Backups all docker volumes while automatically detecting mariadb data volumes
(targeting /var/lib/mysql) and using mariabackup CLI with incremental functions.
Also backs up all compose projects if they are under git version control with git bundle
.
This image uses Borg to backup plain data volumes and mariabackup exports. A Borg backup server is
required.
Copy docker-compose.yml
from repository and create docker-compose.override.yml
:
version: '3'
services:
cronservice:
volumes:
- /root/.ssh/backup_id_rsa:/root/.ssh/id_rsa
- /etc/compose:/hostprojects
environment:
- TZ=Europe/Berlin
- BORG_REPO=ssh://user@example.net:22/path/to/backups/
- BORG_PASSPHRASE=<some-random-password>
- BORG_PRUNE_RULES=--keep-daily 14 --keep-monthly 10
- SSH_HOST_FINGERPRINT=[example.net]:22 ssh-ed25519 ABCDEFGHIJKLMNOPQRSTUVWXYZ
- CRON_INTERVAL_INCREMENTAL=59 2 * * *
The host binds backup_id_rsa
. This file should contain your private key for pubkey authentication to the borg backup
server via SSH, if using SSH. Furthermore you can mount a directory full of docker-compose git repositories (optional).
Those will be backuped too as git bundles.
You could also alter docker-compose.yml
from repository and add all values from above instead of
creating docker-compose.override.yml
.
SSH_HOST_FINGERPRINT should contain a line in the same format as in .ssh/known_hosts
.
Create and start the container by docker-compose up -d
.
Initiate the borg backup repository by docker-compose exec cronservice backup-init
.
As mentioned in the warning you should backup the volume config
of your docker compose project, otherwise all backups are lost,
due to encryption.
In default settings backups start at 2:59 AM daily. You can adjust with environment variable CRON_INTERVAL_INCREMENTAL
.
Either set the a label xyz.zok.borgbackup.ignore
for the volume (which is not possible if the volume is already created) or
create an empty file called .xyz.zok.borgbackup.ignore
in the parent directory of the volume.
/var/lib/docker/volumes/
-- my_volume_to_ignore/
---- _data/
------ <all the data of the volume>
---- .xyz.zok.borgbackup.ignore
Volume | Description |
---|---|
backups | All incremental database backups are saved in this volume. Must be persistent due to incremental nature. |
config | Configuration of borg itself including encryption keys. You cannot upload this to your backup server if you do not trust it. Save this somewhere else. |
/hostprojects | (optional) Mount this to the directory that contains all the docker compose projects under git version control. E.g. /etc/compose:/hostprojects |
LabelName | Description |
---|---|
xyz.zok.borgbackup.ignore | This volume will not be included in any backup |
xyz.zok.borgbackup.whitelist | This volume will be backed up if the Borg backup container is in whitelist-only mode (not implemented) |
EnvVar | Example | Description |
---|---|---|
BORG_REPO | ssh://user@host:22/path/to/backups/ | (Original Borg variable) Connection URL accepted by Borg. (Doc) |
BORG_PASSPHRASE | random-string | (Original Borg variable) Passphrase that encrypts the encryption keys which encrypt the backups. |
BORG_PRUNE_RULES | --keep-daily 14 --keep-monthly 10 | Borg prune rules. See borg prune arguments. |
SSH_HOST_FINGERPRINT | [example.net]:22 pubkey | Format of .ssh/known_hosts . |
CRON_INTERVAL_INCREMENTAL | 00 2 * * * | Interval format of crontab |
TZ | Europe/Berlin | Your time zone |
Every environment variable starting with BORG_
will be passed to the Borg process.