_GOOGLE_CLIENT_ID_GOES_HERE/Duplicity/this"  # Change this to the Drive directory you want to backup files to https://man.archlinux.org/man/duplicity.1.en#URL_FORMAT
            # Don't touch these, they allow the program to read the secrets
            DUPLICITY_PASSPHRASE_FILE: "/run/secrets/duplicity_passphrase"
            GOOGLE_DRIVE_SETTINGS: "/run/secrets/google_client_config"

  6. Log in to Google Drive and perform an initial backup with:

    # docker compose run -i backup --entrypoint=/bin/sh /etc/periodic/daily/backup.sh

  7. Properly start the container with:

    # docker compose up -d && docker compose logs -f