1
Fork 0
mirror of https://github.com/Steffo99/backup-duplicity.git synced 2024-12-21 19:24:18 +00:00
Backup solution for Docker volumes based on Duplicity
Find a file
2023-06-18 20:43:43 +02:00
.github/workflows v0.1.0 2023-03-14 19:32:14 +01:00
.idea Fix ignored files 2023-05-17 21:56:00 +02:00
example v0.1.0 2023-03-14 19:32:14 +01:00
.gitmodules v0.1.0 2023-03-14 19:32:14 +01:00
backup.sh Split backup and restore 2023-05-17 14:36:47 +02:00
docker-backup-duplicity.iml Fix idea modules 2023-05-17 14:33:50 +02:00
Dockerfile Use /usr/lib/duplicity as home 2023-05-17 21:56:20 +02:00
entrypoint.sh Output to stdout 2023-05-18 00:07:47 +02:00
README.md Remove unneccessary volume declaration 2023-06-18 20:42:57 +02:00
restore.sh Split backup and restore 2023-05-17 14:36:47 +02:00
test.docker-compose.yml Remove deprecated version attribute 2023-06-18 20:43:43 +02:00

docker-backup-duplicity

Backup solution for Docker volumes based on Duplicity

Usage

Note

: The following instructions assume Google Drive is used as a storage backend; refer to duplicity's man page to find out how to configure different backends!

  1. Create a new volume in Docker with the name duplicity_credentials:

    # docker volume create duplicity_credentials
    
  2. Create a new file in the host system with the name /root/secrets/backup/passphrase.txt, and enter in it a secure passphrase to use to encrypt files:

    # echo 'CorrectHorseBatteryStaple' >> /root/secrets/backup/passphrase.txt
    
  3. Obtain Desktop Application OAuth credentials from the Google Cloud Console.

  4. Create a new file in the host system with the name /root/secrets/backup/client_config.yml, and enter the following content in it:

    # edit /root/secrets/backup/client_config.yml
    
    client_config_backend: settings
    client_config:
        client_id: "YOUR_GOOGLE_CLIENT_ID_GOES_HERE"
        client_secret: "YOUR_GOOGLE_CLIENT_SECRET_GOES_HERE"
    save_credentials: True
    save_credentials_backend: file
    save_credentials_file: "/var/lib/duplicity/credentials"
    get_refresh_token: True
    
  5. Add the following keys to the docker-compose.yml file of the project you want to backup:

    # edit ./docker-compose.yml
    
    1. If you haven't already, upgrade your docker-compose.yml file to version 3.9:

      version: "3.9"
      
    2. Connect the previously created duplicity_credentials volume to the project:

      volumes:
          duplicity_credentials:
              external: true
      
    3. Setup the two previously created files as Docker secrets:

      secrets:
          duplicity_passphrase:
              file: "/root/secrets/duplicity/passphrase.txt"
          google_client_config:
              file: "/root/secrets/duplicity/client_config.yml"
      
    4. Add the following service:

      services:
          duplicity:
              image: "ghcr.io/steffo99/backup-duplicity:latest"
              restart: unless-stopped
              secrets:
                  - google_client_config
                  - duplicity_passphrase
              volumes:
                  - "duplicity_credentials:/var/lib/duplicity" 
                  # Mount whatever you want to backup in subdirectories of /mnt
                  - ".:/mnt/compose"  # Backup the current directory?
                  - "data:/mnt/data"  # Backup a named volume?
              environment:
                  MODE: "backup"  # Change this to "restore" to restore the latest backup
                  DUPLICITY_TARGET_URL: "pydrive://YOUR_GOOGLE_CLIENT_ID_GOES_HERE/Duplicity/this"  # Change this to the Drive directory you want to backup files to https://man.archlinux.org/man/duplicity.1.en#URL_FORMAT
                  # Don't touch these, they allow the program to read the secrets
                  DUPLICITY_PASSPHRASE_FILE: "/run/secrets/duplicity_passphrase"
                  GOOGLE_DRIVE_SETTINGS: "/run/secrets/google_client_config"
      
  6. Log in to Google Drive and perform an initial backup with:

    # docker compose run -i --entrypoint=/bin/sh duplicity /etc/periodic/daily/backup.sh
    
  7. Properly start the container with:

    # docker compose up -d && docker compose logs -f