1. generate the passphrase for `BORG_PASSPHRASE` with: `cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 50 | head -n 1`
2.enter the correct alert-mail-password
2.if you want to use healthchecks.io-service, add also the URL
3. adapt the other variables in the first block to your needs
8.if you want to use healthchecks.io-service, edit `config.yaml-template`and add ` healthchecks: ` to the hooks-section with the provides URL following
8. edit `crontab.txt-template`for your scheduled backup time. Use the provided template line if you want to add extra lines
@@ -38,46 +35,6 @@ A little container I wrote to automate my [Borgbackup](https://github.com/borgba
It uses cron to run the backups at a time you can configure in `data/borgmatic.d/crontab.txt`.
### Usage
To set your backup timing and configuration, you will need to create [crontab.txt](data/borgmatic.d/crontab.txt) and your borgmatic [config.yaml](data/borgmatic.d/config.yaml) and mount these files into the `/etc/borgmatic.d/` directory. When the container starts it creates the crontab from `crontab.txt` and starts crond. By cloning this repo in `/opt/docker/`, you will have a working setup to get started.
If using remote repositories mount your .ssh to /root/.ssh within the container.
If you want to mail the results from cron:
* Add your mail relay details to the [env file](.env.template) or mount your own [msmtprc](https://wiki.alpinelinux.org/wiki/Relay_email_to_gmail_(msmtp,_mailx,_sendmail) to `/etc/msmtprc`
* Add add your mail address to crontag.txt and uncomment the line, e.g. `MAILTO=log@example.com`
* Please note that logs will no longer end up in Docker logs when MAILTO is set.
While the parameters above are sufficient for regular backups, following additional privileges will be needed to mount an archive as FUSE filesystem:
```
--cap-add SYS_ADMIN \
--device /dev/fuse \
--security-opt label:disable \
--security-opt apparmor:unconfined
```
Depending on your security system, `--security-opt` parameters may not be neccessary. `label:disable` is needed for *SELinux*, while `apparmor:unconfined` is needed for *AppArmor*.
To init the repo with encryption, run:
```
docker exec borgmatic \
sh -c "borgmatic --init --encryption repokey-blake2"
```
### Layout
#### /mnt/source
Your data you wish to backup. For *some* safety you may want to mount read-only. Borgmatic is running as root so all files can be backed up.
...
...
@@ -115,32 +72,3 @@ Where you can map your own `ntfy.yml` config to have Borgmatic send notification
- Username used to log in into your relay service `MAIL_USER=borgmatic_log@example.com`
- Password for relay login `MAIL_PASSWORD=SuperS3cretMailPw`
- From part in your log mail `MAIL_FROM=borgmatic`
### Docker Compose
- Prepare your configuration
1.`cp .env.template .env`
2. Set your environment and adapt volumes as needed
- To start the container for backup: `docker-compose up -d`
- For backup restore:
1. Stop the backup container: `docker-compose down`
2. Run an interactive shell: `docker-compose -f docker-compose.yml -f docker-compose.restore.yml run borgmatic`
3. Fuse-mount the backup: `borg mount /mnt/borg-repository <mount_point>`
4. Restore your files
5. Finally unmount and exit: `borg umount <mount_point> && exit`.
- In case Borg fails to create/acquire a lock: `borg break-lock /mnt/repository`
### ntfy
I've decided to add [ntfy](https://github.com/dschep/ntfy) to this container to be able to recive push notifications regarding backups within Borgmatic.
Mount your own `ntfy.yml` to `/root/.config/ntfy/ntfy.yml` to set your backends for ntfy. Alternatively you can interactively send notifications via a command with API keys in line. I've opted to just map my own `ntfy.yml`
